HOW TO KEEP YOUR FORUM SAFE
or, ways you learn to be paranoid when you have to deal with crazy people
by Kshrlmnt Dion of Unknown
Introduction
or, ways you learn to be paranoid when you have to deal with crazy people
by Kshrlmnt Dion of Unknown
Introduction
Forums are in many way the lifeblood of a region. They're how the government is organized, how diplomatic relations are kept, how a region's history is stored, how members of the region communicate and get to know each other.
Forums can also be extremely vulnerable. Several times a year, a forum is spammed with anything from personal information to porn, or a forum is wiped of all its posts or members. Regions can and do rebuild, but valuable information and memories may be lost forever.
Forum Spamming
How to Prevent It
Forum spammers will generally flood your boards or PM system with obscene photos, but have been known to use written posts attacking the region's government, an action, or a specific person. An experienced spammer will wait until no moderators or administrators are on the online list. There's really not much you can do about this, so the best alternative is prevention.
Spammers need access to either posting privileges or the PM system. Make sure everybody who uses your board is registered on it; and better yet, make sure they have to apply for citizenship or other masking before they can do either. You'll have to allow posting in your introductions forums, of course, but that's a comparatively minimal risk. Then, before you mask anyone, check if what they say is true. Most of all, check their IP. There are various sites where you can look up IPs; this is my favorite.
A smart spammer (and some spies) will use a proxy. With practice, you'll be able to spot them more easily, but especially look for IPs that don't match the area they say they're in, IPs that trace to uninhabited or very unusual places, corporate IPs, and any known as a proxy. Unless you think an applicant is a spy and want to play intel games with them, I don't advise letting masking anyone who's using a proxy. On the plus side, though, some proxies can't be used to do things like register on forums or join IRC channels.
Keep a list of the IPs or locations of people you know to be dangerous or connected to forum attacks. You can compare applicants to that list, and it can save you a fair bit of grief. You might also compare to previous and past members; you don't want to stop a spammer in the act only to find he had a second account ready to continue.
Finally, have a decent limit on your post rate. If you've recruited, you know how you can't PM two nations without waiting a bit between? It's the same thing, and makes it more likely you'll catch a spammer before he finishes. As well, consider using autotools to create a quick ban/suppress button.
How to Clean Up after It
If the spam was via the PM system, there's not much you can do besides PM everyone who might have received it telling them what happened, and to beware opening suspicious PMs. One possible way to check who got PMs, too, is to use the Admin CP on your forum to change the password on the spammer's account. You can then log in and check the sent folder.
If the attack was postings in multiple threads, you have multiple options for cleaning up. First of all, though, some advice that might seem counter-intuitive: don't just delete the posts. Even if they contain ghastly images, the times and IPs on each post may give you valuable evidence in tracking down the culprit. Split the posts off and put them someplace hidden on the forums, so you can deal with them privately and others don't have to see them.
If you're not particularly enamored of the pictures posted, look into forum and browser options for hiding pictures. If it's bad enough or your forum is busy enough and you need time to clean up without other people having to see what happened, consider turning your boards temporarily offline.
Forum Wipes
How to Prevent It
Be insanely careful about who you make a forum mod or admin. Check everyone against an IP list of known enemies and forum attackers; don't give mod/admin power to anyone you haven't known for long or don't fully trust. If you make moderator a function of an elected position, limit their moderator powers to only a few relevant parts of the forum. And don't give someone you don't fully and completely trust admin just because they won an election. Beyond this, don't let inactive or noncontributing people have admin/mod power. Or people you tick off, personally or politically.
How to Clean Up after It
Consider having a backup for important histories, laws, images, etc., either on your computer or another forum. From there, sometimes it's easiest just to move to a new forum. The choice is yours.
Investigations Afterwards
IPs are the essential. Note every IP on the culpable account, both on the IP lists in the ACP, in the admin/mod history in the ACP, and on individual posts. The IP used during the spam or wipe itself may be a proxy, but sometimes a real IP slips through, either during the attack or on previous posts or registration.
There have been cases where someone with access to the admin CP will grant access to a hacked account in an attempt to frame said person. Be very careful to check IPs for both people in such a case. But don't assume it wasn't real, either.
Keep watch for other accounts that were active at the same time as the attack. It may, at times, indicate an accomplice or someone who knew about the attack beforehand.
Other
The root admin of a forum is unassailable even by other admins. Be sure you keep access to it, or your leader does. Even if it's someone's personal account, if they leave NS, make sure you get the password for safety's sake.
Take advantage of any treaty you have promising mutual security aid. Exchange IP lists, and if you've been hit, ask for help.
If you have questions or further advice, post!