Servlet Web Hosting - MySQL, Java, JSP, Servlet, Tomcat, SSH Blog

CHAPTER 10 SECURING AND MAINTAINING PHPBB 309 The option to enable visual confirmation lives directly underneath the option for account activation, in the General Configuration section of the Administration panel. Note If you do not have Enable Visual Confirmation as an option, you need to upgrade your phpBB installation. See the Installing Updates section earlier in this chapter for information about how to do just that. Be aware that using the visual confirmation system may impede users that require the assistance of a screen reader, as the screen reader will be unable to interpret the contents of the image. phpBB recognizes this can be a problem and provides a link to the administrator e-mail address you provided when you set up phpBB (which you can change through the Administration panel, under Configuration). This gives users who may have difficulty with your image the opportunity to contact you to assist with registration. If you are contacted by a user who is having problems with visual confirmation, simply register the account for her under her e-mail address. phpBB will e-mail the user directly with the requisite registration information. Despite the potential for this problem, I still heartily endorse using visual confirmation in your registration form. Disallowing Usernames Another useful tool in regulating registration is to disallow certain usernames from being registered. I recommend disallowing names such as admin, moderator, and the like. To restrict usernames, enter the Administration panel and click Disallow names under the User Admin heading in the navigation pane. You are then taken to a simple form, where you can add or remove names that you have disallowed. You can disallow groups of names using the wildcard character (*). Managing Your Ban Lists In the course of using phpBB, you will inevitably ban someone from using your site. The Ban panel, illustrated in Figure 10-11, helps you manage your lists of the banished. You have several methods at your disposal for banning users: Banning by username: This is straightforward. You simply ban the user s account by selecting his name. This is effective at shutting down an account, but the user can easily come back by registering under a different name. Banning by e-mail address/domain: You can ban specific e-mail addresses (such as troublesome@domain.com) or use wildcards to block whole domains (such as *@domain.com). This can help screen out people who use free e-mail services to open accounts, particularly if you have validation enabled. Banning by IP address/range: This is the most effective method of banning a user, but also the most dangerous, especially if you ban by range. To ban an IP address from your forum, simply enter the IP address (which you can glean from a user s post, explained in Using the IP Manager section later in this chapter) and click Submit at the bottom.
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.

308 CHAPTER 10 SECURING AND MAINTAINING PHPBB WHY REQUIRE REGISTRATION ON YOUR COMMUNITY? More and more forums on the Internet require registration to be given posting access, for several reasons: Registration helps weed out troublemakers. Forums with anonymous posting are much more likely to take heat from miscreants who wish to disrupt the community s operation than forums that require registration. While there is no silver bullet for stopping trolls and spammers, registration creates a greater sense of accountability and gives the administrator more tools for stopping problem users from continuing their activities. Registration keeps humans in and bots out. Combined with tools such as visual confirmation, registration ensures that the only ones posting on your site are human beings, not advertising bots. More and more administrators are installing modifications to require registration for functions such as the member list and search, which are frequently used by bots. (phpBB 3.0 s permissions system will include provisions for doing this without modifying the source code.) Registration builds community. Finally, users will typically not go through the trouble of registering if they don t intend on returning at least once. Registering users allows them to create a profile and get to know their fellow members, which promotes camaraderie and helps populate your community. Plus, moderator candidates must be registered users anyway, so it makes sense to register all posters. Validating New User Accounts The General Configuration section of the Administration panel contains an option to enable new account activation. You can disable the feature, which I discourage you from doing, as it opens you up to a myriad of unwanted registrations. Rather, my recommendation is to enable either user validation, which requires users to provide a valid e-mail address to activate their account, or enable administrator validation, which notifies the forum administrators that a new account is created and needs to be approved. Enabling e-mail validation limits an e-mail address to just one associated account, which is good for sanity purposes. It is a must in this day and age of automated registration bots, which create mass accounts on various web services that are ultimately designed to abuse search engines indexes. Additionally, it keeps the onus on users to keep their account information up-to-date, as a valid e-mail address is required to recover passwords. Enabling Visual Confirmation Another weapon in the war against illegitimate registrations is the visual confirmation process, which generates a random code embedded in a somewhat distorted image, as shown in the example in Figure 10-10. This ensures that programs creating accounts cannot successfully complete registration, but humans can. The vali dation code must be entered correctly in order for registration to continue. This feature was backported from phpBB 3.0 to recent versions Figure 10-10. The visual confirmation of phpBB 2.0. image
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.

CHAPTER 10 SECURING AND MAINTAINING PHPBB 307 Figure 10-9. Group permissions, in Advanced Mode Group members are listed at the top of the permissions screens, so you know to which members you are assigning those permissions. As with user permissions, you can assign specific permissions in private forums and give a whole group moderator access to a forum. Sites such as phpBBHacks.com and the official phpBB web site leverage this functionality to give specific teams of staff permission to moderate their assigned forums, without needing to labor through giving moderator rights to individual users. This has the added benefit of cutting down on clutter on the Forum Index page, too, as you can maintain order in your list of moderators underneath each forum. Otherwise, you end up with a considerably large string of users that just takes up space and makes your forum look a little more visually busy, which generally you wish to avoid. A particularly useful application of user groups is for creating supermoderators. As I mentioned earlier in this chapter, a supermoderator is generally a moderator who has permission to moderate all forums in the community. phpBB 2.0 does not come with integrated super- moderator functionality, however. The workaround is to create a user group, named something like Super Moderator, assign your trusted users to this group, and then make the group moderator of the forums you wish these users to moderate. The upside to this approach is that you can restrict supermoderators power in certain forums (leaving those for administrators to control), while other supermoderator implementations do not permit these kinds of restrictions. Note As of this writing, phpBB 3.0 returns the traditional Super Moderator user level, so you will not need to create a special group to implement this role. The option to do so still exists, though. Managing Registrations In addition to the flexibility of the permissions system, phpBB provides other options for managing and securing the registration system, to further prevent miscreants from raising havoc in your community.
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.

306 CHAPTER 10 SECURING AND MAINTAINING PHPBB The G-14 Classified forum has more options than the other two forums. In the Simple Mode, it has another drop-down box available. In the Advanced Mode, each permission can be set separately. In this example, I ve set the permissions in the G-14 Classified forum to PRIVATE (except for the View and Announce functions) to enable per-user permissions in the forum. In Simple Mode, I can simply allow or disallow access across the board. In Advanced Mode, I can get a little more nitpicky: I can set whether Joe is able to read posts, make posts, edit posts, and the like. If I had set up the G-14 Classified forum as a hidden forum, I could also control whether Joe would be able to see it. If I wanted to make him a moderator of any forum, I can simply click the drop-down box corresponding to the forum I wish for him to moderate, change it to Is Moderator, and click Submit. Clicking Submit saves all changes for the user, and the changes take effect immediately. Setting per-user permissions gives you a lot of control, but it can get somewhat tedious. In most cases, you will use user group permissions, explained next, as a good base for permissions for multiple users. After granting permissions to the group, you can then go back to an individual user s permissions and override the group permissions with custom settings, as per-user permissions take precedence over group permissions. Using Permissions with User Groups In terms of permissions, user groups operate almost identically to individual users, except that the permissions are applied to every member of the group. Indeed, Figures 10-8 and 10-9 are almost identical to Figures 10-6 and 10-7, respectively, except the option to assign administrator standing is not present for groups. Figure 10-8. Group permissions, in Simple Mode
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.