Free Hosting Audit, Keeping Your Account Safe

Status
Not open for further replies.

Corey

I Break Things
Staff member
Messages
34,553
Reaction score
204
Points
63
We are in the process of cracking down on illegitimate accounts and issuing suspensions. The majority of the coming suspensions are from clients utilizing a proxy to bypass our sign-up restrictions, if you have done this in the past your account will most likely be caught in this audit. We allow all of our users to submit a single appeal when suspended, it is important that you use this chance to properly explain your site and content and why we should remove the suspension. Although the rules were broken in order to signup if you have a legitimate site we will unsuspend you, if you fill out the appeal swearing at us or with a two word response it will be denied.

We will also be cracking down on sites that do not properly secure their registrations or moderate the content submitted. These sites have become a haven for bot signups and postings, we've seen sites getting 1,000 new registrations per hour. If you allow people to register or submit content on your site it is your responsibility to moderate what these users are doing and also to take the very easy measures of using a captcha and\or other options for stopping spam users and content submissions.

If your site allows for open registration without a captcha or other security measures it will be temporarily suspended until you submit an appeal agreeing to fix it. If we find a forum on your site with thousands of unmoderated spam posts, it will be suspended also.

We do require that you host a website, free hosting is not meant to be a mirror for your files or a place to host your automated scripts to get twitter followers or to scrape content from other sites. Our terms of service requires you to have a working site within one week from sign-up. If you're not able to do this, a simple under construction page will suffice with signs that you are actually working on putting up a site.

Lastly, I can't stress this one enough. Keep your applications updated! Security updates are constantly released for almost all web applications, the most popular being Wordpress, Joomla, phpBB, and Drupal. It is imperative that you not only keep the main script updated but also update all of your addons, plugins, themes, etc. One outdated and insecure script will allow a malicious user full access to your site, which in turn will end up in a suspension for phishing or spamming.
 

Danielx386

Member
Messages
711
Reaction score
9
Points
18
Q: If one got wordpress configured so that comments need to be approved before being displayed, is that good enough? I also got other systems that checks the IP address before allowing someone to view the wordpress blog in case it's a spam bot.
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Assuming you have good judgement, that would be enough.

But, if the system sends out a "We have received your comment and it is awaiting approval" email with each comment, a bot attack will get you suspended for abuse of the email system. Use CAPTCHAs.
 

Sharky

Community Paragon
Community Support
Messages
4,397
Reaction score
91
Points
48
Assuming you have good judgement, that would be enough.

But, if the system sends out a "We have received your comment and it is awaiting approval" email with each comment, a bot attack will get you suspended for abuse of the email system. Use CAPTCHAs.

But please, not the usual really-hard-to-read obfuscated text ones...! This 3rd party site has a few alternatives (can't vouch for the security but the principles behind them sound good): http://www.getelastic.com/6-captcha-alternatives-to-improve-conversion/
 

Skizzerz

Contributors
Staff member
Contributors
Messages
2,929
Reaction score
118
Points
63
But please, not the usual really-hard-to-read obfuscated text ones...! This 3rd party site has a few alternatives (can't vouch for the security but the principles behind them sound good): http://www.getelastic.com/6-captcha-alternatives-to-improve-conversion/

Of those 6, 1 and 2 (honeypot form fields and math problems) are very easily broken by pretty much every bot in existence; in fact math is even EASIER for bots to do than reading CAPTCHAs. 6 (do nothing) is obviously not good enough either. I have seen no data on method 4 (openid authentication) but given the ease of making facebook/twitter/google accounts I'm sure that is quite easily broken too.

Your best options are to make use of one of the following:
1. Use a Question and Answer style CAPTCHA where you ask questions relevant to your website. For example, if you have a website that deals with cars, you could ask something like "Which of the following is NOT a Ford: Explorer, Grand Cherokee, Fusion, Mustang?". If you go with this option, make sure to CHANGE YOUR QUESTION every so often, questions that have been around for a while typically get added to spambot databases and the only way to counteract this is by coming up with a new question.

2. Use a non-standard CAPTCHA type. The Tic Tac Toe and SolveMedia were mentioned in that page. I'm not sure how well the Tic Tac Toe works (especially with browser compatibility if it is a Flash plugin or something, as anything using Flash would prevent iPhone/iPad users from using your site). I'm not sure on how well SolveMedia works -- I believe it's in use on these forums and we still get spambots (although not that frequently). My recommendation for a non-standard CAPTCHA would be ASIRRA, which is free and already has plugins for many major software packages.
 

gameaddict2085

Member
Prime Account
Messages
111
Reaction score
1
Points
18
1. Use a Question and Answer style CAPTCHA where you ask questions relevant to your website. For example, if you have a website that deals with cars, you could ask something like "Which of the following is NOT a Ford: Explorer, Grand Cherokee, Fusion, Mustang?". If you go with this option, make sure to CHANGE YOUR QUESTION every so often, questions that have been around for a while typically get added to spambot databases and the only way to counteract this is by coming up with a new question.

I used to get a lot of bots on my forum posting spam but after adding questions such as "Numb3r hidden in this text" and "Middle Number Please" they all stopped so this method seems to be particularly effective.
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,168
Reaction score
215
Points
63
I just want to reiterate a point here in case anyone gets this far down the page without seeing it, and hasn't opened a dispute yet:

it is important that you use this chance to properly explain your site and content and why we should remove the suspension. Although the rules were broken in order to signup if you have a legitimate site we will unsuspend you, if you fill out the appeal swearing at us or with a two word response it will be denied.

About half of the disputes I've seen so far that were suspended for the proxy-signups have had absolutely NO text in them at all, or had a smiley face. If you do want to be unsuspended, you need to put something, and the more detail you put regarding the sites content and why we should lift the suspension, the more likely it is you'll be unsuspended.
 

garrettroyce

Community Support
Community Support
Messages
5,604
Reaction score
245
Points
63
I use Akismet (http://akismet.com/) for my Wordpress blog-ish website (http://gjr.gr) and I have yet to have a spam comment come through (and only a handful of regular comments too, but that's probably unrelated)
 

etcedx10

New Member
Messages
6
Reaction score
0
Points
1
Woah, it happened to me. Sorry about that. I set up a forum to let someone else see a design and then I forgot about it. Needless to say, the site is down thanks to you guys :) and will stay down. Sorry for the trouble caused, the mistake won't happened again.

Also on an unrelated note can someone look into the Prime membership thing? I paid for a year, it's over now, but the hosting portal still says I have it.
 
Last edited:

gameaddict2085

Member
Prime Account
Messages
111
Reaction score
1
Points
18
Woah, it happened to me. Sorry about that. I set up a forum to let someone else see a design and then I forgot about it. Needless to say, the site is down thanks to you guys :) and will stay down. Sorry for the trouble caused, the mistake won't happened again.

Also on an unrelated note can someone look into the Prime membership thing? I paid for a year, it's over now, but the hosting portal still says I have it.

See: http://x10hosting.com/forums/prime-members/185698-prime-illuminated-extensions.html
 
Status
Not open for further replies.
Top