You can.Emper0r wrote:1. Allow us to incorporate as many questions as we want into the registration process (without having to install a MOD).
I've only ever seen that asked for once or twice. Not sure if anyone suggested the code to do it but you might find it on a search but like I say the captcha will be useless.Emper0r wrote:2. Allow the use of questions AND CAPTCHA as a DEFAULT choice in the drop-down menu!
Stopping people writing something.com whether plain text, or in bbcode is hard to stop because it just looks like text. Setting the newly reg'd users group to 1 will catch them out every time. Their raison d'etre is to get the spam out as fast as they can so they always give themselves away in the first post they make. When was the last time you saw a spam post on here for instance?Emper0r wrote:3. Create a Newly Registered User setting where people in the group aren't allowed to post hyperlinks via BBCode or HTML.
Spam has nothing at all to do with security.Emper0r wrote:I'm shocked and a little disappointed that after all this time they still seem completely inept when it comes to security,
phpBB had one issue about 10 years ago that was closed within hours. The rest has been unfounded afaik.Emper0r wrote:considering phpBB is notorious for having such terrible security throughout its history.
They have spam too.*looks at vBulletin* did you guys get it right?
Yep, and phpBB is free!Emper0r wrote:*looks at vBulletin* did you guys get it right?
The Q&A spambot countermeasure is a CAPTCHA. You can only have one CAPTCHA at a time.Emper0r wrote:Like, seriously? I'm using phpBB 3.0.10 and I wanted to use a question during registration to stop spambots, but to my dismay I found that if I chose to use a question under Spambot Countermeasures I couldn't also use CAPTCHA.
This is the only thing that you said that was close to being on the mark. I've long said that hyperlinks should be a group-based permission, not a global setting.Emper0r wrote:Create a Newly Registered User setting where people in the group aren't allowed to post hyperlinks via BBCode or HTML.
phpBB 2.x had some big security problems (I got bitten by one). phpBB 3.x went through a paid security audit and has only had two reported security problems -- an Atom feed problem displaying information to non-authorized users fixed in 3.0.7-PL1, arguably not a real "security" issue , but Naderman called it one; and a FLASH BBCode XSS problem in some browsers fixed in 3.0.8).Emper0r wrote:I'm shocked and a little disappointed that after all this time they still seem completely inept when it comes to security, considering phpBB is notorious for having such terrible security throughout its history.
Go for it. Enjoy paying $200, too.Emper0r wrote:*looks at vBulletin* did you guys get it right?
What about those two that I linked to above? Whether they were actually exploited or not, they did exist. phpBB 3.x has a good security record, but let's not exaggerate it.stevemaury wrote:You are also incorrect about phpBB's security history. There have been ZERO exploits of any version of phpBB 3.0.x[....]
Security is usually meant to mean an exploitation or vulnerability in the code that allows people to do things outside of their permissions. Spam is totally different.Emper0r wrote:Clearly by "security" I meant spam bot issues. Personally, I find it a threat to the security of my community when spam bots flood in and post links to websites containing viruses, but we can play semantics all you want, I guess.
Steve's first reply linked to a KB article explaining how to do it.Emper0r wrote:Well, help me out with the custom field part then. As far as I can tell they can enter any value as the answer and it will be interpreted as correct. How exactly is this the same as the Q&A? Makes it a lot easier to bypass, doesn't it?
There are more phpBB boards than the others so that probably holds true but I doubt there is any real evidence that they're more susceptible. Q&A has been built in since the end of 2009 so yes we are doing something about it and have been for a long time.Emper0r wrote:Yes, all forum software gets spambots, but phpBB gets the largest share of them all, let's face it. At least you guys are FINALLY doing something to stop them, but I still think more could be done.