I hate to sound frustrated but actually I am. I have tried Cpatch and Akismet and both prevented new users from joining and akismet prevented posts from being made etc. There is a darn good chance I am not using them with the correct settings but my biggest gripe is that I am getting registration spam a lot and banning IP's is fine but this happens almost immediately after upgrading tot he current version.
I am currently running 1.4.8 and it has been seriously compromised. I have searched this site for a good security add-on or plugin and found none. Does anyone have a link to a decent security measure that isn't so egregious it affects your users or fails to allow people to actually register? Captcha seemed to work but then failed on every validation. Very frustrating.
Thanks for your help but I am about 24 hours away from switching to vBulletin. It's a shame as I have used Mybb for 5 years.
First off what are you doing running 1.4.8?? It's over 6 months old and has security vulnerabilities that have since been fixed, upgrade to 1.4.11. You can't really complain about being compromised when you're running such an old version with known issues. A 'decent security measure' is simply to keep up to date with versions.
What's your URL?? We'll test the CAPTCHA on registration.
(2009-12-31, 12:34 AM)MattRogowski Wrote: [ -> ]First off what are you doing running 1.4.8?? It's over 6 months old and has security vulnerabilities that have since been fixed, upgrade to 1.4.11. You can't really complain about being compromised when you're running such an old version with known issues. A 'decent security measure' is simply to keep up to date with versions.
What's your URL?? We'll test the CAPTCHA on registration.
I took Captcha off because it was preventing people from registering. Odd that the Admin panel says the current version is 1.4.9 and that I should upgrade to it. Hmm, wonder where 1.4.11 is?
Anyway, www;formula1blog.com/Forum
Thanks for the help mate.
Check the version again, it's probably been cached from a check ages ago.
I just registered successfully, CAPTCHA verified fine. Do you know when it last worked before you turned it off??
You are running MyBB 1.4.8 when MyBB 1.4.11 was released this week? Upgrade immediately!
On your forum, do not show the MyBB version or hackers can search for it and try known vulnerabilities.
As far as registration spam goes, spammers are getting more sophisticated; they use real people to register and verify the email address before attacking with simple bots. Most CAPTCHA systems are easy for OCR programs to decipher, so consider using reCAPTCHA instead. reCAPTCHA uses scans from books and manipulates them in a manner that humans still understand, but OCR stumbles with.
(2009-12-31, 12:42 AM)laie_techie Wrote: [ -> ]You are running MyBB 1.4.8 when MyBB 1.4.11 was released this week? Upgrade immediately!
On your forum, do not show the MyBB version or hackers can search for it and try known vulnerabilities.
As far as registration spam goes, spammers are getting more sophisticated; they use real people to register and verify the email address before attacking with simple bots. Most CAPTCHA systems are easy for OCR programs to decipher, so consider using reCAPTCHA instead. reCAPTCHA uses scans from books and manipulates them in a manner that humans still understand, but OCR stumbles with.
Thanks for the info, I'll go upgrade to 1.4.11 now and see if recaptcha works. by the way, how much does it pay? To be one of those people verifying emails? Might be more lucrative than running an F1 website.
I have updated to 1.4.11 and activated reCaptcha. I have looked in the settings and am not sure I see the option of turning off the version number display on the index page.
Thanks for your help.
Here is the error I spoke of regarding recaptcha.
Fatal error: recaptcha_datahandler_override(): Failed opening required 'support/recaptchalib.php' (include_path='.:/usr/local/lib/php') in /home/content/t/m/c/xxxxxxxx/html/Forum/inc/plugins/reCAPTCHA.php on line 158
"xxxxxx" is my name and has been replaced with "x's" to protect the completly guilty.
If I'm guessing, there is perhaps a missing file but that's just a guess.
Based on your error message, I assume you tried to install
reCAPTCHA II (one of 2 reCAPTCHA plugins). If so, please follow the instructions of the
readme.txt file. Unfortunately, the author put all files in the zip file without organizing them in folders, but asks users to do so upon installation.
(2009-12-31, 12:42 AM)laie_techie Wrote: [ -> ]You are running MyBB 1.4.8 when MyBB 1.4.11 was released this week? Upgrade immediately!
On your forum, do not show the MyBB version or hackers can search for it and try known vulnerabilities.
As far as registration spam goes, spammers are getting more sophisticated; they use real people to register and verify the email address before attacking with simple bots. Most CAPTCHA systems are easy for OCR programs to decipher, so consider using reCAPTCHA instead. reCAPTCHA uses scans from books and manipulates them in a manner that humans still understand, but OCR stumbles with.
Indeed. Personally I don''t bother to stop spammers at the registration as it has become rather pointless.