Security: Deny Proxy Access
4 posters
Page 1 of 1
Security: Deny Proxy Access
Hi all!
Thanks in advance for your attention, patience reading this as well as your advice and enjoy your day.
Warmest of my regards,
Samantha.
I'm not sure these informational questions belong in this section. If not, please forgive me, but to me this seemed to be the best place.
Proxy DenialAiming at full security for one my phpBB3 boards http://www.game-xtreme.com , I've got a question about proxy access to my website. In the past I noticed when a member had been banned based on IP address, the member could reconnect to the website using one of the public proxies around the world, thus gaining access to the board using a new temporary IP address and the user account or set up a totally new account instead. Usually 90% or so stay away after a ban, but it's this 10% left who try to smarten out the admin in a very unfortunate and annoying way. Usually banned members have caused a major incident or various ones even, like spamming the forum and stalking other members on the internet, and if I can't keep 'm out, well, you know, as an admin I'm the one responsible. I'm not aware of anything changed to this perspective and to further maximize security ever since, though it may have. Is proxy access still allowed? If so, what can I do to prevent access to my board using proxies? Are there scripts available to deny proxy usage? And if not possible (yet), would it be an idea for the FM team to try and have a look at it to maybe install this feature for further usage by FM admins around the world, maybe even make it one of the options in the ACP?
Preventing Fake E-mail AddressesThere are numerous servers around the world offering the creation of a temporary e-mail address. Existence of such an e-mail address usually varies from 15 - 30 minutes. This temporary e-mail address can then be used to confirm the automated account creation e-mail sent when the admin decides to have their new users to finalize upon registration themselves. After 15 - 30 minutes, the temporary e-mail address is removed from the server where it was offered to create it, leaving the owner untraceable. Wouldn't it be an idea to postpone the e-mail to be send for 30 minutes to keep out the odds? Or have the admin decide on this from within the ACP so they can set any delay themselves? I'm aware new users usually want to be able to access the website immediately, but upon registration a 30 minute delay notification should work and I'm sure new users will understand.
Unlimited Anonymous AccessIn conjunction to the above ("Proxy Denial" and "Preventing Fake E-mail Addresses"), using a proxy and fake e-mail address, one can have unlimited anonymous access to anyone's board, even when banned based on (another) account, IP address or even e-mail address.
I not in any hurry, and I understand it might take a while getting this answered properly. However, when it comes down to security it touches all of our FM hearts & souls. Thanks in advance for your attention, patience reading this as well as your advice and enjoy your day.
Warmest of my regards,
Samantha.
Guest- Guest
Re: Security: Deny Proxy Access
You can have it where accounts have to be activated by the administrator. This usually causes some ban members to not return.
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
Re: Security: Deny Proxy Access
SLGray wrote:You can have it where accounts have to be activated by the administrator. This usually causes some ban members to not return.
I see. Unfortunately, that does not answer the questions at all, I'm afraid. When admin approval for new accounts is in place as you say, there's no way I can check the IP address involved, nor the e-mail address involved (unless I start e-mailing the new member myself hoping to get a reply). And, for mass account forums your workaround wouldn't be convenient at all on those points.
Thanks for having given it a thought though!
Guest- Guest
Re: Security: Deny Proxy Access
This really does not go under security. It is more in stopping them from registering.
You and your staff will have to keep an eye out for questionable accounts/members.
You and your staff will have to keep an eye out for questionable accounts/members.
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
Re: Security: Deny Proxy Access
SLGray wrote:This really does not go under security. It is more in stopping them from registering.
You and your staff will have to keep an eye out for questionable accounts/members.
I think it does. Security usually involves counter measures to prevent anything from happening in the first place. I'd like to stop them at the gate before any harm to the website can be done. Usually, when someone starts spamming or harassing other members it's in staff off-duty hours, so they've to clean up the the mess and get rid of the source by hand afterwards.
Last edited by SamanthaS on Wed 19 Nov 2014, 20:18; edited 1 time in total
Guest- Guest
Re: Security: Deny Proxy Access
I believe there is no way to stop what you are referring to.
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
Re: Security: Deny Proxy Access
SLGray wrote:I believe there is no way to stop what you are referring to.
OK, fine with me. But it still didn't answer the questions. Should we try and let another staff members to answer them? If not, and that's the final FM statement on this, I'd like to post them as ideas in the appropriate section instead.
Thanks for looking into this.
Guest- Guest
Re: Security: Deny Proxy Access
We can wait and see if another staff member replies.
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
Re: Security: Deny Proxy Access
SLGray wrote:We can wait and see if another staff member replies.
OK, let's do that. Let's keep this ticket open and wait and see what others have got to say on this. Thanks for your support so far, SLGray. Appreciate it.
