Forum login security easily beaten
issueid=6482 04-20-2019 08:55 AM
Ancient Member
Number of reported issues by Grey: 58
Forum login security easily beaten
Many bits flooding the forum - more robust security needed

I don't know the full security features present, but they're clearly not working in the arms race against bots. We need better security and better automated control of new posters. Some suggestions:

- Do analysis of common deleted accounts, see if there are patterns we can filter by at registration (eg certain domains)
- More robust security questions
- Two factor authentication with unique emails (or is this already in place)
- More advanced Captcha
- Require mod approval of first post before further posts can be made
- Automatic locking of accounts if too many posts happen at once
- Other automatic behaviour to be considered to prevent floods of posts

On the mod tools side cleaning up would be a far easier job if banning an account for spam reasons would also automatically delete all of their posts. Right now tidying up is a huge chore.
Issue Details
Issue Number 6482
Project Website Development
Category Forums
Status Unconfirmed
Priority 3
Affected Version Unknown
Fixed Version (none)
Users able to reproduce bug 0
Users unable to reproduce bug 0
Assigned Users (none)
Tags (none)

04-20-2019 11:19 PM
Ancient Member
I'd say temporarily disable new account creation, perhaps with the option of creating new ones via email.

+ Reply