We also aim to help improve security on your forum.

Features: Security
 Dynamic CAPTCHAs

Posted by Nao, on May 6th, 2011, 07:31 PM   (6,154 views) « 1 2 »

Feature: Dynamic CAPTCHAs
Developer: Arantor
Target: users, admins
Status: 100% (complete; by its nature, more captchas will be added in the future as needed.)
Comment:

A captcha is a script that shows an image with usually some text in it, and asks you to confirm what the image says. It's a relatively effective measure taken against spam bots, but it only works as long as bots aren't updated to be able to decrypt the captcha. For that reason, new captchas need to be used as soon as one is found to be ineffective against non-human spam.
Wedge gets around this by implementing a more robust captcha system. It's built as a plug-in system that allows you to write your own captchas, or simply drop in new captchas written by others. One captcha = one file in the captcha folder. As simple as that. Wedge includes 10 new captchas, some of which use animated GIFs built dynamically.

17 replies
 Bad Behavior

Posted by Nao, on May 7th, 2011, 01:03 PM   (1,972 views)

Feature: Bad Behavior
Developer: Arantor
Target: users, admins
Status: 99% (complete, needs testing in specific situations. Needs a UI for checking out the intrusion log.)
Comment:

This adds Bad Behavior protection to Wedge. It is integrated into the code and always executed. It's also very fast, so don't worry about performance. Bad Behavior's goal is to keep as much spam out of your forum by detecting any suspect behavior from a user that might link them to actually being a poorly programmed spam bot. If by any chance, an actual user has their action refused by Wedge, they will receive a proper error message and they can forward it to the admin (or the Wedge authors) along with a description of what they attempted to do.

9 replies
 JavaScript protection

Posted by Nao, on May 7th, 2011, 01:03 PM   (910 views)

Feature: JavaScript protection
Developer: Nao
Target: modders, geeks
Status: 100% (complete.)
Comment:

Sometimes, a developer will be very protective of their code. We understand that. JavaScript code, unfortunately, is by nature in plain view. Wedge offers an option to obfuscate JavaScript filenames, making it harder (if not impossible) to find the original unminified file with comments. And even if someone did... Well, there's now a nice little .htaccess file in the script folder that prevents directly access to the original files. We didn't try to encrypt JS data in the cached file because, let's be clear, it can still be decrypted easily through a JS debugger. We're not making it impossible to get the JS source code -- only more annoying.