Lets Talk BBQ Forum Experiment

[smokeasaurus]

Taking Muebes idea one step further...how about their first post can only be posted in new members introductions, this way they are limited to that one thread and they can then be checked out and once cleared they have access to all sections ??

[Smokin Soon]

Yup, it might take a bit longer to join, but this forum is well worth the wait 

If Tee is gonna be away for a spell, Cliff and I can be back-ups, and of course we have many great members here that would step up as well....keep the human touch for this one.......

Sound's right to me.

[teesquare]

There have been some people who I have directed to join here that never received a follow up to join. I was able to get them through with a email to Tee but it took me sending an email. These are good people that I had already vetted that were flagged for one reason or another.
This is a good point muebe... And - now is a good time to explain a bit about our internal securities processes.
1. We use 3 different "levels" of security. The part that folks often get caught up in is that many - if not MOST of us have at one time or another, had our e-mail hi-jacked. You know, - like when you get an e-mail from someone you know....but you open it only to discover - it is not from your friend....it is someone trying to sell you cheap viagra, or a Russian bride.
Here is the bottom line: WE at LTBBQ can't take the risk of letting someone into our site, and risk them accessing your data. Once your e-mail has been hi-jacked - if you don't change your e-mail address and password - then, you are acting really dumb!!! I am sorry that sounds harsh - but think about it. Now someone can cruise into your e-mail at will - and wait for you to screw up and leave some financial data exposed. Further you are not being responsible to anyone in your contacts list, because now, their e-mail will at some point - also get 'jacked. THIS is the fastest, easiest way for identity theft to occur folks.
Now - where "rubber meets the road". If your e-mail address has been compromised - and used to send spam by some low-life...then it is likely that your address will get reported to one of several data bases that we subscribe to. Once that happens, the software picks up that name - and WE ( Admins or Mods. ) NEVER even see the application. Why? Because we do not want to risk exposing some chinks in the software's armor to professional hackers, data miners and spammers. Not gonna do it. Period.
What we will do - is encourage the applicant to protect themselves via the e-mail and password change, automate their ( often non-existent) anti-spyware and anti-virus software - then let us know when they are re-applying via e-mail, so that we can walk them thru the security blocks. It REALLY helps if you as members contact us and tell us to watch for peole that you know will be applying.

2. We ALWAYS send out"response e-mails to applicants. It is THE method by which we can figure out if they are "undesirables" ( as above -spammers, etc...) I will not reveal all of the checks and cross checks we use, but - I hope that you will trust it is more than just "check the box" and it is done.
THE problem - is that MANY folks do not know that they even have a spam filter, or how to check it  - and then - how to acknowledge our response e-mail to them.
So - we have no choice but to assume that no response from them means that they are a spam bot, or a Chinese Viagra salesman, or changed their mind about membership. WE can't control how computer savvy some folks are - or are not. We DO want everyone to come here - and be welcome, given they are not the "bad guys" - but, we need the software to do what it does best. Sort out the ones that are questionable. Then - if they don't respond to us - We can't do anything about it. Again EVERYONE gets an e-mail sent to them that they MUST respond to. But, because our methods are a little different - that confuses some. Some get pissy - and cop attitude ( no kidding - funny/strange as it sounds...) Some never look in their spam filter.
Again - YOUR help - as current members, is needed to grow this place, and to keep it safe. We want ALL of the good members we can get.

Now I do not know how much control there is over the forum software but IMHO I think a little tweaking might be needed.

One idea that I have is you can start new members with the ability to post but not start new topics until they get some time/posts under their belt. Maybe limit their amount of posts per day until they reach a certain time period and amount of posts per day.
We tried that early on - but all it really seemed to do was discourage sincere posters. GUys with an agenda are just gonna post a one or two word comment on enough threads - quickly to un-lock their priviliges.
This way if they are spammers they can be identified pretty quickly and removed. They also will not be able to start any topics if they are bots and this will pose more trouble than a spammer may want to deal with.

Good input muebe- lets keep the discussion going. Who knows what we may come up with? We are open to ideas folks. But our FIRST priority is to keeping your personal info  - including your IP address SAFE

[teesquare]

Taking Muebes idea one step further...how about their first post can only be posted in new members introductions, this way they are limited to that one thread and they can then be checked out and once cleared they have access to all sections ??

I don't know...I have always dis-liked those kinds of  automated limits. They don' encourage participation. They only treat everyone with suspicion AFTER they are a member. I would hope that we can vet them before they  on board. And - Our software can tell me more about a person that is applying than you may be comfortable knowing. It is just the way the world is, and a measured response to prevent having bad guys running amok on LTBBQ.

Ever see  single spammer here.....?   NOPE.....

BUT - again, it is vital that we do not eliminate good members erroneously. Even if it is their fault ( hi-jacked e-mail accts. etc...) we want to help them secure their own interests  -THEN join us. Otherwise - we leave the site vulnerable.

