m (I really like having the TOC on the right.) |
|||
Line 6: | Line 6: | ||
* '''Do not reveal contact details of members to guests''' - If selected this option will hide the email addresses and messenger contact details of all members from any guests on your forum | * '''Do not reveal contact details of members to guests''' - If selected this option will hide the email addresses and messenger contact details of all members from any guests on your forum | ||
* '''Allow viewable email addresses''' - If this option is enabled instead of users email addresses being hidden to normal members and guests they will be publicly viewable on the forum. Enabling this will put your users at greater risk of being victims of spam as a result of email harvesters visiting your forum. Note this setting does not override the user setting for hiding their email address from users. Enabling this setting is not recommended. | * '''Allow viewable email addresses''' - If this option is enabled instead of users email addresses being hidden to normal members and guests they will be publicly viewable on the forum. Enabling this will put your users at greater risk of being victims of spam as a result of email harvesters visiting your forum. '''Note:''' this setting does not override the user setting for hiding their email address from users. Enabling this setting is not recommended. | ||
* '''Failed login threshold''' - Set the number of failed login attempts before directing the user to the password reminder screen. | * '''Failed login threshold''' - Set the number of failed login attempts before directing the user to the password reminder screen. | ||
* '''Enable error logging''' - This will log any errors, like a failed login, so you can see what went wrong. | * '''Enable error logging''' - This will log any errors, like a failed login, so you can see what went wrong. | ||
* '''Include database query in the error log''' - This will include the full query sent to the database in with any database error. Requires error logging to be turned on. | * '''Include database query in the error log''' - This will include the full query sent to the database in with any database error. Requires error logging to be turned on. '''Note:''' this will affect the ability to filter the error log by the error message. | ||
* '''Disable administration security''' - This disables the additional password check for the administration section. This is not recommended! | * '''Disable administration security''' - This disables the additional password check for the administration section. This is not recommended! | ||
* '''Require reactivation after email change''' - When this option is checked all members who change their email address in their profile will have to reactivate their account from an email sent to that address | * '''Require reactivation after email change''' - When this option is checked all members who change their email address in their profile will have to reactivate their account from an email sent to that address | ||
* '''Require admin approval when member deletes account''' - | * '''Require admin approval when member deletes account''' - This will make it so that when a member deletes their account, an administrator must approve the deletion request before the account is actually deleted. | ||
* '''Enable reporting of personal messages''' - This option allows your users to report personal messages they receive to the administration team. This may be useful in helping to track down any abuse of the personal messaging system. | * '''Enable reporting of personal messages''' - This option allows your users to report personal messages they receive to the administration team. This may be useful in helping to track down any abuse of the personal messaging system. | ||
* '''Maximum number of recipients allowed in a personal message''' - This option allows you to set the maximum amount of recipients allowed in a single personal message sent by a forum member. This may be used to help stop spam abuse of the PM system. Note | * '''Maximum number of recipients allowed in a personal message''' - This option allows you to set the maximum amount of recipients allowed in a single personal message sent by a forum member. This may be used to help stop spam abuse of the PM system. '''Note:''' users with permission to send newsletters are exempt from this restriction. Set to zero for no limit. | ||
* '''Post count under which users must enter code when sending personal messages.''' - This setting will force users to enter a code shown on a verification image each time they are sending a personal message. Only users with a post count below the number set will need to enter the code - this should help combat automated spamming scripts. | * '''Post count under which users must enter code when sending personal messages.''' - This setting will force users to enter a code shown on a verification image each time they are sending a personal message. Only users with a post count below the number set will need to enter the code - this should help combat automated spamming scripts. | ||
* '''Number of personal messages a user may send in an hour''' - This will limit the number of personal messages which may be sent by a user in a one hour period. This does not affect admins or moderators. | * '''Number of personal messages a user may send in an hour''' - This will limit the number of personal messages which may be sent by a user in a one hour period. This does not affect admins or moderators. | ||
== Anti-Spam == | == Anti-Spam == |
Revision as of 14:24, 16 March 2011
The Security page of the Features and Options page of your Administration Center offers several security related settings that you can configure to meet your needs. Pay close attention to these settings, as a properly secured forum generally should take measures to ensure the safety of itself and its members.
