Discuss Scratch
- Discussion Forums
- » Advanced Topics
- » ITopic: The small steps on how to secure your online site or community
- LS97
- Scratcher
100+ posts
ITopic: The small steps on how to secure your online site or community
The small steps on how to secure your online site or community
A guide by LS97
Once you get into computers and programming, sometimes just visiting sites isn’t enough. Making your own site becomes a fun and useful alternative. This often turns out to be very productive, educational and satisfying. However, there are some really useful key points that you want to keep in mind while creating your online community.
Passwords, passwords, passwords…
First of all, you need a good password. This keeps on coming up everywhere, from school email accounts to game registrations, and it’s a must. It is extremely important to get a strong password and keep it safe. Nobody needs to know it, and it has to be hard to guess but easy to remember.
If your site has user accounts that people need to pick a password for (a forum for instance) - tell them to NOT use the same password as their Scratch password as that is very risky for them, if your site should get compromised.
Choosing the tools
Second, think about the purpose of your site. What will people use it for? Who will use it? How? If the site is meant to promote a product and give more information about it, it’s better to use an online site maker such as Weebly. In general, these popular online site makers are better to use for this kind of site because they are more secure. Try to avoid site makers with advertisements because they can contain viruses or inappropriate content that you can’t control.
If you want to make an online community with user-moderated forums, uploads, or chats, the story gets a bit more complicated. You need to start from a blank file in notepad, and there are a lot of security precautions to take.
Before you even start, you have to know the basics of whatever programming language you’ll use (commonly PHP). Trust me, it helps.
I’ve got the power!
As much as your own passwords are important, so are the passwords and information about other users. Make sure that all of the user’s information is stored safely on the server and is encrypted. Also store the users’ IP address in a database so that you can ban them if they do anything wrong.
Moderation is another important aspect of online communities. Any user-submitted content (forums, chats, messages, comments, blogs) must have a word filter/censor in place! Also, check the content regularly to make sure no bad pictures are posted. Private chats are dodgy because they can’t be moderated, so avoid them.
You might get excited about being able to control other users: don’t abuse of your power. It’s never a good idea to allow many people to moderate your site. You will manage just fine with yourself alone as a moderator. If your site gets very popular you can maybe add a second power-person. I wouldn’t have more than that because things will get difficult to manage.
Spam time!
Spam has become so popular that even the most secure sites nowadays are occasional victims of this senseless practice. On your forums, try to implement a system similar to the one on the Scratch website. When a user registers, give them partial abilities until you know you can trust them.
As much as the 60 second rule is annoying, it helps so much in reducing spam I can’t even describe it. Being a nice guy and removing the rule from your site will probably earn you hours of spam-removal.
The time rule doesn't only have to apply to forums. Uploads can be a big problem to remove if you don’t have the good tools, so prevention is the key. Add a 5 minute delay between uploads and you’ll be fine.
Just in case spam does happen, and it’s inappropriate, think of an easy method to quickly remove it or hide it from view, until you took care of it completely. You don’t want a bunch of people seeing stuff they don’t want to see.
Verification of Scratchers – Not everyone is who they say they are…
On the internet it’s really easy to pretend you’re someone other than who you really are. Some bad people might pretend to be a known Scratcher and apply for admin on your site under that fake username. To avoid this happening, first ask the user to post a comment on your Scratch projects with that account name. If they don’t, there’s a good chance they’re some kind of bad guy.
The Happy Ending
Once you think you’re following these rules and feel good about your site’s security, you can go ahead and publish it. Run it through to the Scratch Team to see if it’s acceptable to advertise on the Scratch Forums. If you’re lucky, you’ll see your site grow from a bunch of code to a wonderful community.
Have fun making your own site!
For further reading on PHP security measures, you could take a look at jvvg's more specific article on PHP website security.
A guide by LS97
Once you get into computers and programming, sometimes just visiting sites isn’t enough. Making your own site becomes a fun and useful alternative. This often turns out to be very productive, educational and satisfying. However, there are some really useful key points that you want to keep in mind while creating your online community.
Passwords, passwords, passwords…
First of all, you need a good password. This keeps on coming up everywhere, from school email accounts to game registrations, and it’s a must. It is extremely important to get a strong password and keep it safe. Nobody needs to know it, and it has to be hard to guess but easy to remember.
If your site has user accounts that people need to pick a password for (a forum for instance) - tell them to NOT use the same password as their Scratch password as that is very risky for them, if your site should get compromised.
Choosing the tools
Second, think about the purpose of your site. What will people use it for? Who will use it? How? If the site is meant to promote a product and give more information about it, it’s better to use an online site maker such as Weebly. In general, these popular online site makers are better to use for this kind of site because they are more secure. Try to avoid site makers with advertisements because they can contain viruses or inappropriate content that you can’t control.