[teesquare]

Yup, it might take a bit longer to join, but this forum is well worth the wait 

If Tee is gonna be away for a spell, Cliff and I can be back-ups, and of course we have many great members here that would step up as well....keep the human touch for this one.......

And - that is forth coming, as long as you and Cliff and I can get together on a chat room nite - or better yet a 3 way phone call.

[CDN Smoker]

T, any computer safety advice you want to pass along I'm here.

My personnel email was hacked and sent porn stuff to all my work mates. Also my boss mates and that's not good.

[pz]

Valid concerns have been raised in this thread.  There is no way to absolutely prevent a determined hacker from getting into a system.  There are typically two main security problems (others exist, but are mainly targeted against the big guys):

• Spam - easy to control, mostly by preventative measures.  Once hacked, not so easy to eliminate
• Email harvesting - relatively easy to prevent, but more of a potential danger to those that use a sensitive email address when registering (I always use an email address that I can dispose of if needed; I never use a sensitive email address

LTBBQ is built on SMF forum software, which is a stable and relatively secure platform (I currently run 3 personal and 1 professional forum built on SMF, and have not had a problem on any of them in 5 years of service - knock on wood).  Security mods are available such as StopForumSpam, HTTBL, Forum Firewall, and quite a few others.  Each brings a new level of security, but then also adds potential access problems.  For instance, I was using HTTBL, and a South African member was being denied access because his IPSs entire domain range was blacklisted.  Fortunately he had my email address, else I'd never even have known that he had been denied. Performance issues can also arise due to anti-spam measures checking IP addresses against known bad ranges.

Built into the SMF core are also security and anti-spam measures, among them levels of password complexity, requiring re-validation on email changes, not revealing member details to guests, etc.  To ensure that a potential registrant is human, CAPTCHA and answering security questions are options.

One setting that currently appears to be enabled in LTBBQ that might be of concern if an automated registration system were implemented is the setting for viewable email addresses.  Currently regular members can see the recipients email address when you click the little envelope under a member's avatar.  This would allow a spammer to easily harvest individual email addresses simply by clicking the email envelope and reading the address off the form.  This is mostly not a huge problem because spammers are usually more interested in harvesting the entire email list and would not both to go after individuals.  However, it could potentially lead to email hacking.

Two things I would recommend in an experiment at LTBBQ:

• If an automated system were implemented, which I actually would be in favor of, I would recommend un-checking the viewable email address option under the General settings of Security and moderation in the Configuration settings, which then hides the email addresses from all but admins.  Members can still send emails to recipients, but mail is sent by the SMF handler which does not display the email address.
• Due diligence by a trusted group of admins and moderators who check the forum daily for unwanted activity, and regular behind the scenes checking of the error, administration, and moderator logs for potential problem accounts

[mikecorn.1]

Valid concerns have been raised in this thread.  There is no way to absolutely prevent a determined hacker from getting into a system.  There are typically two main security problems (others exist, but are mainly targeted against the big guys):

• Spam - easy to control, mostly by preventative measures.  Once hacked, not so easy to eliminate
• Email harvesting - relatively easy to prevent, but more of a potential danger to those that use a sensitive email address when registering (I always use an email address that I can dispose of if needed; I never use a sensitive email address

LTBBQ is built on SMF forum software, which is a stable and relatively secure platform (I currently run 3 personal and 1 professional forum built on SMF, and have not had a problem on any of them in 5 years of service - knock on wood).  Security mods are available such as StopForumSpam, HTTBL, Forum Firewall, and quite a few others.  Each brings a new level of security, but then also adds potential access problems.  For instance, I was using HTTBL, and a South African member was being denied access because his IPSs entire domain range was blacklisted.  Fortunately he had my email address, else I'd never even have known that he had been denied. Performance issues can also arise due to anti-spam measures checking IP addresses against known bad ranges.

Built into the SMF core are also security and anti-spam measures, among them levels of password complexity, requiring re-validation on email changes, not revealing member details to guests, etc.  To ensure that a potential registrant is human, CAPTCHA and answering security questions are options.

One setting that currently appears to be enabled in LTBBQ that might be of concern if an automated registration system were implemented is the setting for viewable email addresses.  Currently regular members can see the recipients email address when you click the little envelope under a member's avatar.  This would allow a spammer to easily harvest individual email addresses simply by clicking the email envelope and reading the address off the form.  This is mostly not a huge problem because spammers are usually more interested in harvesting the entire email list and would not both to go after individuals.  However, it could potentially lead to email hacking.

Two things I would recommend in an experiment at LTBBQ:

• If an automated system were implemented, which I actually would be in favor of, I would recommend un-checking the viewable email address option under the General settings of Security and moderation in the Configuration settings, which then hides the email addresses from all but admins.  Members can still send emails to recipients, but mail is sent by the SMF handler which does not display the email address.
• Due diligence by a trusted group of admins and moderators who check the forum daily for unwanted activity, and regular behind the scenes checking of the error, administration, and moderator logs for potential problem accounts

Yeah! My thoughts exactly
All kidding aside, very good info.


