Revcon Forums

Registration policy changes - effective immediately!
Page 1 of 1

Author:  elc32955 [ Mon Jan 07, 2019 11:11 pm ]
Post subject:  Registration policy changes - effective immediately!

Hi everyone,

I'm writing today to introduce some revisions to our member registration policies effective immediately;

1) Automatic user validation is now discontinued as of today. Any applicant for use of the forum system will have to be manually validated by an admin user prior to being granted post access to the system. As a reminder, just reading the message boards from the outside does not require establishment of an account.

2) New system users are requested to make an introductory post in the new member area within one week (7 calendar days) after establishing an account here. This lets the admins and the community know that you really are a live human being and not a bot, phisher, or spammer.

3) All members as of today with a post count of zero will have their accounts deleted. If any of these members are interested in staying active on the forums, they can apply for a new account, go through our validation process, and make an introductory post. I'll be glad to reinstate these account(s) upon completion of the above.

Now, you're wondering why I'm taking such draconian measures I'll bet. Here's what happened.... I was doing some system maintenance last week in preparation for upgrade of our forum system to revision 3.2.5 of PHPbb when I came across a weird set of files in the root system directory that apparently spawned off a zip file uploaded by a forum user. I didn't do it, so I disabled these files and put them in our trash folder for later review.

We've been having problems with forum Email for quite some time. On our sister site, the IP for the forum EMAIL (which is the same IP we used being a shared webserver) was flagged for bad activity. We couldn't figure out why and I've been trying to get to the bottom things along with our web hosting provider.

Well, I go to search the site IP and find out that the files I killed off were a phishing plant. The only gateway for the files to end up where they were is through either forum Email or private message uploading a file to the server. Well, with automatic validations the door was essentially for a user to create an account and validate the EMAIL, log in, send a PM with a phishing plant and have this devious software use an exploit to deposit bad code on our forum space. In this case, it was a phishing EMAIL that knocked at the door of a Russian email server.

So.... onto the reasons I'm doing what I'm doing. By killing off all the zero-post posters, I'm doing a security purge of the system against bots that may have established an account without manual validation and may lay dormant until being called into action. Manual validations insure an admin has to take physical action to allow an account applicant in, after a basic "WHOIS" IP check and a validation EMAIL if the information provided looks questionable. The requirement to make an introductory post insures that someone is at home and is saying "hi" in free-form language that a bot couldn't normally handle. This means a pilot is at the controls on the user end.

These security measures will hold us over until I can get the system upgrades completed. None of these actions will impact established account holders on the system that have made at least one post over their account life time.

I SO hate spammers and phishing operators, they make life more miserable for everyone.


Author:  elc32955 [ Tue Jun 28, 2022 3:41 am ]
Post subject:  Re: Registration policy changes - effective immediately!

Hi folks,

A brief update on the registration policy for the system. We are being absolutely bombarded with spambots originating from Russia and other countries. In a period of 3 hours today I had six bogus registration attempts on the system from garbage spambots. They were all deleted, but it just goes to show you that regardless of international turmoil the ilk continues.

So.... for the time being this is how new users can sign-up for the forums. Anyone wanting access for a new account must EMAIL me so I can unlock the registration system. Right now I have it completely shut off, you won't even see a link to sign up for the forums. When I turn it on I'll EMAIL, the prospective new user can submit the registration request, when I receive it I'll go back in and relock the system and kill off the spam bots in the holding queue that want to deliver their little payloads of sweetness. I then validate and BAM - the new user is in. We're low enough traffic here to where this is manageable, at least for the time being.

And... just to reiterate our system dormancy policy, after you have post access when validated you have 180 days to make a first post. I don't care what it is, say hi, show us coach pics, share your favorite on-the-road exhaust manifold cooking recipes, whatever! But I need to see something to prove you are alive, if not.... ZAP! One single solitary post assures you will keep active status for the life of the system.


Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group