If you want to make an online community with user-moderated forums, uploads, or chats, the story gets a bit more complicated. You need to start from a blank file in notepad, and there are a lot of security precautions to take.
Before you even start, you have to know the basics of whatever programming language you’ll use (commonly PHP). Trust me, it helps.
I’ve got the power!
As much as your own passwords are important, so are the passwords and information about other users. Make sure that all of the user’s information is stored safely on the server and is encrypted. Also store the users’ IP address in a database so that you can ban them if they do anything wrong.
Moderation is another important aspect of online communities. Any user-submitted content (forums, chats, messages, comments, blogs) must have a word filter/censor in place! Also, check the content regularly to make sure no bad pictures are posted. Private chats are dodgy because they can’t be moderated, so avoid them.
You might get excited about being able to control other users: don’t abuse of your power. It’s never a good idea to allow many people to moderate your site. You will manage just fine with yourself alone as a moderator. If your site gets very popular you can maybe add a second power-person. I wouldn’t have more than that because things will get difficult to manage.
Spam time!
Spam has become so popular that even the most secure sites nowadays are occasional victims of this senseless practice. On your forums, try to implement a system similar to the one on the Scratch website. When a user registers, give them partial abilities until you know you can trust them.
As much as the 60 second rule is annoying, it helps so much in reducing spam I can’t even describe it. Being a nice guy and removing the rule from your site will probably earn you hours of spam-removal.
The time rule doesn't only have to apply to forums. Uploads can be a big problem to remove if you don’t have the good tools, so prevention is the key. Add a 5 minute delay between uploads and you’ll be fine.
Just in case spam does happen, and it’s inappropriate, think of an easy method to quickly remove it or hide it from view, until you took care of it completely. You don’t want a bunch of people seeing stuff they don’t want to see.
Verification of Scratchers – Not everyone is who they say they are…
On the internet it’s really easy to pretend you’re someone other than who you really are. Some bad people might pretend to be a known Scratcher and apply for admin on your site under that fake username. To avoid this happening, first ask the user to post a comment on your Scratch projects with that account name. If they don’t, there’s a good chance they’re some kind of bad guy.
The Happy Ending
Once you think you’re following these rules and feel good about your site’s security, you can go ahead and publish it. Run it through to the Scratch Team to see if it’s acceptable to advertise on the Scratch Forums. If you’re lucky, you’ll see your site grow from a bunch of code to a wonderful community.
Have fun making your own site!
For further reading on PHP security measures, you could take a look at jvvg's more specific article on PHP website security.
Last edited by Paddle2See (Dec. 28, 2013 18:21:01)
Retired Scratcher • Aspiring information systems engineer
- DigiTechs
- Scratcher
500+ posts
ITopic: The small steps on how to secure your online site or community
Didn't jvvg already make a topic about this?
EDIT: Oh, his is about the technical stuff such as escaping strings, lol.
EDIT: Oh, his is about the technical stuff such as escaping strings, lol.
Last edited by DigiTechs (May 11, 2013 12:38:18)
I do, in fact, have my own site; it's here.
I'm also working on a thing called Fetch. Look at it here!
@thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain.
- LS97
- Scratcher
100+ posts
ITopic: The small steps on how to secure your online site or community
Both our topics were actually ported from the old forums to fix problems with links in the announcements forum. Didn't jvvg already make a topic about this?
EDIT: Oh, his is about the technical stuff such as escaping strings, lol.
For example, this thread was actually first published on 17 October 2011!
Retired Scratcher • Aspiring information systems engineer
- DigiTechs
- Scratcher
500+ posts
ITopic: The small steps on how to secure your online site or community
Both our topics were actually ported from the old forums to fix problems with links in the announcements forum. Didn't jvvg already make a topic about this?
EDIT: Oh, his is about the technical stuff such as escaping strings, lol.
For example, this thread was actually first published on 17 October 2011!
Okay
I do, in fact, have my own site; it's here.
I'm also working on a thing called Fetch. Look at it here!
@thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain.
- chocolatepenguin
- Scratcher
1000+ posts
ITopic: The small steps on how to secure your online site or community
Could you make one on gmail?
EDIT: Would it be secure enough?
EDIT: Would it be secure enough?
Last edited by chocolatepenguin (June 15, 2013 16:30:16)
- mrsrec
- Scratcher
500+ posts
ITopic: The small steps on how to secure your online site or community
SO FEW FORUM POSTS!!!!!!
Last edited by mrsrec (Aug. 10, 2013 22:06:53)
- davidkt
- Scratcher
1000+ posts
ITopic: The small steps on how to secure your online site or community
NOOOO!!! Never! LS97, don't it’s better to use an online site maker such as Weeblydiscourage people from the fun of making websites! I'd rather use plain HTML and CSS than Weebly, or any stupid online site makers. A website is not actually your website if you don't program it yourself.
