Has Invision's Security Been Compromised?

[Chris Timson]

There has been a sudden influx of spam on the site the last few days, which clearly Paul and Ken are doing their best to remove. However I can't believe that the spammers are going through the deliberately onerous sign up procedures each time, so I find myself wondering if Invision software has another security hole. It has had at least one before, when the Minidisc Community Forum was breached and emailed spyware to all its members.

 

Chris

Edited August 16, 2006 by Chris Timson

[Cream-T]

Not a security breach, but someone apears to have developed an automated sign-up process for web boards (Invision and others). This unfortunate influx is being seen all over the place in a number of web boards.

[Chris Timson]

Oh b*gger! Bet it's configurable too, so that changes to the sign-up procedure could quickly be tracked.

 

Tradtunes on Yahoo Groups has a setup whereby a new member's very first post is automatically moderated. Effective, but it means that first post may take nearly a week to appear, and of course it increases the sysop's workload.

 

Chris

[Woody]

Oh b*gger! Bet it's configurable too, so that changes to the sign-up procedure could quickly be tracked.

 

Tradtunes on Yahoo Groups has a setup whereby a new member's very first post is automatically moderated. Effective, but it means that first post may take nearly a week to appear, and of course it increases the sysop's workload.

 

Chris

 

Maybe if it went down that sort of route some of us more regular posters could offer to take on some of the vetting of first posts? Don't know if you can configure the forum with some kind of reduced admin user just to perform this kind of task.

 

- W

[asdormire]

I was starting to wonder, sinc I seem to be finding the same posts both here and on boot liquor. It especially drives me crazy, as I get all excited by a new post, and then it has nothing to do with music at all.

 

Alan

[frogspawn]

Some systems (e.g. phpBB and Yahoo Groups) have the option to oblige applicants to enter characters from a randomly appearing graphic. It will stop the script-generated invasions. Is this an option in Invision?

 

I had a similar problem in a system I administer for work. Luckily there was another level of security because users had to be added to each board as well as the forum system, but some rather 'inappropriate' names started to appear on the system membership list. Enforcing graphic recognition put a stop to this.

 

Not a security breach, but someone apears to have developed an automated sign-up process for web boards (Invision and others). This unfortunate influx is being seen all over the place in a number of web boards.

[Theodore Kloba]

Some systems (e.g. phpBB and Yahoo Groups) have the option to oblige applicants to enter characters from a randomly appearing graphic. It will stop the script-generated invasions. Is this an option in Invision?

Tests like those (known as CAPTCHAs) can be broken too with automated processes. More interesting is the idea of using low-paid data entry workers to read the CAPTCHAs as they come up and pass their response back into the script.