Hi
I've purchased VB some months ago ..installed ...and as expected got a storm of all sort of spammers...
I did all i could find of coz ...(stopforumspam.com , spambotsecurity...etc...)
All those measures did decrease the number of attacks ..but not blocked them.
Eventually i had to trace hackers behavior and start taking different actions...like moving my forum away from default /forum location ..(was step one)
than renaming register.php ..(freaking pain in the ars to change all those references in DB)...
than rename member.php ...
I've kept of coz booby trapped old locations coz all those bots are first checking those locations...once accessed - i could block them...
but here is the question ...
All those spam bots already figured VB from in and out ...and there is little most of us can do if not backed up with some experience ...
Why not make those key file names like "register.php" , members.php ...and others - variable via the admin pannel ? ..
it is a constant fight between spammers and us ... they adjust faster than any new patch is offered by VB ...
So let us who can fight them - do it more easy ...make those names variable and configurable from database...(in easy way ...not scattered in multiple tables and not packed in serialize string)
More to that - make the whole <a href="register.php"> (and others) as variable coz those dudes can parse the page and still match desired file by surrounding tags
- - - Updated - - -
and if someone would say - links could be stored by clients ..
Well - what the hell google bot or Yandex have to do on my register.php page ?
Those files should be called from javascript in the first place ...
I've purchased VB some months ago ..installed ...and as expected got a storm of all sort of spammers...
I did all i could find of coz ...(stopforumspam.com , spambotsecurity...etc...)
All those measures did decrease the number of attacks ..but not blocked them.
Eventually i had to trace hackers behavior and start taking different actions...like moving my forum away from default /forum location ..(was step one)
than renaming register.php ..(freaking pain in the ars to change all those references in DB)...
than rename member.php ...
I've kept of coz booby trapped old locations coz all those bots are first checking those locations...once accessed - i could block them...
but here is the question ...
All those spam bots already figured VB from in and out ...and there is little most of us can do if not backed up with some experience ...
Why not make those key file names like "register.php" , members.php ...and others - variable via the admin pannel ? ..
it is a constant fight between spammers and us ... they adjust faster than any new patch is offered by VB ...
So let us who can fight them - do it more easy ...make those names variable and configurable from database...(in easy way ...not scattered in multiple tables and not packed in serialize string)
More to that - make the whole <a href="register.php"> (and others) as variable coz those dudes can parse the page and still match desired file by surrounding tags
- - - Updated - - -
and if someone would say - links could be stored by clients ..
Well - what the hell google bot or Yandex have to do on my register.php page ?
Those files should be called from javascript in the first place ...
Comment