Free Hosting Audit, Keeping Your Account Safe

Discussion in 'News and Announcements' started by Corey, May 26, 2013.

Thread Status:
Not open for further replies.
  1. Corey

    Corey I Break Things Staff Member

    Messages:
    34,552
    Likes Received:
    181
    Trophy Points:
    63
    We are in the process of cracking down on illegitimate accounts and issuing suspensions. The majority of the coming suspensions are from clients utilizing a proxy to bypass our sign-up restrictions, if you have done this in the past your account will most likely be caught in this audit. We allow all of our users to submit a single appeal when suspended, it is important that you use this chance to properly explain your site and content and why we should remove the suspension. Although the rules were broken in order to signup if you have a legitimate site we will unsuspend you, if you fill out the appeal swearing at us or with a two word response it will be denied.

    We will also be cracking down on sites that do not properly secure their registrations or moderate the content submitted. These sites have become a haven for bot signups and postings, we've seen sites getting 1,000 new registrations per hour. If you allow people to register or submit content on your site it is your responsibility to moderate what these users are doing and also to take the very easy measures of using a captcha and\or other options for stopping spam users and content submissions.

    If your site allows for open registration without a captcha or other security measures it will be temporarily suspended until you submit an appeal agreeing to fix it. If we find a forum on your site with thousands of unmoderated spam posts, it will be suspended also.

    We do require that you host a website, free hosting is not meant to be a mirror for your files or a place to host your automated scripts to get twitter followers or to scrape content from other sites. Our terms of service requires you to have a working site within one week from sign-up. If you're not able to do this, a simple under construction page will suffice with signs that you are actually working on putting up a site.

    Lastly, I can't stress this one enough. Keep your applications updated! Security updates are constantly released for almost all web applications, the most popular being Wordpress, Joomla, phpBB, and Drupal. It is imperative that you not only keep the main script updated but also update all of your addons, plugins, themes, etc. One outdated and insecure script will allow a malicious user full access to your site, which in turn will end up in a suspension for phishing or spamming.
     
    • Agree Agree x 1
  2. Danielx386

    Danielx386 Member

    Messages:
    706
    Likes Received:
    9
    Trophy Points:
    18
    Q: If one got wordpress configured so that comments need to be approved before being displayed, is that good enough? I also got other systems that checks the IP address before allowing someone to view the wordpress blog in case it's a spam bot.
     
  3. descalzo

    descalzo Grim Squeaker Community Support

    Messages:
    9,375
    Likes Received:
    327
    Trophy Points:
    83
    Assuming you have good judgement, that would be enough.

    But, if the system sends out a "We have received your comment and it is awaiting approval" email with each comment, a bot attack will get you suspended for abuse of the email system. Use CAPTCHAs.
     
  4. Sharky

    Sharky Community Paragon Community Support

    Messages:
    4,386
    Likes Received:
    91
    Trophy Points:
    48
    But please, not the usual really-hard-to-read obfuscated text ones...! This 3rd party site has a few alternatives (can't vouch for the security but the principles behind them sound good): http://www.getelastic.com/6-captcha-alternatives-to-improve-conversion/
     
  5. Skizzerz

    Skizzerz Contributors Staff Member Contributors

    Messages:
    2,929
    Likes Received:
    117
    Trophy Points:
    63
    Of those 6, 1 and 2 (honeypot form fields and math problems) are very easily broken by pretty much every bot in existence; in fact math is even EASIER for bots to do than reading CAPTCHAs. 6 (do nothing) is obviously not good enough either. I have seen no data on method 4 (openid authentication) but given the ease of making facebook/twitter/google accounts I'm sure that is quite easily broken too.

    Your best options are to make use of one of the following:
    1. Use a Question and Answer style CAPTCHA where you ask questions relevant to your website. For example, if you have a website that deals with cars, you could ask something like "Which of the following is NOT a Ford: Explorer, Grand Cherokee, Fusion, Mustang?". If you go with this option, make sure to CHANGE YOUR QUESTION every so often, questions that have been around for a while typically get added to spambot databases and the only way to counteract this is by coming up with a new question.

    2. Use a non-standard CAPTCHA type. The Tic Tac Toe and SolveMedia were mentioned in that page. I'm not sure how well the Tic Tac Toe works (especially with browser compatibility if it is a Flash plugin or something, as anything using Flash would prevent iPhone/iPad users from using your site). I'm not sure on how well SolveMedia works -- I believe it's in use on these forums and we still get spambots (although not that frequently). My recommendation for a non-standard CAPTCHA would be ASIRRA, which is free and already has plugins for many major software packages.
     
  6. gameaddict2085

    gameaddict2085 Member Prime Account

    Messages:
    111
    Likes Received:
    1
    Trophy Points:
    18
    I used to get a lot of bots on my forum posting spam but after adding questions such as "Numb3r hidden in this text" and "Middle Number Please" they all stopped so this method seems to be particularly effective.
     
  7. promocoo

    promocoo New Member

    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    I think this is a very nice step up in security for the host.
     
  8. Livewire

    Livewire Abuse Compliance Officer Staff Member

    Messages:
    18,099
    Likes Received:
    209
    Trophy Points:
    63
    I just want to reiterate a point here in case anyone gets this far down the page without seeing it, and hasn't opened a dispute yet:

    About half of the disputes I've seen so far that were suspended for the proxy-signups have had absolutely NO text in them at all, or had a smiley face. If you do want to be unsuspended, you need to put something, and the more detail you put regarding the sites content and why we should lift the suspension, the more likely it is you'll be unsuspended.
     
  9. garrettroyce

    garrettroyce Generally Helpful Member Community Support

    Messages:
    4,079
    Likes Received:
    131
    Trophy Points:
    63
    I use Akismet (http://akismet.com/) for my Wordpress blog-ish website (http://gjr.gr) and I have yet to have a spam comment come through (and only a handful of regular comments too, but that's probably unrelated)
     
  10. etcedx10

    etcedx10 New Member

    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Woah, it happened to me. Sorry about that. I set up a forum to let someone else see a design and then I forgot about it. Needless to say, the site is down thanks to you guys :) and will stay down. Sorry for the trouble caused, the mistake won't happened again.

    Also on an unrelated note can someone look into the Prime membership thing? I paid for a year, it's over now, but the hosting portal still says I have it.
     
    Last edited: May 28, 2013
  11. gameaddict2085

    gameaddict2085 Member Prime Account

    Messages:
    111
    Likes Received:
    1
    Trophy Points:
    18
    See: http://x10hosting.com/forums/prime-members/185698-prime-illuminated-extensions.html
     
Thread Status:
Not open for further replies.

Share This Page