Our Philosophy, Suggestions > Suggestions and comments

keeping the forum going

<< < (2/2)

Johnny:
Hi Matt,

I do have some suggestions that might help you as I do have an IT background. Some of this you might already know but this should help with your security issue.

1) Free forum software such as SMF tends to get hacked more than paid forum software as paid forum software has better developers constantly fixing and making improvements. Use a different forum software such as Xenforo. Their newest version has a 1 click update system which makes it easy to keep the forum updated so you don't have to worry about being hacked or the hassle of upgrading the forum. Note: Forum software does cost $160 a year and does come with support.

2) If you decide to stay with the current SMF forum software, you have to stay on top of the updates. Currently you're using SMF 2.0.15 this 4 years out of date. The latest version of the forum is 2.0.17

3) Remove the version from the bottom of the forum as well as the forum software name. For example, at the footer of the forum it says " SMF 2.0.15 | SMF © 2017, Simple Machines ". Hackers use a bot to scan google for out of date forums or specific forum versions that they know they can hack because they have a working exploit for it. Just by removing that from the bottom of the forum can make a huge difference as they won't have any real way of knowing what forum software you're running or what version number of the forum software you're running and their bots will simply skip over this forum (in most cases).

4) To stop spammers from signing up (again, they use bots to do this 99% of the time), you have to put a question on the sign-up forum that only a real human user would know. For example, "who was the founder of SSL", a bot would not know how to answer this, this will make it nearly impossible for spammers to sign up.

5) Adding an extra layer of security such as invisible re-captcha can also be of great help. A captcha looks like this: even though some bots can still figure this out, it still works great at stopping most bots/spammers. The invisible re-captcha (also known as Recaptcha v3) is made by Google and is free, users don't have to fill out the annoying image but it still detects and blocks the bots from completing the sign-up form. This might require some coding work but can be done very cheaply (around $100 or maybe less) by a developer.

6) If you're using any plugins on the forum make sure those are also up to date, sometimes plugin developers (usually when it's a free plugin) stop updating it after a while and if that's the case you might want to consider removing those plugins.

7) Require new users to have a certain amount of posts in order to post links on the forms if all else fails spammers hate this and usually just quit and move on to another forum.

These steps stop any forum spam and limit any future hacking attempts.

PS: Please excuse any typos, it's late where I am right now.

jimlfixit:
Johnny and Matt

Big, massive wow from me and loads of things to think about on here.

I will give your comments some thought and will respond soon but, I think I agree with everything Johnny has mentioned. Some fab points regarding security so, well done you for mentioning this as it will make a difference.

Matt. There are nearly 600 members on here (in 2012 there were about 5, you Andy, me and maybe a few others).
If only half (300) paid a subscription of 10 Euros/Dollars or GB pounds a year, that would generate enough to pay for a professional and technical service (3000) which people would not get from anywhere else.

I will continue to give out info on here but the security aspect needs addressing as I, and others have lost many pictures, which will take some time to replace.

More from me very soon as I think about it some more.

Matt Sartori:
Thank you everyone for your input, I am currently working to step this up to the next level.
We'll have an annual fee to have very functional, secure (and with plenty of space to store documents and pictures) forum.

I think we'll switch over this fall (october probably) but will keep you posted on the next steps.

Matt Sartori

Navigation

[0] Message Index

[*] Previous page