Hi all!
Thanks in advance for your attention, patience reading this as well as your advice and enjoy your day.
Warmest of my regards,
Samantha.
I'm not sure these informational questions belong in this section. If not, please forgive me, but to me this seemed to be the best place.
Proxy DenialAiming at full security for one my phpBB3 boards http://www.game-xtreme.com , I've got a question about proxy access to my website. In the past I noticed when a member had been banned based on IP address, the member could reconnect to the website using one of the public proxies around the world, thus gaining access to the board using a new temporary IP address and the user account or set up a totally new account instead. Usually 90% or so stay away after a ban, but it's this 10% left who try to smarten out the admin in a very unfortunate and annoying way. Usually banned members have caused a major incident or various ones even, like spamming the forum and stalking other members on the internet, and if I can't keep 'm out, well, you know, as an admin I'm the one responsible. I'm not aware of anything changed to this perspective and to further maximize security ever since, though it may have. Is proxy access still allowed? If so, what can I do to prevent access to my board using proxies? Are there scripts available to deny proxy usage? And if not possible (yet), would it be an idea for the FM team to try and have a look at it to maybe install this feature for further usage by FM admins around the world, maybe even make it one of the options in the ACP?
Preventing Fake E-mail AddressesThere are numerous servers around the world offering the creation of a temporary e-mail address. Existence of such an e-mail address usually varies from 15 - 30 minutes. This temporary e-mail address can then be used to confirm the automated account creation e-mail sent when the admin decides to have their new users to finalize upon registration themselves. After 15 - 30 minutes, the temporary e-mail address is removed from the server where it was offered to create it, leaving the owner untraceable. Wouldn't it be an idea to postpone the e-mail to be send for 30 minutes to keep out the odds? Or have the admin decide on this from within the ACP so they can set any delay themselves? I'm aware new users usually want to be able to access the website immediately, but upon registration a 30 minute delay notification should work and I'm sure new users will understand.
Unlimited Anonymous AccessIn conjunction to the above ("Proxy Denial" and "Preventing Fake E-mail Addresses"), using a proxy and fake e-mail address, one can have unlimited anonymous access to anyone's board, even when banned based on (another) account, IP address or even e-mail address.
I not in any hurry, and I understand it might take a while getting this answered properly. However, when it comes down to security it touches all of our FM hearts & souls. Thanks in advance for your attention, patience reading this as well as your advice and enjoy your day.
Warmest of my regards,
Samantha.