SMF 2.0.19 has been released! Please update. Read more.
Started by ACAMS, January 11, 2011, 11:11:02 PM
Quote from: Rik© on February 14, 2011, 04:17:57 AM* Rik© wonders if Arantor knows a quick fix for the 'always-unread bug' in the Hide Post Authors From Guests mod
Quote from: Arantor on February 14, 2011, 04:22:53 AMQuote from: Rik© on February 14, 2011, 04:17:57 AM* Rik© wonders if Arantor knows a quick fix for the 'always-unread bug' in the Hide Post Authors From Guests mod Nope, sorry. Haven't looked at it for a very long time.Going back to the topic () yes, that raises some interesting thoughts. Firstly, the convenience factor of username vs 'security' of email address, secondly it does actually make a case for removing the copyright since from what I can tell, the sites being attacked were found in Google based on searching for the footer. The sites of mine that haven't been attacked have a slightly modified wording in the footer (though, before anyone jumps on me, please note that it's done in accordance with the licence as the team have enforced it thus far: it only modifies the version number)
Quote from: Arantor on February 14, 2011, 11:05:47 AMNo, I can't.
Quote from: laetabi on February 14, 2011, 02:23:37 AMI posted previously in this topic having been an early target of the bot in question. Denying IP addresses and installing anti-spam mods like httpBL are all good things to do but a simple secure fix for this attack is to hide all email addresses by default and force members to log-in using their email address.Part of the vulnerability of forums to this type of attack is that one part of the log-in info is public domain (eg. Usernames can be seen all over the forum and can be harvested easily).By logging in using email address the bots have to find out and hit an active email address to log-out a user.There is a simple mod for this 'force email log-in' and this will stop all error log entries and make your forum much more secure to any future variants these script kiddies develop.http://custom.simplemachines.org/mods/index.php?mod=1665