Search options (Page 13 of 19)

MattF said:

Only if it is 'cost-effective' for them to do so.

That's the big issue with all forms of spam - comment spam, forum spam, web spam, and email spam. The financial yield can be quite high even with relatively low response rates because the 'cost' of flooding the market is quite low if you have the right tools and know the technology. Even if you only get a 1% response rate to the 1 million spam emails you sent out, it is still worth doing because the costs of generating those emails can be quite low.

Change the landscape, however, by introducing a higher level of technological 'friction' or legal/financial risk into the business of spam, and you change the cost/benefit ratio of all forms of spam, and thus the incentives to perform it.

Hence my enthusiasm for things like the 'no-follow' tag and forum spam options like the afore-mentioned 'VIP code' mod. They introduce friction into the spam process and alter the cost/benefit ratio for forum spammers.

Just FYI.

There is apparently a very effective yet simple mod that is available for phpBB discussed here:

http://www.phpbb.com/community/viewtopic.php?t=435702

It works by allowing the admin to specify a 'VIP code' or pass-phrase, essentially, that users need to enter when they register. The variability of this across phpBB boards makes it effective against scripted bots.

Judging from the feedback in the thread above, it seems to work well. Some forum admins even report being able to turn off their CAPTCHAs.

It's similar to some of the approaches already discussed here.

Actually, calende that last thought is an interesting one. A little jscript pocket calculator or number-pad in an online form where the data has to be punched in manually *via a mouse*, combined with a numeric calculation. The concept is a bit similar to the login page my bank uses for their online service.

Of course this would all be solved if we had a universal PKI infrastructure, and everyone had a digital ID certified via an ID check

Ahem.

But I guess a good compromise concept here would be if punBB 1.3 shipped out of the box with 2 admin plug-ins that by default enabled some sort of enhanced forum spam blocking, either at the 'front door' during the registration process, or post registration.

That way the core code could stay slim and trim but at least new punBB admins would have tools immediately available in the package to fight forum spammers, without having to go all around the place to find them and install them.

Now someone just has to code those plug-ins, and ensure the hooks are there for things like that to work

Yeah, true. I agree with MattF and MadHatter.

At the moment punBB certainly fulfils its role very well in security terms against a variety of threats based on code integrity - eg it's simple code base has a good track record against XSS, SQL injections etc, because (aside from simply being coded very well) the less there is in terms of features and simple number of lines of code, the less scope there is for things to go wrong. A gold star to punBB on that issue, for sure. And everyone would want that to continue.

But forum spam and bad bots are an external threat that punBB needs to face. No matter how tight and secure the code itself is, the 'front door' may still be a vulnerable to abuse, and that degrades the whole utility of punBB, potentially. (As it does a lot of other web apps).

Bringing this issue within the core security envelope of punBB - somehow - would be a welcome development, IMHO.

I tend to agree with calande.

It's a classic problem. Administrators should accept some responsibility for the secure operation of their sites, of course. But you can see the trends - we have to accept that the web is a hostile environment nowadays. So application hardening is the way to go.

Ergo, a modern forum has to be able to deal effectively with spam in a default install. That is to say, a 'secure' anti-spam configuration should be the default.

Perhaps this means including stuff like a CAPTCHA or textual equivalent built-in, along with expanded post and registration 'censoring' options, and certainly implementation of the simple stuff like support for the no-follow tag on links in forum posts, designed to reduce the incentive to spam. And turning all of these options 'on' by default.

Administrators should then be able to choose to selectively disable the spam control options, but by default they would be active.

It's the appropriate security model to adopt. Forum spam is only going to get worse. Why contribute to the problem?

Look at the MS experience and the new security model in Vista and successive generations of for example their server product lines. You start with a secure configuration, and users then have to explicitly *choose* less secure options.  Is good.

I'd certainly encourage punBB to go down this path.

You are both tough cookies, Paul and Jérémie.

I tend to agree though.

Once you've passed a certain level of familiarity with CSS, any tool can get in the way more than assist.

But that's the problem with CSS - getting to the point where you feel confident that you know how to handle things.

The issue with CSS is that most of the 'real' CSS knowledge isn't in the W3C textbook, as it were. It''s in the experience of various gurus, who are CSS initiates, who pass it down in a very medieval, guild-like fashion to the rest of the world.  If tools like Style Master can break this down, more power to them.

For much the same reason, I also very much like the Yahoo User Interface Guidelines - http://developer.yahoo.com/yui/ - inc their CSS stuff, like the Grids resources - http://developer.yahoo.com/yui/grids/

It all starts to make building production grade CSS easier and requires much less esoteric knowledge.

Aha. Looks like the same old suspects - dreamweaver, notepad, crimson editor etc - are still popular then.

Good. I am not being left behind then

I still bemoan the primitiveness of the tools though. Develop line-by-line, with a text editor, using a crude vocabulary, requiring a knowledge of all sorts of idiosyncratic hacks and quirks, etc etc.

Still very 1950's, IMHO. Hard to be productive.

So what's new or different compared to the current punBB 1.3 dev?

What are the advantages of SunBB vs PunBB?

If I'm gonna check out SunBB I would want to know why its worthwhile.

Cool. There is a constant demand for a user-friendly basic install guide from new punBB users. You will win a lot of friends

When/if punBB 1.3 gets released, there will also be a demand for a user-friendly upgrade guide too, I suspect.

That's great.

But a better model would - perhaps - be the kind of illustrated step-by-step guide you find on www.howtoforge.com - for example this simple one (of MANY) by the industrious falko:

http://www.howtoforge.com/linux_apache2 … cubeloader

Having a page or two like that on the main punBB.org docs page would make a lot of support headaches go away, I suspect.

I like it.

Hmmm.  Your site reminds me a lot of a site I visit a lot:

http://www.webmin.com

Looks like you share the same Styleshout theme

The pun integration is nice, but the narrow 2 column theme doesn't leave a lot of room for punBB to display.