Want to get involved in developing SMF, then why not lend a hand on our github!
Started by Norv, February 19, 2011, 04:33:48 PM
Quote from: Norv on February 19, 2011, 04:33:48 PMAdditional protection for your members accounts2. Add verification to the login pageLogin verificationThis mod enhances the login page, by adding security verification, just as can be done during registration. We strongly recommend to use custom questions, rather than Captcha. Questions that a human would answer easily, but a bot could not guess work well. Once you install it, the settings in your forum admin panelSecurity and Moderation > Anti-Spam:> Require verification on registration and login pages> Visual verification image to display> Number of verification questions user must answer> Verification Questionswill be applied to both registration and login pages.In addition, the mod enhances logging in your SMF error log.
Quote from: Arantor on February 19, 2011, 10:50:28 AMYes, it blocks totally on the bot's MO, and uncovered what I believe is a bug in SMF itself in the process - which the bot is actually exploiting, though indirectly. (I have documented the bug on the tracker, naturally)I'm now happy that it's doing what it's supposed to, so I've removed the debugging log it did and provided a general error (English only, didn't see any point in doing that part properly)Should install cleanly on all 1.1.x and current 2.0 versions.
Quote from: Arantor on February 19, 2011, 06:38:20 PMI'm now hours and hours without a single bot hit... with 2 lines of code and my users noticed nothing And no, the login CAPTCHA is not the answer. Mind you, I have a custom CAPTCHA anyway
QuoteCan it be used on RC3?
QuoteAlso, what does Login detector do?Where do I see it?How do I control it?
QuoteCan I get Login verification to work with RC3?
Quote from: ACAMS on February 19, 2011, 09:23:54 PMIf I update to RC4 will I lose all my mods and themes?
Quote from: LexArma on February 20, 2011, 12:45:56 AMDisabling Tor Access and setting up a Honeypot and installing httpBL worked for very well for me, and I've also been able to keep other bots like spammers at bay with this setup very well.
Quote from: Arantor on February 20, 2011, 09:50:28 AMThe registration attempts are a totally different vector of attack, almost certainly spammers trying it on, not the bots trying to break into accounts.