Some ideas about improving the security of the site: 1. Drop http connections for authentication pages 2. Fix the kamailio.org certificate. At the moment the identity of the domain can't be established as there is no issuer chain provided with it.
>From Firefox information page: " kamailio.org uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) " Marius On Mon, Apr 1, 2013 at 6:55 PM, Edson - Lists <4li...@gmail.com> wrote: > Just as a side note, I've seem anti-spambots 'captcha systems' (just see, > not implemented, nor know about a library that implement it) that use a > dual factor approach: one that you see and one that you know. > > Indeed very simple: show an image and ask something about it. > Questions can be: type just the letters, type just the numbers, type > numbers and letters in pre-defined order (left-to-right,up-down,etc), > number of colors, of groups, color on the booton right, etc... The > combination are limited on the imagination. And the best: it increment in > exponential the way bots have to work. > > Does anybody knows a library/system that implement such approach not all > of them, but at least part of it? > > Edson. > > Em 01/04/2013 06:27, Daniel-Constantin Mierla escreveu: > >> Hello, >> >> as of yesterday, creation of new accounts for Kamailio's wiki site >> requires to answer a project related question. Captcha was useless as >> spam bots were lately going through it easily, creating accounts in a >> rate of approx 50 new registrations per day. >> >> The extra question is asked just after CAPTCHA, see it at: >> - >> https://www.kamailio.org/wiki/**start?do=register<https://www.kamailio.org/wiki/start?do=register> >> >> Hopefully the questions are simple enough to allow good people to >> register and difficult enough for spambots to give up. It is not a very >> sophisticated system, let's see if there will be any efforts in reverse >> engineering to break in with bots. So far no new spammer account. If >> they will succeed, at least they learn something useful. >> >> If anyone has difficulties creating wiki accounts, write an email to >> sr-dev mailing list and it will be investigated. >> >> Cheers, >> Daniel >> >> PS. This registration system will last, is not for April 1. >> >> > ______________________________**_________________ > sr-dev mailing list > sr-...@lists.sip-router.org > http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**dev<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev> >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
