Differences
This shows you the differences between the selected revision and the current version of the page.
punbb13:pun_antispam 2008/10/09 03:46 | punbb13:pun_antispam 2020/02/06 11:04 current | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Antispam (pun_admin_antispam) ====== | + | Moved to [[punbb13:extensions:pun_antispam]] |
- | [[punbb13:Official extensions|PunBB 1.3 official extension]] | + | |
- | * Status: **Under development** | + | |
- | * Current version: **[[http://punbb.informer.com/trac/browser/extensions/trunk/pun_antispam|0.2]]** | + | |
- | + | ||
- | ===== General idea ===== | + | |
- | Protect the forum using CAPTCA from | + | |
- | * Bruteforcing the passwords | + | |
- | * Spam in guest posts | + | |
- | * Bot registration | + | |
- | + | ||
- | ===== Specification ===== | + | |
- | * Add CAPTCHA at: | + | |
- | * Registration | + | |
- | * If user has **passed** the CAPTCHA, but mistaken in some other field of the form (the form is displayed again for user to correct the data), **do not** show the CAPTCHA again. I.e. user must pass the CAPTCHA only once to register. | + | |
- | * Here may be used the simple CAPTCHA kind of "Are you robot? Yes/No" Just use the random ''name'' for ''<input>'' or even ''name="agree"'' for "Yes". This will protect from common robots, but not from targeted attack, so this may be an option. Delay this for (pun_antispam 2.0) | + | |
- | * Guest post | + | |
- | * Same as for registration: do not ask CAPTCHA again if user has some errors, ask once per message. | + | |
- | * Or even once per N messages? (pun_antispam 2.0) | + | |
- | * Password restore | + | |
- | * Do not ask for the first N requests from the IP (pun_antispam 2.0) | + | |
- | * Login | + | |
- | * Do not ask for the first N requests from the IP (pun_antispam 2.0) | + | |
- | * Add options to Administration => Settings => Features | + | |
- | * Use CAPTCHA on register page (checkbox, checked by default) | + | |
- | * Use CAPTCHA on guest posting (checkbox, checked by default) | + | |
- | * Use CAPTCHA after 5 login failures (checkbox, checked by default) | + | |
- | * Use CAPTCHA on password restore form (checkbox, checked by default) | + | |
- | * Add database table <db_prefix>_config | + | |
- | * o_pun_antispam_captcha_register = 1 | + | |
- | * o_pun_antispam_captcha_guestpost = 1 | + | |
- | * o_pun_antispam_captcha_login = 1 | + | |
- | * o_pun_antispam_captcha_restorepass = 1 | + | |
- | * CAPTCHA implementation | + | |
- | * Use sessions to store the code. | + | |
- | * Delay before image output (1 s). | + | |
- | * When the test is passed by the user, do not ask again it again on other pages for some time (or until user does something suspicious). | + | |
- | * TODO: Describe how the code will be modified against bots. | + | |
- | * IDEA: Use the words list? E.g. "punbb", "forum", "guest", "user" and s.o. | + | |
- | * IDEA: Use the empty invisible field with title like "do not fill this". If filled, this is a bot. | + | |
- | * IDEA: Use math captcha. | + |