Differences
This shows you the differences between the selected revision and the current version of the page.
| punbb13:pun_antispam 2008/10/13 08:54 | punbb13:pun_antispam 2020/02/06 11:04 current | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Antispam (pun_admin_antispam) ====== | + | Moved to [[punbb13:extensions:pun_antispam]] |
| - | [[punbb13:Official extensions|PunBB 1.3 official extension]] | + | |
| - | * Status: **Under development** | + | |
| - | * Current version: **[[http://punbb.informer.com/extensions/pun_antispam/pun_antispam.zip|1.0RC]]** | + | |
| - | + | ||
| - | ===== General idea ===== | + | |
| - | Protect the forum using CAPTCA from | + | |
| - | * Bruteforcing the passwords | + | |
| - | * Spam in guest posts | + | |
| - | * Bot registration | + | |
| - | + | ||
| - | ===== Specification ===== | + | |
| - | * Add CAPTCHA at: | + | |
| - | * Registration | + | |
| - | * If user has **passed** the CAPTCHA, but mistaken in some other field of the form (the form is displayed again for user to correct the data), **do not** show the CAPTCHA again. I.e. user must pass the CAPTCHA only once to register. | + | |
| - | * Here may be used the simple CAPTCHA kind of "Are you robot? Yes/No" Just use the random ''name'' for ''<input>'' or even ''name="agree"'' for "Yes". This will protect from common robots, but not from targeted attack, so this may be an option. Delay this for (pun_antispam 2.0) | + | |
| - | * Guest post | + | |
| - | * Same as for registration: do not ask CAPTCHA again if user has some errors, ask once per message. | + | |
| - | * Or even once per N messages? (pun_antispam 2.0) | + | |
| - | * Password restore | + | |
| - | * Do not ask for the first N requests from the IP (pun_antispam 2.0) | + | |
| - | * Login | + | |
| - | * Do not ask for the first N requests from the IP (pun_antispam 2.0) | + | |
| - | * Add options to Administration => Settings => Features | + | |
| - | * Use CAPTCHA on register page (checkbox, checked by default) | + | |
| - | * Use CAPTCHA on guest posting (checkbox, checked by default) | + | |
| - | * Use CAPTCHA after 5 login failures (checkbox, checked by default) | + | |
| - | * Use CAPTCHA on password restore form (checkbox, checked by default) | + | |
| - | * Add database table <db_prefix>_config | + | |
| - | * o_pun_antispam_captcha_register = 1 | + | |
| - | * o_pun_antispam_captcha_guestpost = 1 | + | |
| - | * o_pun_antispam_captcha_login = 1 | + | |
| - | * o_pun_antispam_captcha_restorepass = 1 | + | |
| - | * CAPTCHA implementation | + | |
| - | * Use sessions to store the code. | + | |
| - | * Delay before image output (1 s). | + | |
| - | * When the test is passed by the user, do not ask again it again on other pages for some time (or until user does something suspicious). | + | |
| - | * TODO: Describe how the code will be modified against bots. | + | |
| - | * IDEA: Use the words list? E.g. "punbb", "forum", "guest", "user" and s.o. | + | |
| - | * IDEA: Use the empty invisible field with title like "do not fill this". If filled, this is a bot. | + | |
| - | * IDEA: Use math captcha. | + | |
