Forum login security easily beaten
Many bits flooding the forum - more robust security needed
I don't know the full security features present, but they're clearly not working in the arms race against bots. We need better security and better automated control of new posters. Some suggestions:
- Do analysis of common deleted accounts, see if there are patterns we can filter by at registration (eg certain domains)
- More robust security questions
- Two factor authentication with unique emails (or is this already in place)
- More advanced Captcha
- Require mod approval of first post before further posts can be made
- Automatic locking of accounts if too many posts happen at once
- Other automatic behaviour to be considered to prevent floods of posts
On the mod tools side cleaning up would be a far easier job if banning an account for spam reasons would also automatically delete all of their posts. Right now tidying up is a huge chore.