Sent from my iPhone using Tapatalk

[sparky]

A lot of this is over my head but the human touch is always the way to go.  Whatever t wants to do is Okie dokie w/ me.

[GusRobin]

I say go with adding additional moderators or volunteers that can add people.  I like the security and freedom from spammers that we enjoy here compared to other forums.

[teesquare]

Valid concerns have been raised in this thread.  There is no way to absolutely prevent a determined hacker from getting into a system.  There are typically two main security problems (others exist, but are mainly targeted against the big guys):

• Spam - easy to control, mostly by preventative measures.  Once hacked, not so easy to eliminate
• Email harvesting - relatively easy to prevent, but more of a potential danger to those that use a sensitive email address when registering (I always use an email address that I can dispose of if needed; I never use a sensitive email address

LTBBQ is built on SMF forum software, which is a stable and relatively secure platform (I currently run 3 personal and 1 professional forum built on SMF, and have not had a problem on any of them in 5 years of service - knock on wood).  Security mods are available such as StopForumSpam, HTTBL, Forum Firewall, and quite a few others.  Each brings a new level of security, but then also adds potential access problems.  For instance, I was using HTTBL, and a South African member was being denied access because his IPSs entire domain range was blacklisted.  Fortunately he had my email address, else I'd never even have known that he had been denied. Performance issues can also arise due to anti-spam measures checking IP addresses against known bad ranges.

Built into the SMF core are also security and anti-spam measures, among them levels of password complexity, requiring re-validation on email changes, not revealing member details to guests, etc.  To ensure that a potential registrant is human, CAPTCHA and answering security questions are options.

One setting that currently appears to be enabled in LTBBQ that might be of concern if an automated registration system were implemented is the setting for viewable email addresses.  Currently regular members can see the recipients email address when you click the little envelope under a member's avatar.  This would allow a spammer to easily harvest individual email addresses simply by clicking the email envelope and reading the address off the form.  This is mostly not a huge problem because spammers are usually more interested in harvesting the entire email list and would not both to go after individuals.  However, it could potentially lead to email hacking.

Two things I would recommend in an experiment at LTBBQ:

• If an automated system were implemented, which I actually would be in favor of, I would recommend un-checking the viewable email address option under the General settings of Security and moderation in the Configuration settings, which then hides the email addresses from all but admins.  Members can still send emails to recipients, but mail is sent by the SMF handler which does not display the email address.
• Due diligence by a trusted group of admins and moderators who check the forum daily for unwanted activity, and regular behind the scenes checking of the error, administration, and moderator logs for potential problem accounts

We are on the same page pz! If we move to a more hands off method…we would make a few changes beyond even the e-mail accessibility. Unfortunately, I feel that would also change the warm fuzzy feel that we have thus far achieved here, and without any issues from bad guys. Don't mis-understand, I deal with them every day. But, so far…so good

[teesquare]

T, any computer safety advice you want to pass along I'm here.

My personnel email was hacked and sent porn stuff to all my work mates. Also my boss mates and that's not good.

Here is the best I can offer -
1. Buy quality anti-spy/spam and virus software. There are several good ones. I would avoid Norton or Macfee due to their tendency to hog system resources - but, search on line reviews  by computer magazines, and CNET. Be wary of the other "review sites" - which are in reality paid advertisements.
2. Set up your anti virus/spam/spyware software to automatically up-date. Set it for a time when you will have your computer on, but not be using it.  Make it fit into your lifestyle - but make CERTAIN that it is auto up-dating. It does you no good if it is constantly behind the curve.
3.Make a habit of changing your e-mail password at least once a year. Look into software that generates your new passwords, then keeps up with them in a secure "locker" on your computer.
4. Back up your computer OFTEN. You can automate this too. Look into on-line back up and storage. It is the cheapest insurance that you can buy. Regardless of the reason - computers need to have their hard drives wiped and re-loaded on occasion. This will make it easy for you - or a svc. technician if you are not comfy with the process.

Hope this helps!

[CDN Smoker]

A lot of this is over my head but the human touch is always the way to go.  Whatever t wants to do is Okie dokie w/ me.

I'm with Sparky.

"T" if you want to suggest ways to protect ourselves that would be greatly appreciated .

The rest is up to us.

[jboo70]

What if when we reach a certain participation level we have the ability to send out invites to people.  People that we know would benefit from this forum and add to it at the same time.  When the invite is received by the moderator then they don't need to verify the person because it is a personal invite from a trusted member.  That might cut down on the time needed to join and the work load of the moderators.

[africanmeat]

I really Don't know what is the right thing to do , but saying that ,
a mass of people on a forum doesn't makes it better.
i was invited here by a member and he said , nice people here no fights no egos.
man he was right.
in the morning i first look at the forum before i read the paper .
with the new way more likely that we will be get all the drop-out from other forums.
the Goodfellas , we know who they are . let invite them .
 just me thinking aloud .

Man i never wrote So much .