[SEL] Curious

[Paul Pavlinovich]

Hi Bill,
Your team is a rare one mate! Well done on such forward thinking - your 
forum will probably succeed long term partly because you have a limited 
and dedicated audience and because you are running it well. If all forum 
sites had the leadership that you discuss then they would all do better. 
Typically successful sites that I've used or been involved with are 
those that are commercially managed with people paid to do the 
moderation. They don't have a political need to one-up the next guy and 
resist the formation of cliques.

Do you allow hotmail, gmail, yahoo, etc email addresses? If you do, then 
your verification is only as good as their verification (which is 
negligable). If you only allow a real reverse-lookup domain with a valid 
MX and a valid email MTA then you're up there with a chance, otherwise 
you have a little false security there. Not much that you can do but 
keep mindful of what is being posted. CAPTCHA is a great tool, but it 
has been broken. Each time it is broken the suppliers of the tool insert 
some new line here or there to trick the OCR (optical character 
recognition) so make sure you keep your CAPTCHA software up to date. Of 
course for someone to break your particular site there has to be some 
incentive - if your messages are only visible to members then they'll 
stop - if what they post is automatically visible to the general public 
then they'll abuse and post spam.

I don't know that there is anything wrong with using freeware - it is 
often better debugged than the commercial offerings (there is also an 
amazing amount of unmaintained junk). But that is an argument for 
another list. Whatever fits the purpose best and is within the reach of 
the people with the need is the best solution. In your case this is paid 
software on a paid site. Nothing wrong with that choice at all.

I'd be happy to discuss site security with your further off list if you 
like - I've had quite a bit to do with it and may be helpful. I think 
you've covered it fairly well from what you say about your site, but the 
general wording does concern me that you think you've done what you need 
to do. The main key is to remain vigilent.

Regards
Paul

Bill Dickerson wrote:
> You mention some things that we've covered in our theamcforum.com
> SPAMMING is prevented by the software. Members MUST use a valid email
> address and confirm by clicking a link. The register, CAPTCHA is used to
> prevent automation, they can't automatically join and create bogus users.
> We can restrict access or ban based on several criteria.
> I am the administrator and hold all the keys, however, I've written
> documentation that prevents what's happened to a couple of AMC forums in the
> past - the admin vanishes and so does the forum. I've documented everything,
> and given that info to the other 5 mods, all passwords, etc. the whole
> shooting match is backed up every night. I also do local backups of the
> forum sofware AND the sql database, burn it to CD and give copies to the
> others.
> Even if the ISP goes away, we can get back in business in hours.
> The software is secure (we pay, we don't use FREEWARE)
> SQL makes it faster than most text file based forums, and the software is
> written to make minimal SQL requests, and closes the connection quickly.
> This forum will not disappear, we got together and formed a sort of loose
> "club" to prevent that. If I die tonight, it might take a few hours for them
> to sort out certain "how do we" but they CAN continue. If the ISP loses a
> server, the stuff is simply restored elsewhere. MS servers and SQL database
> means we pay money, but donations from a few key AMC folks has it covered.
> (there are enough AMC addicts to ensure this will continue)
> The load is pretty well distributed and there are enough of us, and to a
> large extent, the caliber of folks we have makes it somewhat self-policing.
> We've been told "this is the best AMC forum yet" and "this forum is so
> helpful and friendly" and "I actually feel at home here for the first time
> on any forum".
> We have our bases covered SO well, we have the coveted documents of an AMC
> historian, Tom Benvie. The forum I put up and we jointly mod and maintain is
> the first one he's ever felt comfortable enough with to post his rare and
> unique documents and photos.
> There also exists software to enable database conversion for this forum
> software we use. SQL is pretty widely used and it can even be ported to
> MYSQL fairly easily.  
> Forums can and do work with the right forumula and the right people. The
> real trick is to let the personality of the forum be a mix of the admin,
> mods and members without any one overwhelming the others.
>
> But granted, they are NOT right for everyone! Never will be............
>
> Bill
>
>