The small steps on how to secure your online site or community
A guide by LS97

Once you get into computers and programming, sometimes just visiting sites isn’t enough. Making your own site becomes a fun and useful alternative. This often turns out to be very productive, educational and satisfying. However, there are some really useful key points that you want to keep in mind while creating your online community.

Passwords, passwords, passwords…
First of all, you need a good password. This keeps on coming up everywhere, from school email accounts to game registrations, and it’s a must. It is extremely important to get a strong password and keep it safe. Nobody needs to know it, and it has to be hard to guess but easy to remember.

If your site has user accounts that people need to pick a password for (a forum for instance) - tell them to NOT use the same password as their Scratch password as that is very risky for them, if your site should get compromised.

Choosing the tools
Second, think about the purpose of your site. What will people use it for? Who will use it? How? If the site is meant to promote a product and give more information about it, it’s better to use an online site maker such as Weebly. In general, these popular online site makers are better to use for this kind of site because they are more secure. Try to avoid site makers with advertisements because they can contain viruses or inappropriate content that you can’t control.

If you want to make an online community with user-moderated forums, uploads, or chats, the story gets a bit more complicated. You need to start from a blank file in notepad, and there are a lot of security precautions to take.

Before you even start, you have to know the basics of whatever programming language you’ll use (commonly PHP). Trust me, it helps.

I’ve got the power!
As much as your own passwords are important, so are the passwords and information about other users. Make sure that all of the user’s information is stored safely on the server and is encrypted. Also store the users’ IP address in a database so that you can ban them if they do anything wrong.

Moderation is another important aspect of online communities. Any user-submitted content (forums, chats, messages, comments, blogs) must have a word filter/censor in place! Also, check the content regularly to make sure no bad pictures are posted. Private chats are dodgy because they can’t be moderated, so avoid them.

You might get excited about being able to control other users: don’t abuse of your power. It’s never a good idea to allow many people to moderate your site. You will manage just fine with yourself alone as a moderator. If your site gets very popular you can maybe add a second power-person. I wouldn’t have more than that because things will get difficult to manage.

Spam time!
Spam has become so popular that even the most secure sites nowadays are occasional victims of this senseless practice. On your forums, try to implement a system similar to the one on the Scratch website. When a user registers, give them partial abilities until you know you can trust them.

As much as the 60 second rule is annoying, it helps so much in reducing spam I can’t even describe it. Being a nice guy and removing the rule from your site will probably earn you hours of spam-removal.

The time rule doesn't only have to apply to forums. Uploads can be a big problem to remove if you don’t have the good tools, so prevention is the key. Add a 5 minute delay between uploads and you’ll be fine.

Just in case spam does happen, and it’s inappropriate, think of an easy method to quickly remove it or hide it from view, until you took care of it completely. You don’t want a bunch of people seeing stuff they don’t want to see.

Verification of Scratchers – Not everyone is who they say they are…
On the internet it’s really easy to pretend you’re someone other than who you really are. Some bad people might pretend to be a known Scratcher and apply for admin on your site under that fake username. To avoid this happening, first ask the user to post a comment on your Scratch projects with that account name. If they don’t, there’s a good chance they’re some kind of bad guy.

The Happy Ending
Once you think you’re following these rules and feel good about your site’s security, you can go ahead and publish it. Run it through to the Scratch Team to see if it’s acceptable to advertise on the Scratch Forums. If you’re lucky, you’ll see your site grow from a bunch of code to a wonderful community.
Have fun making your own site!

For further reading on PHP security measures, you could take a look at jvvg's more specific article on PHP website security.

Didn't jvvg already make a topic about this?

EDIT: Oh, his is about the technical stuff such as escaping strings, lol.

DigiTechs wrote:

Didn't jvvg already make a topic about this?

EDIT: Oh, his is about the technical stuff such as escaping strings, lol.

Both our topics were actually ported from the old forums to fix problems with links in the announcements forum.

For example, this thread was actually first published on 17 October 2011!

LS97 wrote:

DigiTechs wrote:

Didn't jvvg already make a topic about this?

EDIT: Oh, his is about the technical stuff such as escaping strings, lol.

Both our topics were actually ported from the old forums to fix problems with links in the announcements forum.

For example, this thread was actually first published on 17 October 2011!

Okay

Could you make one on gmail?
EDIT: Would it be secure enough?

SO FEW FORUM POSTS!!!!!!

LS97 wrote:

it’s better to use an online site maker such as Weebly

NOOOO!!! Never! LS97, don't discourage people from the fun of making websites! I'd rather use plain HTML and CSS than Weebly, or any stupid online site makers. A website is not actually your website if you don't program it yourself.

chocolatepenguin wrote:

Could you make one on gmail?
EDIT: Would it be secure enough?

Not really
You cant program it to make it hidden for hackers make one in 000website.com a lot safe ands got some easy stuff like templates and stuff!

This is very helpful.

gregory9 wrote:

This is very helpful.

I KMOW ITS AN ITOPIC

lallaway12 wrote:

gregory9 wrote:

This is very helpful.

I KMOW ITS AN ITOPIC

Ouch! My ears…please don't shout

Paddle2See wrote:

lallaway12 wrote:

gregory9 wrote:

This is very helpful.

I KMOW ITS AN ITOPIC

Ouch! My ears…please don't shout

sorry

Weren't ITopics supposed to be on the first page?

cocolover76 wrote:

Weren't ITopics supposed to be on the first page?

Nope. They just have to be linked to from here and be an ITopic.

Why not Django? It's very secure.

davidkt wrote:

LS97 wrote:

it’s better to use an online site maker such as Weebly

NOOOO!!! Never! LS97, don't discourage people from the fun of making websites! I'd rather use plain HTML and CSS than Weebly, or any stupid online site makers. A website is not actually your website if you don't program it yourself.

*high five*

mrsrec wrote:

SO FEW FORUM POSTS!!!!!!

I Repeat This Sentence.

mrsrec wrote:

mrsrec wrote:

SO FEW FORUM POSTS!!!!!!

I Repeat This Sentence.

^^^^^^^^^^^^^^^^^^^^^^^^^^^

I am posting the following message as my main account.
I have 2 other accounts: remixes and test. These are for organization only and are not made to dodge rules or break rules. I post things in my other account that are too simple or random to post on my main account.


I do not have too worry much, my website has no comment tool or anything like that. It is inform only!

GrannyCookies wrote:

davidkt wrote:

LS97 wrote:

it’s better to use an online site maker such as Weebly

NOOOO!!! Never! LS97, don't discourage people from the fun of making websites! I'd rather use plain HTML and CSS than Weebly, or any stupid online site makers. A website is not actually your website if you don't program it yourself.

*high five*

*same*