phpBB Academy at StarTrekGuide

[Highway of Life]

Well, that kind of security (or rather, insecurity) is what you get when you buy shared hosting.

I agree. STG should pay $100/month for a dedicated server.

You’re correct. We should.
We actually had a colocation server which was fantastic, but we had to give up the server due to the company we were leasing the server from. We are still at the same colo facility on another server, but unfortunately we are hosted with 190 other websites. This presents an obvious security vulnerability if one of the sites is compromised and the server does not have strong enough local directory protection. We are working with the host to improve their security as well as working on getting STG back onto it's own server.

[Obsidian]

Any chance the captcha could be changed? Its so hard to read.

I agree! It makes me feel like I am blind.

I have changed the CAPTCHA now to use reCAPTCHA.

Be warned, crack rate for recaptcha is getting mighty high for the latest xrumer release from what I've been seeing around the net.

[Honor]

Sortables! I love mine!

[Highway of Life]

Be warned, crack rate for recaptcha is getting mighty high for the latest xrumer release from what I've been seeing around the net.

I'd rather have no CAPTCHA than potentially lose users because they can't read it. At some point, it may become equal for CAPTCHAs. But I am NOT going to make it so difficult for people to crack CAPTCHAs that they can't login or register. I'd rather risk the bots. If CAPTCHA's become too difficult for humans to read, they become completely pointless.
We'll end up shifting to other ways of blocking bots, such as using StopForumSpam and catching spam posts.

[Unknown Bliss Michael C.]

reCAPTCHA and Q&A CAPTCHA seem to have been failing alot more recently. Most people using CAPTCHA Plugins/Anti-Spam Modifications such as ACP Anti-Spam, Derky's Sortables Plugin, Peoplesign CAPTCHA Plugin are working well though.

[Obsidian]

Yeah, Q&A is flawed from the beginning though. As soon as the answer can be googled, it's an open door.

@HoL: Same -- however I have been finding some success on my own server, by redirecting useragents with MSIE 6 or under in them to a subdomain.
http://ie6.ichimonai.com/

We gave up supporting IE6 and earlier (theme issues) -- so we blocked it. And with the faux-useragents that spambots like to run around under, the server ends up denying spam access to the bots quite often.
We've got ReCAPTCHA and post approval in place on top of that as well, and haven't gotten one to slip in spam publicly in months. They do register, but end up being silently banned in the end.

[iKeirNez Keir Nellyer]

I am glad it is working now! At least it was just the index files! Why do people waste there time hacking? It will just be sorted withing a day! I am on a shared server too and never had this problem!

[wadie Wadie]

Well, that kind of security (or rather, insecurity) is what you get when you buy shared hosting.

There are actually many awesome companies that take security very seriously. If shared hosting was that easy breakable then I assume we wouldn't see many sites online.

You just get what you pay for!

[Obsidian]

Well, that kind of security (or rather, insecurity) is what you get when you buy shared hosting.

There are actually many awesome companies that take security very seriously. If shared hosting was that easy breakable then I assume we wouldn't see many sites online.

I say this because shared hosting has inherent security risks that aren't present in other hosting methods (VPS, dedicated server, colocation).
Any large host running a shared hosting business is going to have more problems than any other method available, simply because there's many, many more things to keep track of when trying to maintain a secure environment; all it takes is one vulnerable application to expose an entire server (reference: PHPlist zero-day LFI exploit being used to break into the server for phpBB.com a few years ago).

You just see more sites online using shared hosting because it's much more affordable than the other methods.

[wadie Wadie]

Affordable or not,if it was too easy to hack through any hosting company a lot of sites wouldn't be using it even if you pay as little as 1$ per year. lol