General
The following are the settings included on this page:
- Do not reveal contact details of members to guests - If selected this option will hide the email addresses and messenger contact details of all members from any guests on your forum
- Allow viewable email addresses - If this option is enabled instead of users email addresses being hidden to normal members and guests they will be publicly viewable on the forum. Enabling this will put your users at greater risk of being victims of spam as a result of email harvesters visiting your forum. Note: this setting does not override the user setting for hiding their email address from users. Enabling this setting is not recommended.
- Failed login threshold - Set the number of failed login attempts before directing the user to the password reminder screen.
- Enable error logging - This will log any errors, like a failed login, so you can see what went wrong.
- Include database query in the error log - This will include the full query sent to the database in with any database error. Requires error logging to be turned on. Note: this will affect the ability to filter the error log by the error message.
- Disable administration security - This disables the additional password check for the administration section. This is not recommended!
- Require reactivation after email change - When this option is checked all members who change their email address in their profile will have to reactivate their account from an email sent to that address
- Require admin approval when member deletes account - This will make it so that when a member deletes their account, an administrator must approve the deletion request before the account is actually deleted.
- Enable reporting of personal messages - This option allows your users to report personal messages they receive to the administration team. This may be useful in helping to track down any abuse of the personal messaging system.
- Maximum number of recipients allowed in a personal message - This option allows you to set the maximum amount of recipients allowed in a single personal message sent by a forum member. This may be used to help stop spam abuse of the PM system. Note: users with permission to send newsletters are exempt from this restriction. Set to zero for no limit.
- Post count under which users must enter code when sending personal messages. - This setting will force users to enter a code shown on a verification image each time they are sending a personal message. Only users with a post count below the number set will need to enter the code - this should help combat automated spamming scripts.
- Number of personal messages a user may send in an hour - This will limit the number of personal messages which may be sent by a user in a one hour period. This does not affect admins or moderators.
Anti-Spam
This section allows you to setup verification checks to ensure the user is a human (and not a bot), and tweak how and where these apply.
Anti-Spam Verification
- Require verification on registration page -
- Require verification on all guest searches -
- Guests must pass verification when making a post - (Automatically set if you specify a minimum post count below)
- Post count under which users must pass verification to make a post - This setting will force users to pass anti-spam bot verification each time they make a post to a board. Only users with a post count below the number set will need to enter the code - this should help combat automated spamming scripts.
- Guests must pass verification when reporting a post -
- Maximum number of recipients allowed in a personal message - (0 for no limit, admins are exempt) This option allows you to set the maximum amount of recipients allowed in a single personal message sent by a forum member. This may be used to help stop spam abuse of the PM system. Note that users with permission to send newsletters are exempt from this restriction. Set to zero for no limit.
- Post count under which users must pass verification when sending personal messages - (0 for no limit, admins are exempt) This setting will force users to enter a code shown on a verification image each time they are sending a personal message. Only users with a post count below the number set will need to enter the code - this should help combat automated spamming scripts.
- Number of personal messages a user may send in an hour - This will limit the number of personal messages which may be sent by a user in a one hour period. This does not affect admins or moderators.
Configure Verification Methods
Below you can set which anti-spam features you wish to have enabled whenever a user needs to verify they are a human. Note that the user will have to pass all verification so if you enable both a verification image and a question/answer test they need to complete both to proceed.
Verification Questions
If you want users to answer verification questions in order to stop spam bots you should setup a number of questions in the table below. You should pick relatively simple questions; answers are not case sensitive. You may use BBC in the questions for formatting, to remove a question simply delete the contents of that line.
Main
Configuration
- Core Features
- Features and Options
- Security and Moderation
- Languages
- Server settings
- Current Theme
- Themes and Layout
- Modification Settings
Forum
Members
Maintenance
Miscellaneous
- Security Tips
- Building Your Community
- Performance enhancements
- Modifications - A mod broke my forum what should I do