PLUGIN WEEKENDS
-
A complete Web application firewall that offers login protection (brute force login attack protection), IP blocking, automated or manual site scan for intrusions, anti-spam, any feature we can think that will boost the security profile of the platform.
Maybe add the ability to put the site in maintenance mode, if it does not already have it.
Lock down of core files to prevent unauthorized modifications, etc
And I think we need some type of anti-spam for the registration page.
-
@planner said:
A complete Web application firewall that offers login protection (brute force login attack protection), IP blocking, automated or manual site scan for intrusions,
isn't easier to achieve that on the server level? doens't sound like a plugin.
Maybe add the ability to put the site in maintenance mode, if it does not already have it.
I don't think a plugin should be able to do that, sounds like a core NodeBB feature, but im with you on that one.
Lock down of core files to prevent unauthorized modifications, etc
again, server layer.
And I think we need some type of anti-spam for the registration page.
im working on one that uses this API http://stopforumspam.com/usage but im not too convinced, i think we might need something like Akismet
-
stopforumspam is nowhere near as effective as akismet, not neccessarily because it's bad, but akismet gets much more traffic thanks to wordpress, therefor better data and better sample size.
on an ipb forum that is on a site that sees a ton of traffic I switched from stopforumspam to akismet and it was night and day.
-
@planner not a lot.
I think we can have both filters, stopforumspam onuser.create
as a first line of defense, and the Akismet onpost.create
. I'll add Akismet tomorrow or tuesday, but API key is not free right? and I am little worried about latency with the API calls on every post creation. unless I call the Akismet API async but then remove the post if the response says it's spam. which is weird but it might work, since, hopefully most posts wont be spam -
@bentael said:
@planner not a lot.
I think we can have both filters, stopforumspam onuser.create
as a first line of defense, and the Akismet onpost.create
. I'll add Akismet tomorrow or tuesday, but API key is not free right? and I am little worried about latency with the API calls on every post creation. unless I call the Akismet API async but then remove the post if the response says it's spam. which is weird but it might work, since, hopefully most posts wont be spamThey do have a free option for personal use.
-
Thanks guys Still a load of bugs but pretty happy with what I managed to cook up in an evening/night.
@julian said:
Oh right, we never clarified whether a new week began on Sunday or Monday
To be fair it was nearly 2AM for me when I posted that, so Monday for me