Remember when I looked like this? I still do.
Float, my Scratch 2.0 mod | My (somewhat under-construction) blog
Float, my Scratch 2.0 mod | My (somewhat under-construction) blog
- lallaway12
- Scratcher
100+ posts
ITopic: The small steps on how to secure your online site or community
Could you make one on gmail?
EDIT: Would it be secure enough?
Not really
You cant program it to make it hidden for hackers make one in 000website.com a lot safe ands got some easy stuff like templates and stuff!
See my blog ITS MAD so subscribe comment and enjoy http://lallawayrandom.blogspot.co.uk/ ask me what to put up there
Feed my dragons
- gregory9
- Scratcher
100+ posts
ITopic: The small steps on how to secure your online site or community
This is very helpful.
Use DuckDuckGo instead of Google, Bing, or Yahoo
Check out Coursacado, and SBX Share!
I am gw90 on GitHub
- lallaway12
- Scratcher
100+ posts
ITopic: The small steps on how to secure your online site or community
I KMOW ITS AN ITOPIC This is very helpful.
See my blog ITS MAD so subscribe comment and enjoy http://lallawayrandom.blogspot.co.uk/ ask me what to put up there
Feed my dragons
- Paddle2See
- Scratch Team
1000+ posts
ITopic: The small steps on how to secure your online site or community
Ouch! My ears…please don't shoutI KMOW ITS AN ITOPIC This is very helpful.
Scratch Team Member, kayak and pickleball enthusiast, cat caregiver.
This is my forum signature! On a forum post, it is okay for Scratchers to advertise in their forum signature. The signature is the stuff that shows up below the horizontal line on the post. It will show up on every post I make.
(credit to Za-Chary)
;
- lallaway12
- Scratcher
100+ posts
ITopic: The small steps on how to secure your online site or community
sorryOuch! My ears…please don't shoutI KMOW ITS AN ITOPIC This is very helpful.
See my blog ITS MAD so subscribe comment and enjoy http://lallawayrandom.blogspot.co.uk/ ask me what to put up there
Feed my dragons
- cocolover76
- Scratcher
100+ posts
ITopic: The small steps on how to secure your online site or community
Weren't ITopics supposed to be on the first page?
no, project wonderful. NO DON'T MAKE ME CLICK ON THAT, PROJECT WONDERFUL.
- scimonster
- Scratcher
1000+ posts
ITopic: The small steps on how to secure your online site or community
Nope. They just have to be linked to from here and be an ITopic.
Weren't ITopics supposed to be on the first page?
Retired Community Moderator
BTW, i run Google Chrome 41.0.2272.101 on a Linux system - Ubuntu 14.04. NEW: iPad 4th gen. w/retina.
418 I'm a teapot (original - to be read by bored computer geeks)
THE GAME (you just lost)
; THE SEMICOLON LIVES ON IN OUR SIGS
- davidkt
- Scratcher
1000+ posts
ITopic: The small steps on how to secure your online site or community
Why not Django? It's very secure.
Remember when I looked like this? I still do.
Float, my Scratch 2.0 mod | My (somewhat under-construction) blog
Float, my Scratch 2.0 mod | My (somewhat under-construction) blog
- GrannyCookies
- Scratcher
100+ posts
ITopic: The small steps on how to secure your online site or community
- mrsrec
- Scratcher
500+ posts
ITopic: The small steps on how to secure your online site or community
I Repeat This Sentence. SO FEW FORUM POSTS!!!!!!
- QuillzToxic
- Scratcher
1000+ posts
ITopic: The small steps on how to secure your online site or community
^^^^^^^^^^^^^^^^^^^^^^^^^^^I Repeat This Sentence. SO FEW FORUM POSTS!!!!!!
- contest101
- Scratcher
25 posts
ITopic: The small steps on how to secure your online site or community
I am posting the following message as my main account.
I have 2 other accounts: remixes and test. These are for organization only and are not made to dodge rules or break rules. I post things in my other account that are too simple or random to post on my main account.
I do not have too worry much, my website has no comment tool or anything like that. It is inform only!
I have 2 other accounts: remixes and test. These are for organization only and are not made to dodge rules or break rules. I post things in my other account that are too simple or random to post on my main account.
I do not have too worry much, my website has no comment tool or anything like that. It is inform only!
Last edited by contest101 (Feb. 15, 2014 02:21:48)
- AdditionallyThat
- Scratcher
5 posts
ITopic: The small steps on how to secure your online site or community
*high five*NOOOO!!! Never! LS97, don't it’s better to use an online site maker such as Weeblydiscourage people from the fun of making websites! I'd rather use plain HTML and CSS than Weebly, or any stupid online site makers. A website is not actually your website if you don't program it yourself.
*same*
- Discussion Forums
- » Advanced Topics
- » ITopic: The small steps on how to secure your online site or community