SMF security

[draggar]

One of my sites (running SMF) had a spam attack - over 500 posts in 24 hours.

I've installed new security measures but I'm afraid that it is not enough (heh, I'll know by tomorrow).

I've installed better CAPTCHA and I've also installed Akismet but is there anything more?

I know there is a hack for vBulliten that auto-moderates the first number of posts from new members - is there a similar hack for SMF?

Also, i can hear some people now so I'll kill this now - don't tell me to get vBulliten. The site barely makes enough to pay the registration fees so vBulliten wouldn't be cost effective (plus converting from SMF to VB may not go well).

[tristanperry]

Spammers have been targetting phpBB/SMF quite a bit recently. One thing you can do (if you haven't installed this mod) is to install reCAPTCHA (http://custom.simplemachines.org/mod...x.php?mod=1044) - that's regarded as the best CAPTCHA out there.

Also, anti-bot puzzles are invaluable - these are standard in SMF 2.0, and although it's only in RC I'd fully recommend the 2.0 branch (am a beta tester of SMF software). If not, look for an anti-bot puzzle/question mod for the 1.1 branch.

Bots have got very clever recently, and can break reCAPTCHA sometimes, although nothing can really break through anti-bot puzzles/questions (I ask things like: "What is 2 + 5 - 1, answer in words?" and things like that etc)

[draggar]

How stable is 2.0? Now I'm on 1.1.4 - the latest "stable" release is 1.1.9 - if 2.0 isn't stable enough, I may just upgrade to 1.1.9 this weekend.

BTW - I like the avatar.

[tristanperry]

Quote:

Originally Posted by draggar

How stable is 2.0? Now I'm on 1.1.4 - the latest "stable" release is 1.1.9 - if 2.0 isn't stable enough, I may just upgrade to 1.1.9 this weekend.

BTW - I like the avatar.

Eek - there's been 5 security fixes in the 1.1.x branch since 1.1.4 - either way, it'd be best to upgrade (via the package manager; it's easy ) to 1.1.9 for the immediate short term.

As for 2.0, I'd say it's stable enough now. It's got some bugs of course, although it's very stable overall and many sites with millions of posts use it fine:

http://www.simplemachines.org/community/index.php - 2 million posts
http://www.redandwhitekop.com/forum/ - 5.8 million posts
http://www.hogville.net/yabbse/ - 3.5 million posts

So it is stable really; they just say "Don't use it on a production site" just in-case a serious bug was introduced or something. Although I'm also using it (and have been since SMF 2.0 Beta 2) on forums I'm admin at which has over 1 million posts, and I haven't seen any real bugs.

And thanks, it's a great show IMO