Security suggestions for WBW V5.

1. Ethernet Address logging.
For banning purposes, since not that many spammers are bright and only assume their identity can only be given away from IP information. All machines have a unique Ethernet Address, while modifiable, not many people realize that this would be our method of keeping track. The key to this is obscurity, as long as the fact that we use Ethernet Addresses remains secret from the public, they won't bother to try and circumvent it.

2. Disposable email systems banned from registering with WBW.
Disposable email systems require little to no effort on their end and makes it easy for them to gain more than one account.

Quote:

Originally posted by known disposable email systems

http://6url.com
http://dodgeit.com
http://greensloth.com
http://jetable.org
http://mailinator.com
http://spam.la
http://spamday.com
http://tempinbox.com
http://e4ward.com
http://gishpuppy.com
http://kasmail.com
http://mailmoat.com
http://mailnull.com
http://sneakemail.com
http://spamgourmet.com
http://spammotel.com
http://willhackforfood.biz
http://emailias.com
http://netmails.com
http://zoemail.com
http://pookmail.com
http://spamday.com
http://tempinbox.com
http://spamex.com
http://2prong.com
http://10minutemail.com

3. Ban certain proxy servers.
While some people do rely on proxy servers to view our content, it makes it a little to easy (without Ethernet Locking). Select banning of known proxy servers could help us eliminate the reoccuring trolls and spammers.

5. Use robot.txt
Use the standard robot.txt to make the WBW directories off-limits to search engines. Seriously, it is way too easy to pick up information just by googling with the conditions of site:whatboyswant.com

6. Expand Greylisting
This is more of a major reform than expansion. Instead of items being added to the greylist by URL detection, it just greylists the entire post regardless if it spots a URL or not. OR improve the current greylist by making sure that it ignores whitespace since so many spammers and idiots just add spaces to get around the greylist.

7. Require a small one-time fee at signup?
Controversial: I know. But consider this, if we charge a small fee (less than $3 USD) for signing up to post comments, uploading files, posting threads/replies, voting, and such it means they will have to submit usuable identitifaction information. Wether it be banking information or credit card information. Trolls and spammers are not going to want to give up that information. As an added bonus it also gives WBW a small source of income and for those that remain leechers can be hit with advertisement.

8. Automated banning for additional accounts.
If a person who was using a banned account, tries to use another account it is banned as well automatically.

Also, we seriously need better tools.

1. Access to IP information.
2. Ability to delete all of a user's (news/babes/cars) comments.
3. Ability to delete all of a user's posts in the forum.
4. Ability to delete all of the images or videos in any of the queues.
5. Ability to disable user's functions such as posting, commenting, rating, and uploading files.
6. Ability to kick a user off the site (denied connection) forcing them to log off.
7. Rewards for users who report rule breaking incidents.
8. Ability to give users negative credits for uploading duplicate, pro, or offensive video files.
9. Ability to remove users homepage url.
10. Ability to disable users signatures or avatars.

I will add some of these things to V5.x

Great idea's! thanks!

*cough*

11. All WBW Crew members shall be supplied with hot dutch women for secretaries and extra activities.

Great job Kanzen!

Too many people know how to get around the greylist and some one just has to tell the n00bs in a thread how to do it. Greylisting the entire thread would do the trick.

A fee sounds reasonable and would give us more info for sure.

And Bravo for the delete stuff as well

12. Automated deletion of comments one word in length.
13. Automated deletion of comments with more than one emoticon.
14. Automated deletion of comments that are repeats from the same user.

...kickass

Even if nothing else gets added, the hot Dutch girls is a must add-on.

I like most of the stuff you suggested Kanzen, good job. I have one thing to add though that I saw on another site. That a moderator can select certain problematic threads for surveilence so that when a member then posts in it, it goes into a queue that the mod then has to approve for the posts to show up. Sometimes that could be very useful when people are bashing each other on certain topics.

15. The option for Crew to make their status appear ONLINE or OFFLINE regardless of actual presence for stealth moderation.

I like most of the ideas, but the two emoticon equals deletion seems a bit extreme.

What if the emoticons are separated by an entire paragraph of text praising the artistic lighting features involved in the picture?

You're banned.

Well, I must say at the risk of being banned also, sometimes you need more than one emoticon to make your point

No, it just makes you look like a schizophrenic.

Being a comment mod would drive ya crazy. After the 5000th "Nice ass" or a string of humpy guys, mere deleting wouldn't be enough. Positively a case for justifiable homicide.

NOT A SECURITY SUGGESTION: (just a bandwidth saver)

16. Give each separate section its own CSS file. A lot of the CSS is redundant and is useless for specific pages. Cut out the unnecessary code and it should yeild some performance results. I mean just look at the fullsize popup windows ( http://fefe.whatboyswant.com/fullsize/ ). There are less than five calls for CSS items, but it is still loading a 48KB css file. Why not just hack it down and create a special css file that is only like 400 bytes?

Not only is it easier on the server to distribute, it is smaller, faster, requires less bandwidth, and efficient.

Look at the results:

48,316 bytes * 1000 loads = 48,316,000 = 48MB
400 bytes * 1000 loads = 400,000 = .4MB (saving wbw 47.6MB of bandwidth)
---
48,316 bytes * 1,000,000 loads = 48,316,000,000 = 46,077.8MB
400 bytes * 1,000,000 loads = 400,000,000 = 390.6MB (saving wbw 45,687.2MB of bandwidth)

Kanzyboy: You forgot that when a CSS file is loaded in the browser it will be cached until it changes So your calculations are straight off.

No where in there does it say it was all in one session. I am speaking of the total loads over time. You assume that:

1. Everyone keeps their cache for every session.
2. Everyone has cache enabled.
3. Everyone is already a regular member, ignoring the non-member guests who visit irregularly.

thats quite a list kanz...and i like most of what you posted
specially the greylisting, too many ways for people to get around it, or other members
to see BEFORE theyre approved. Need that sorted