P.S.: If any FM staff member has a final statement or idea about this, please say so in this ticket so it can be closed.
Guest- Guest
Re: Security: Deny Proxy Access
Hi SamanthaS,
It is possible to ban a range of IP addresses from your board by using the wild card *, however, you also risk blocking people other than the member you suspect. If there were a way to stop it, it would most likely need to be installed as an option by the Forumotion technicians.
I wouldn't recommend a lengthy e-mail delay for new registrations, as it could make your forum look bad. Commonly when registering to a website the e-mail for your account activation is almost instant. While it could be useful to some, to others it could be a nuisance. Again, if this were to be an option it would need to be added by the Technicians as you have no ability to modify properties of the activation e-mail.
It is possible to ban a range of IP addresses from your board by using the wild card *, however, you also risk blocking people other than the member you suspect. If there were a way to stop it, it would most likely need to be installed as an option by the Forumotion technicians.
I wouldn't recommend a lengthy e-mail delay for new registrations, as it could make your forum look bad. Commonly when registering to a website the e-mail for your account activation is almost instant. While it could be useful to some, to others it could be a nuisance. Again, if this were to be an option it would need to be added by the Technicians as you have no ability to modify properties of the activation e-mail.
Re: Security: Deny Proxy Access
Ange Tuteur wrote:Hi SamanthaS,
It is possible to ban a range of IP addresses from your board by using the wild card *, however, you also risk blocking people other than the member you suspect. If there were a way to stop it, it would most likely need to be installed as an option by the Forumotion technicians.
I wouldn't recommend a lengthy e-mail delay for new registrations, as it could make your forum look bad. Commonly when registering to a website the e-mail for your account activation is almost instant. While it could be useful to some, to others it could be a nuisance. Again, if this were to be an option it would need to be added by the Technicians as you have no ability to modify properties of the activation e-mail.
Hi Ange,
Thanks for looking into this . I agree on what you say. Would it be possible for FM staff to ask FM technicians if there would be a way to implement this in the near future? It might just be one of the checkboxes in the network configuration. Preferably, I'd like to see both options (e-mail delay / proxy blocking) as one of the admin or staff configurable security options in the ACP. I think this could benefit all of us. I'm aware of the wildcard usage and unintentionally blocked out other members in the past using it.
Guest- Guest
Re: Security: Deny Proxy Access
We don't have direct contact as the Technicians are on the French support most of the time. Your best option would be to propose it within the suggestions forum. The chances of it being added, however, depends on a number of factors.
Re: Security: Deny Proxy Access
Ange Tuteur wrote:We don't have direct contact as the Technicians are on the French support most of the time. Your best option would be to propose it within the suggestions forum. The chances of it being added, however, depends on a number of factors.
Okay. Thanks Ange! Great input! I figured it might be getting to something like that, but instead of just boldly posting directly into the Suggestions section, I wanted to check with staff members here before doing so. I'd like to wait a little bit more and see if anyone else would have a nice suggestion or knows about it, if you don't mind.
Guest- Guest
Re: Security: Deny Proxy Access
I would suggest you create a suggestion thread for it. If the English staff favor it, there might be a way to contact Forumotion/Forumactif technicians.
Re: Security: Deny Proxy Access
Ramdaman wrote:I would suggest you create a suggestion thread for it. If the English staff favor it, there might be a way to contact Forumotion/Forumactif technicians.
I appreciate your suggestion very much, Ramdaman! +1 'd you as well as the others posted in this topic.
Any (staff) members / pro-admins anything to tell on this before I post in the Suggestions section? Anyone, please? Buttercup? Derri maybe? Base? Anyone? Please, do favor my suggestions when posted.
I'll leave anyone the opportunity to post here before I do (within 24 hrs from now). Please, respect the forum rules and not steal my ideas on this!
Thanks a lot guys! So far, so good!
Happy Thanksgiving to all of you! And please, remember to give with all your heart!
Regards,
Samantha
P.S.: Please, do call me Samantha... I understand, but SamanthaS sounds really silly to me
TY!
Guest- Guest
Re: Security: Deny Proxy Access
I think this topic has stayed open long enough for anyone to react. I think the best way to go now is to make them 2 suggestions in the Suggestion section. I'll try to work on that the coming days. Meanwhile, this topic can be closed.
Please staff, do support the suggestion when posted. Thank you!
Samantha.
Please staff, do support the suggestion when posted. Thank you!
Samantha.
Guest- Guest
Similar topics
» Access only through proxy server
» The security 'Disallow admin to send new password' is active in Admin Panel > General Admin > Security
» How to be a proxy credits
» Proxy Spammers
» Proxy Acces
» The security 'Disallow admin to send new password' is active in Admin Panel > General Admin > Security
» How to be a proxy credits
» Proxy Spammers
» Proxy Acces
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum