Security: Deny Proxy Access

by Guest November 19th 2014, 11:33 am

Hi all!

I'm not sure these informational questions belong in this section. If not, please forgive me, but to me this seemed to be the best place. Smile

Proxy Denial

Aiming at full security for one my phpBB3 boards http://www.game-xtreme.com , I've got a question about proxy access to my website. In the past I noticed when a member had been banned based on IP address, the member could reconnect to the website using one of the public proxies around the world, thus gaining access to the board using a new temporary IP address and the user account or set up a totally new account instead. Usually 90% or so stay away after a ban, but it's this 10% left who try to smarten out the admin in a very unfortunate and annoying way. Usually banned members have caused a major incident or various ones even, like spamming the forum and stalking other members on the internet, and if I can't keep 'm out, well, you know, as an admin I'm the one responsible. I'm not aware of anything changed to this perspective and to further maximize security ever since, though it may have. Is proxy access still allowed? If so, what can I do to prevent access to my board using proxies? Are there scripts available to deny proxy usage? And if not possible (yet), would it be an idea for the FM team to try and have a look at it to maybe install this feature for further usage by FM admins around the world, maybe even make it one of the options in the ACP?

Preventing Fake E-mail Addresses

There are numerous servers around the world offering the creation of a temporary e-mail address. Existence of such an e-mail address usually varies from 15 - 30 minutes. This temporary e-mail address can then be used to confirm the automated account creation e-mail sent when the admin decides to have their new users to finalize upon registration themselves. After 15 - 30 minutes, the temporary e-mail address is removed from the server where it was offered to create it, leaving the owner untraceable. Wouldn't it be an idea to postpone the e-mail to be send for 30 minutes to keep out the odds? Or have the admin decide on this from within the ACP so they can set any delay themselves? I'm aware new users usually want to be able to access the website immediately, but upon registration a 30 minute delay notification should work and I'm sure new users will understand.

Unlimited Anonymous Access

In conjunction to the above ("Proxy Denial" and "Preventing Fake E-mail Addresses"), using a proxy and fake e-mail address, one can have unlimited anonymous access to anyone's board, even when banned based on (another) account, IP address or even e-mail address.

I not in any hurry, and I understand it might take a while getting this answered properly. However, when it comes down to security it touches all of our FM hearts & souls. Wink

Thanks in advance for your attention, patience reading this as well as your advice and enjoy your day.

Warmest of my regards,

Hello

Samantha.

by **SLGray** November 19th 2014, 6:25 pm

You can have it where accounts have to be activated by the administrator. This usually causes some ban members to not return.

by Guest November 19th 2014, 7:56 pm

SLGray wrote:You can have it where accounts have to be activated by the administrator. This usually causes some ban members to not return.

I see. Unfortunately, that does not answer the questions at all, I'm afraid. When admin approval for new accounts is in place as you say, there's no way I can check the IP address involved, nor the e-mail address involved (unless I start e-mailing the new member myself hoping to get a reply). And, for mass account forums your workaround wouldn't be convenient at all on those points.

Thanks for having given it a thought though! Smile

by **SLGray** November 19th 2014, 8:21 pm

This really does not go under security. It is more in stopping them from registering.

You and your staff will have to keep an eye out for questionable accounts/members.

by Guest November 19th 2014, 8:37 pm

SLGray wrote:This really does not go under security. It is more in stopping them from registering.

You and your staff will have to keep an eye out for questionable accounts/members.

I think it does. Security usually involves counter measures to prevent anything from happening in the first place. I'd like to stop them at the gate before any harm to the website can be done. Usually, when someone starts spamming or harassing other members it's in staff off-duty hours, so they've to clean up the the mess and get rid of the source by hand afterwards.

by **SLGray** November 19th 2014, 8:42 pm

I believe there is no way to stop what you are referring to.

by Guest November 19th 2014, 8:43 pm

SLGray wrote:I believe there is no way to stop what you are referring to.

OK, fine with me. But it still didn't answer the questions. Should we try and let another staff members to answer them? If not, and that's the final FM statement on this, I'd like to post them as ideas in the appropriate section instead.

Thanks for looking into this.

by **SLGray** November 19th 2014, 8:46 pm

We can wait and see if another staff member replies.

by Guest November 19th 2014, 8:48 pm

SLGray wrote:We can wait and see if another staff member replies.

OK, let's do that. Let's keep this ticket open and wait and see what others have got to say on this. Thanks for your support so far, SLGray. Appreciate it. Smile

P.S.: If any FM staff member has a final statement or idea about this, please say so in this ticket so it can be closed.

by Ange Tuteur November 19th 2014, 10:11 pm

Hi SamanthaS,

It is possible to ban a range of IP addresses from your board by using the wild card *, however, you also risk blocking people other than the member you suspect. If there were a way to stop it, it would most likely need to be installed as an option by the Forumotion technicians.

I wouldn't recommend a lengthy e-mail delay for new registrations, as it could make your forum look bad. Commonly when registering to a website the e-mail for your account activation is almost instant. While it could be useful to some, to others it could be a nuisance. Again, if this were to be an option it would need to be added by the Technicians as you have no ability to modify properties of the activation e-mail.

by Guest November 19th 2014, 10:28 pm

Ange Tuteur wrote:Hi SamanthaS,

It is possible to ban a range of IP addresses from your board by using the wild card *, however, you also risk blocking people other than the member you suspect. If there were a way to stop it, it would most likely need to be installed as an option by the Forumotion technicians.

I wouldn't recommend a lengthy e-mail delay for new registrations, as it could make your forum look bad. Commonly when registering to a website the e-mail for your account activation is almost instant. While it could be useful to some, to others it could be a nuisance. Again, if this were to be an option it would need to be added by the Technicians as you have no ability to modify properties of the activation e-mail.

Hi Ange,

Thanks for looking into this Smile

. I agree on what you say. Would it be possible for FM staff to ask FM technicians if there would be a way to implement this in the near future? It might just be one of the checkboxes in the network configuration. Preferably, I'd like to see both options (e-mail delay / proxy blocking) as one of the admin or staff configurable security options in the ACP. I think this could benefit all of us. I'm aware of the wildcard usage and unintentionally blocked out other members in the past using it.

by Ange Tuteur November 19th 2014, 10:44 pm

We don't have direct contact as the Technicians are on the French support most of the time. Your best option would be to propose it within the suggestions forum. The chances of it being added, however, depends on a number of factors.

by Guest November 19th 2014, 10:49 pm

Ange Tuteur wrote:We don't have direct contact as the Technicians are on the French support most of the time. Your best option would be to propose it within the suggestions forum. The chances of it being added, however, depends on a number of factors.

Okay. Thanks Ange! Great input! Very good

I figured it might be getting to something like that, but instead of just boldly posting directly into the Suggestions section, I wanted to check with staff members here before doing so. I'd like to wait a little bit more and see if anyone else would have a nice suggestion or knows about it, if you don't mind.

by Ramdaman November 19th 2014, 11:55 pm

I would suggest you create a suggestion thread for it. If the English staff favor it, there might be a way to contact Forumotion/Forumactif technicians.

by Guest November 20th 2014, 12:24 am

Ramdaman wrote:I would suggest you create a suggestion thread for it. If the English staff favor it, there might be a way to contact Forumotion/Forumactif technicians.

I appreciate your suggestion very much, Ramdaman! Very good

+1 'd you as well as the others posted in this topic.

Any (staff) members / pro-admins anything to tell on this before I post in the Suggestions section? Anyone, please? Buttercup? Derri maybe? Base? Anyone? Please, do favor my suggestions when posted. Smile

I'll leave anyone the opportunity to post here before I do (within 24 hrs from now). Please, respect the forum rules and not steal my ideas on this!

Thanks a lot guys! So far, so good! Hello

Happy Thanksgiving to all of you! And please, remember to give with all your heart!

Regards,

Samantha

P.S.: Please, do call me Samantha... I understand, but SamanthaS sounds really silly to me Laughing

TY!

by Guest November 25th 2014, 12:26 am

I think this topic has stayed open long enough for anyone to react. I think the best way to go now is to make them 2 suggestions in the Suggestion section. I'll try to work on that the coming days. Meanwhile, this topic can be closed.

Please staff, do support the suggestion when posted. Thank you!

Hello

Samantha.