Web site security - Topic possibility?

They have: 6 posts

Joined: Apr 1999

Been reading the topics here and can't seem to find where to address the issue, about site security. It's a big deal for me, as I've been using a free forum host for a year, but need to move to have better control (to many trollers).

Like to talk with someone about what's possible; what software if good for checking what IP a user is posting from; and how to secure a forum from hackers.

Don't want to be paranoid, but I don't want my forum members to be scared away by flamers, either.

JP, is it possible that you can have such a topic here (closed perhaps)? I know this is a matter of concern for forum managers everywhere. For newbies, we need all the help we can get!

Thanks for having such a forum. It's great! You've answered a lot of my questions about web hosting, and the bandwidth mystery.

Luc

They have: 2,390 posts

Joined: Nov 1998

Luc,
Security is indeed very important to forum managers/moderators (like myself).
Basic defenses like IP banning are pretty useless due to the fact dynamic IP's are usually used and by banning only part of the IP address you also ban all members from the ISP your flammer is using.
Any way all that he has to do is change ISP/member name for all your efforts to have been rendered useless.

Any comments?
JP

----------
The Webmaster Promotion and Resource Center.
http://www.what-next.com

They have: 6 posts

Joined: Apr 1999

JP,

I'm rather new at webmastering, so I hope you can bear with me.

I've heard that blocking IP#'s doesn't stop the harassment. But what works? All I've received is inferences that the host will take care of it (which usually means, short of RL harassment, nothing). So what does the host take care of?

My options at the free site are limited to kicking the trolls out, and making it private. When I kick them out, they return under a new name (we don't have IP listings). When I make the forum private, I lose new members. It's a see-saw that doesn't seem to end.

Hopefully when I move my forum over to my own site, I can at least know what I can and can't do for forum security. At this stage, I have no idea what's available. Hopefully other forum managers would drop by and state their work arounds. As I'm at a loss in what to do.

Thanks, JP for answering too.

Luc

Brian Farkas's picture

They have: 1,015 posts

Joined: Apr 1999

Well, one thing is requiring a valid e-mail address, and maybe valid address information as well. If you wanted to block an IP, you could just type in your .htaccess file:
deny from 123.456.789.001
However, if the user is using a dynamic (changing) ip, you can just use a portion of that. For example, if 001 is the part that changes, you can put:

deny from 123.456.789

----------
InfoStar: Web Design - Hosting - Programming
http://www.infostardesign.com

They have: 359 posts

Joined: Mar 1999

The main problem i can see from banning IP addresses is if you banned like Brian suggested and it's a large ISP, you could be potentially banning a lot of good members just to get one.

An example would be banning one of aol's or gte or att's blocks of IP addresses. I don't like aol, just using them as an example.

----------
Dan
[email protected]

Dan
Recycle Video Games Network

Stupidity killed the cat, curiosity was framed!

They have: 178 posts

Joined: Sep 1999

I would like to see a web site security forum too.

----------
This bulletin board is powered by BigTalker
BigTalker - bigtalker.com

They have: 2,390 posts

Joined: Nov 1998

See new topic...
JP

----------
The Webmaster Promotion and Resource Center.
http://www.what-next.com

They have: 6 posts

Joined: Apr 1999

So if IP banning isn't the best solution what works? Making a forum private one loses new members (which one can lose money if they're into banner exchanges and affiliate programs). Keep a forum open to the public one faces every weirdo that drops in.

I read elsewhere that some forum operators require real name registrations to limit the noise ratio. Problem I see there is that severly limits new members. Some people still are afraid of registrating anywhere on the internet that requires RL info.

Another feature I saw at another message board was including IP#s in each post. Now I like that idea the most (makes tracking problems easier), but it has to be for forum operators/managers to view only. Regular posters don't really need IP info, and that can potentially hurt someone if a troller/spammer strays by.

Does anyone else know what's out there as a solution, both pro and con?

Luc

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.