Search options (Page 16 of 19)

And lots and lots of vBulletin, SMF, phpBB etc forums too. A pretty virulent bot.

ProgonkaOne looks like a ban word to put in the 'censoring' list...

From  your Apache logs, can you tell where the bot came from when they first signed up, BTW?

You mean like Invision has?

It is quite handy. But there's always email too.

Or you could create a private forum within punBB where only moderators and admins have access as well. It would be just as effective.

Oh, it's easy to keep track of them.

Just sign up for any decent security newletter, like SANS @Risk (http://www.sans.org/newsletters/?ref=3711#risk) or Secunia's.

In no time you'll be familiar with all the CMS's, old and new.

Off on a tangent (sorry)...

Looking at this site, I am always amazed at the range of geekdom/fanboyism people get into.

Whether its guns, PC's/Mac/Linux, games consoles, motorbikes/accessories, 4WD's, coffee machines, militaria, mobile phones etc etc etc.

It seems to drive an awful lot of the web.

But I sometimes want to yell at people about this, along the lines of: folks, it's just Stuff. It's ephemera. It ain't worth a damn. You are wasting your life.

On your death-bed you won't be thinking about PS3 vs Nintendo Wii,  or Samsung Blackjack vs Treo 750, or regret the fact that you weren't able to spend more time and money pimping up your Subaru WRX or Ducati, or that you didn't get to buy a Barrett before they banned them.

Sigh.

Nice integration. Did you have any problems?

Spell check on home page: "your sensual resouce network".

'resouce' should be 'resource', unless 'resouce' has a special erotic meaning that eludes me

Also in the same paragraph: '.. please stay tune' should be 'please stay tuned'

In terms of content, I find the whole theme of the site rather juvenile.

Sensuality as you conceive of it seems to be just a catalogue of sexual positions. Huh? I'm sorry, but that makes the site very boring indeed.

This gets my vote as a useful feature in the fight against forum spam (and blog comment spam) for sure.

Implementing it is one more small but useful step in making punBB a less attractive target for spammers.

It would be a nice feature for the punBB administrator to be able to optionally enable for all URL's submitted in forum posts and profiles.

Interesting to note that it is now moving towards being a W3C standard.

This has been raised before for punBB. If you are interested here's a patch to implement it in punBB:
http://punbb.org/forums/viewtopic.php?id=5930

Cool. I don't doubt the developers know their stuff. The robustness of punBB sure shows it.

punBB's robustness to date (IMHO) seems in part related to the 'leanness-by-design' Rickard has been pretty good at sticking to.

I just worry that with with greater code complexity of 1.3 (and more cooks) the probability of bugs/vulns in the punBB 'core' inevitably goes up.

I still have nightmares over my experience using the Mambo CMS several years ago. The core dev team kept expanding, the code base swelled, features mushroomed, and it became a hackers paradise and a web managers nightmare.

Optional add-ons and plug-ins will always be of highly-variable quality, but it would be good if the punBB core code stayed lean, mean and secure as things go to 1.3

What do your Apache server logs say?

Surely they must give you some useful information about this.

Specifically, have a look at a breakdown that shows pages viewed by visitor IP address for the day you noticed the guest numbers spike up.

That will help identify if you are being spidered aggressively, and/or whether there is some pattern to the activity that might be informative.

The most fundamental way to run a secure punBB forum is to make sure the server sitting underneath it is secure - ie the server itself (O/S, Apache, MySQL, PHP etc) is appropriately hardened, regularly patched, regularly monitored, and has good defences - eg has a tight firewall running on it, and Apache is running a HTTP request sanitizer like mod_security...

My point is: if you can't be sure your server is secure, including ALL THE OTHER APPS AND SERVICES RUNNING ON IT, forget about trying to secure punBB.

It's that simple. The weakest link in the chain may not be punBB. Focussing just on securing punBB would be a big error.

As for punBB itself, some simple tips:

- choose complex passwords for MySQL and your punBB admin account, natch...
- run some sort of forum spam tool (one of the CAPTCHA mods or the Kismet add-on),
- MINIMISE your usage of punBB's many 3rd party add-ons, mods etc etc. These can introduce vulnerabilities.
- install punBB into a non-standard location (not 'forum.mysite.com' or 'mysite.com/forum').
- try .htaccess password protecting the key punBB admin PHP files
- check, tighten and recheck/retighten the users and permissions set on all your punBB files and folders to ensure
  they are as restrictive as you can practically make them (eg 0644 is nice for your files).

Nope, javascript is running and working fine. IE6 on Win2k is what I use for my IE browsing.

IE does report the following (strange) script error though, FWIW:

Line:5
Char:1
Code:0
Error:Access is denied.

URL:http://macbasement.com/

which may be in your styleswitcher.js.

(I generally think it is not optimal to rely on a javascript to make simple images like this view properly, whatever the browser - just my point of view...).

The BG color changer works nicely, but doesn't alter the problem.