On 4/1/13 9:13 PM, Marius Zbihlei wrote:
Some ideas about improving the security of the site:

1. Drop http connections for authentication pages
Not sure how much it will help, as the bots were able to create accounts by solving the captcha. HTTPS is no longer something hard to get in any application. So far so good with the new system, no spammer got that familiar with Kamailio modules :-), but there were few new valid accounts.

2. Fix the kamailio.org <http://kamailio.org> certificate. At the moment the identity of the domain can't be established as there is no issuer chain provided with it.

From Firefox information page:

You actually need to fix Firefox -- I struggled yesterday a bit with same situation. The certificate is actually new, generated yesterday and signed by CACert.org. The previous one was selfsigned, from openser times, expired for few years.

I had to try other browsers to check if works, because Firefox was displaying some error. Then I went back to stable channel from beta channel without any success, even removing the old certificate from firefox preference. To solve it, I cleared the cache.

Let me know if works for you in the same way.

Cheers,
Daniel

"
kamailio.org <http://kamailio.org> uses an invalid security certificate.

The certificate is not trusted because no issuer chain was provided.

(Error code: sec_error_unknown_issuer)
"

Marius


On Mon, Apr 1, 2013 at 6:55 PM, Edson - Lists <4li...@gmail.com <mailto:4li...@gmail.com>> wrote:

    Just as a side note, I've seem anti-spambots 'captcha systems'
    (just see, not implemented, nor know about a library that
    implement it) that use a dual factor approach: one that you see
    and one that you know.

    Indeed very simple: show an image and ask something about it.
    Questions can be: type just the letters, type just the numbers,
    type numbers and letters in pre-defined order
    (left-to-right,up-down,etc), number of colors, of groups, color on
    the booton right, etc... The combination are limited on the
    imagination. And the best: it increment in exponential the way
    bots have to work.

    Does anybody knows a library/system that implement such approach
    not all of them, but at least part of it?

    Edson.

    Em 01/04/2013 06:27, Daniel-Constantin Mierla escreveu:

        Hello,

        as of yesterday, creation of new accounts for Kamailio's wiki site
        requires to answer a project related question. Captcha was
        useless as
        spam bots were lately going through it easily, creating
        accounts in a
        rate of approx 50 new registrations per day.

        The extra question is asked just after CAPTCHA, see it at:
        - https://www.kamailio.org/wiki/start?do=register

        Hopefully the questions are simple enough to allow good people to
        register and difficult enough for spambots to give up. It is
        not a very
        sophisticated system, let's see if there will be any efforts
        in reverse
        engineering to break in with bots. So far no new spammer
        account. If
        they will succeed, at least they learn something useful.

        If anyone has difficulties creating wiki accounts, write an
        email to
        sr-dev mailing list and it will be investigated.

        Cheers,
        Daniel

        PS. This registration system will last, is not for April 1.


    _______________________________________________
    sr-dev mailing list
    sr-...@lists.sip-router.org <mailto:sr-...@lists.sip-router.org>
    http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev



--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, April 16-17, 2013, Berlin
 - http://conference.kamailio.com -

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to