What's the best way to prevent your forum from getting hacked and spammed?

Heatman

Heatman

Paragon
Package Team
Joined
Dec 13, 2018
Messages
1,999
Reaction score
1,017
FP$
1,074
Hackers and spammers are the two major hardcore problems most forums or blogs suffers from if the owner doesn't use certain measures to eliminate such from ruining his or her site.

In your opinion, what's the best way to preventing such issues of hacks and spams from happening?
 
One thing: CAPTCHAs. Whether it's just a simple checkbox or if the user is forced to go through a series of puzzles, both are effective to prove that the user is a human and not some mindless bot wishing to sell kitchen, shoes or Ariana Grande tickets.

For hackers on the other hands, CloudFlare DDoS protection is where its at.
 
Firewall, Like free version of cloudflare. Then there are others that are paid. Can be expensive at times but firewall is an firewall
 
Santa Hates You said:
One thing: CAPTCHAs. Whether it's just a simple checkbox or if the user is forced to go through a series of puzzles, both are effective to prove that the user is a human and not some mindless bot wishing to sell kitchen, shoes or Ariana Grande tickets.

For hackers on the other hands, CloudFlare DDoS protection is where its at.
Click to expand...

Some CAPTCHAs have certain issues because I have seen some sites where the CAPTCHA used is impossible to complete.

Have you ever witnessed such?
 
Oh yes, I have. One forum I was on had a massive influx of spambots but that was due to a bug of upgrading its software, and the CAPTCHA itself was re-added in no other. The forum was with phpBB and I've heard that it had bad rep with spambots overall...

And by the way, I remember how broken ZetaBoards' CAPTCHA was... :facepalm:
 
Strong passwords and either a strong question (For instance, asking people to spell a bunch of letters backward.) or Captchas, but I prefer the former.

Also, it's important to keep plugins up-to-date cause I think they can weaken a forum. Well, I do know bad ones can introduce malware.
 
To best way to prevent yourself from being hacked is by being hacked, as it shows you and makes you feel the pain and humiliation of being hacked, so you never risk the chance of it happening again.

Security is a deep topic, and I made a topic somewhere on FP which might help, but for starters, you probably want to setup 2FA, lock down the ports, use something other than PHP, etc.

I have a few algorithms for filtering out spammers, but one of them goes like this:
Code: 
// TODO: Write a test for this
func HasSuspiciousEmail(email string) bool {
    lowEmail := strings.ToLower(email)
    // TODO: Use a more flexible blacklist, perhaps with a similar mechanism to the HTML tag registration system in PreparseMessage()
    if strings.Contains(lowEmail, "casino") || strings.Contains(lowEmail, "viagra") || strings.Contains(lowEmail, "pharma") || strings.Contains(lowEmail, "pill") {
        return true
    }

    var dotCount int
    var shortBits int
    var currentSegmentLength int
    for _, char := range lowEmail {
        if char == '.' {
            dotCount++
            if currentSegmentLength < 3 {
                shortBits++
            }
            currentSegmentLength = 0
        } else {
            currentSegmentLength++
        }
    }

    return dotCount > 7 || shortBits > 2
}

A few annoying buggers fall for that one, I have some other tricks too.
 
Last edited:
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom