Discuss Scratch

LS97
Scratcher
100+ posts

ITopic: The small steps on how to secure your online site or community

The small steps on how to secure your online site or community
A guide by LS97

Once you get into computers and programming, sometimes just visiting sites isn’t enough. Making your own site becomes a fun and useful alternative. This often turns out to be very productive, educational and satisfying. However, there are some really useful key points that you want to keep in mind while creating your online community.

Passwords, passwords, passwords…
First of all, you need a good password. This keeps on coming up everywhere, from school email accounts to game registrations, and it’s a must. It is extremely important to get a strong password and keep it safe. Nobody needs to know it, and it has to be hard to guess but easy to remember.

If your site has user accounts that people need to pick a password for (a forum for instance) - tell them to NOT use the same password as their Scratch password as that is very risky for them, if your site should get compromised.

Choosing the tools
Second, think about the purpose of your site. What will people use it for? Who will use it? How? If the site is meant to promote a product and give more information about it, it’s better to use an online site maker such as Weebly. In general, these popular online site makers are better to use for this kind of site because they are more secure. Try to avoid site makers with advertisements because they can contain viruses or inappropriate content that you can’t control.

If you want to make an online community with user-moderated forums, uploads, or chats, the story gets a bit more complicated. You need to start from a blank file in notepad, and there are a lot of security precautions to take.

Before you even start, you have to know the basics of whatever programming language you’ll use (commonly PHP). Trust me, it helps.

I’ve got the power!
As much as your own passwords are important, so are the passwords and information about other users. Make sure that all of the user’s information is stored safely on the server and is encrypted. Also store the users’ IP address in a database so that you can ban them if they do anything wrong.

Moderation is another important aspect of online communities. Any user-submitted content (forums, chats, messages, comments, blogs) must have a word filter/censor in place! Also, check the content regularly to make sure no bad pictures are posted. Private chats are dodgy because they can’t be moderated, so avoid them.

You might get excited about being able to control other users: don’t abuse of your power. It’s never a good idea to allow many people to moderate your site. You will manage just fine with yourself alone as a moderator. If your site gets very popular you can maybe add a second power-person. I wouldn’t have more than that because things will get difficult to manage.

Spam time!
Spam has become so popular that even the most secure sites nowadays are occasional victims of this senseless practice. On your forums, try to implement a system similar to the one on the Scratch website. When a user registers, give them partial abilities until you know you can trust them.

As much as the 60 second rule is annoying, it helps so much in reducing spam I can’t even describe it. Being a nice guy and removing the rule from your site will probably earn you hours of spam-removal.

The time rule doesn't only have to apply to forums. Uploads can be a big problem to remove if you don’t have the good tools, so prevention is the key. Add a 5 minute delay between uploads and you’ll be fine.

Just in case spam does happen, and it’s inappropriate, think of an easy method to quickly remove it or hide it from view, until you took care of it completely. You don’t want a bunch of people seeing stuff they don’t want to see.

Verification of Scratchers – Not everyone is who they say they are…
On the internet it’s really easy to pretend you’re someone other than who you really are. Some bad people might pretend to be a known Scratcher and apply for admin on your site under that fake username. To avoid this happening, first ask the user to post a comment on your Scratch projects with that account name. If they don’t, there’s a good chance they’re some kind of bad guy.

The Happy Ending
Once you think you’re following these rules and feel good about your site’s security, you can go ahead and publish it. Run it through to the Scratch Team to see if it’s acceptable to advertise on the Scratch Forums. If you’re lucky, you’ll see your site grow from a bunch of code to a wonderful community.
Have fun making your own site!

For further reading on PHP security measures, you could take a look at jvvg's more specific article on PHP website security.

Last edited by Paddle2See (Dec. 28, 2013 18:21:01)


Retired Scratcher • Aspiring information systems engineer
DigiTechs
Scratcher
500+ posts

ITopic: The small steps on how to secure your online site or community

Didn't jvvg already make a topic about this?

EDIT: Oh, his is about the technical stuff such as escaping strings, lol.

Last edited by DigiTechs (May 11, 2013 12:38:18)


I do, in fact, have my own site; it's here.
I'm also working on a thing called Fetch. Look at it here!
@thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain.
LS97
Scratcher
100+ posts

ITopic: The small steps on how to secure your online site or community

DigiTechs wrote:

Didn't jvvg already make a topic about this?

EDIT: Oh, his is about the technical stuff such as escaping strings, lol.
Both our topics were actually ported from the old forums to fix problems with links in the announcements forum.

For example, this thread was actually first published on 17 October 2011!

Retired Scratcher • Aspiring information systems engineer
DigiTechs
Scratcher
500+ posts

ITopic: The small steps on how to secure your online site or community

LS97 wrote:

DigiTechs wrote:

Didn't jvvg already make a topic about this?

EDIT: Oh, his is about the technical stuff such as escaping strings, lol.
Both our topics were actually ported from the old forums to fix problems with links in the announcements forum.

For example, this thread was actually first published on 17 October 2011!

Okay

I do, in fact, have my own site; it's here.
I'm also working on a thing called Fetch. Look at it here!
@thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain. @thisandagain pls explain.
chocolatepenguin
Scratcher
1000+ posts

ITopic: The small steps on how to secure your online site or community

Could you make one on gmail?
EDIT: Would it be secure enough?

Last edited by chocolatepenguin (June 15, 2013 16:30:16)


mrsrec
Scratcher
500+ posts

ITopic: The small steps on how to secure your online site or community

SO FEW FORUM POSTS!!!!!!

Last edited by mrsrec (Aug. 10, 2013 22:06:53)

davidkt
Scratcher
1000+ posts

ITopic: The small steps on how to secure your online site or community

LS97 wrote:

it’s better to use an online site maker such as Weebly
NOOOO!!! Never! LS97, don't discourage people from the fun of making websites! I'd rather use plain HTML and CSS than Weebly, or any stupid online site makers. A website is not actually your website if you don't program it yourself.

Remember when I looked like this? I still do.


Float, my Scratch 2.0 mod | My (somewhat under-construction) blog
lallaway12
Scratcher
100+ posts

ITopic: The small steps on how to secure your online site or community

chocolatepenguin wrote:

Could you make one on gmail?
EDIT: Would it be secure enough?

Not really
You cant program it to make it hidden for hackers make one in 000website.com a lot safe ands got some easy stuff like templates and stuff!

See my blog ITS MAD so subscribe comment and enjoy http://lallawayrandom.blogspot.co.uk/ ask me what to put up there
Feed my dragons
gregory9
Scratcher
100+ posts

ITopic: The small steps on how to secure your online site or community

This is very helpful.

Use DuckDuckGo instead of Google, Bing, or Yahoo

Check out Coursacado, and SBX Share!

I am gw90 on GitHub
lallaway12
Scratcher
100+ posts

ITopic: The small steps on how to secure your online site or community

gregory9 wrote:

This is very helpful.
I KMOW ITS AN ITOPIC

See my blog ITS MAD so subscribe comment and enjoy http://lallawayrandom.blogspot.co.uk/ ask me what to put up there
Feed my dragons
Paddle2See
Scratch Team
1000+ posts

ITopic: The small steps on how to secure your online site or community

lallaway12 wrote:

gregory9 wrote:

This is very helpful.
I KMOW ITS AN ITOPIC
Ouch! My ears…please don't shout

Scratch Team Member, kayak enthusiast, and servant to multiple cats.

;
lallaway12
Scratcher
100+ posts

ITopic: The small steps on how to secure your online site or community

Paddle2See wrote:

lallaway12 wrote:

gregory9 wrote:

This is very helpful.
I KMOW ITS AN ITOPIC
Ouch! My ears…please don't shout
sorry

See my blog ITS MAD so subscribe comment and enjoy http://lallawayrandom.blogspot.co.uk/ ask me what to put up there
Feed my dragons
cocolover76
Scratcher
100+ posts

ITopic: The small steps on how to secure your online site or community


Weren't ITopics supposed to be on the first page?

no, project wonderful. NO DON'T MAKE ME CLICK ON THAT, PROJECT WONDERFUL.
scimonster
Scratcher
1000+ posts

ITopic: The small steps on how to secure your online site or community

cocolover76 wrote:


Weren't ITopics supposed to be on the first page?
Nope. They just have to be linked to from here and be an ITopic.

Retired Community Moderator
BTW, i run Google Chrome 41.0.2272.101 on a Linux system - Ubuntu 14.04. NEW: iPad 4th gen. w/retina.

418 I'm a teapot (original - to be read by bored computer geeks)
THE GAME (you just lost)
; THE SEMICOLON LIVES ON IN OUR SIGS
davidkt
Scratcher
1000+ posts

ITopic: The small steps on how to secure your online site or community

Why not Django? It's very secure.

Remember when I looked like this? I still do.


Float, my Scratch 2.0 mod | My (somewhat under-construction) blog
GrannyCookies
Scratcher
100+ posts

ITopic: The small steps on how to secure your online site or community

davidkt wrote:

LS97 wrote:

it’s better to use an online site maker such as Weebly
NOOOO!!! Never! LS97, don't discourage people from the fun of making websites! I'd rather use plain HTML and CSS than Weebly, or any stupid online site makers. A website is not actually your website if you don't program it yourself.
*high five*

mrsrec
Scratcher
500+ posts

ITopic: The small steps on how to secure your online site or community

mrsrec wrote:

SO FEW FORUM POSTS!!!!!!
I Repeat This Sentence.
QuillzToxic
Scratcher
1000+ posts

ITopic: The small steps on how to secure your online site or community

mrsrec wrote:

mrsrec wrote:

SO FEW FORUM POSTS!!!!!!
I Repeat This Sentence.
^^^^^^^^^^^^^^^^^^^^^^^^^^^
contest101
Scratcher
25 posts

ITopic: The small steps on how to secure your online site or community

I am posting the following message as my main account.
I have 2 other accounts: remixes and test. These are for organization only and are not made to dodge rules or break rules. I post things in my other account that are too simple or random to post on my main account.


I do not have too worry much, my website has no comment tool or anything like that. It is inform only!

Last edited by contest101 (Feb. 15, 2014 02:21:48)


This is my main account.

I have 4 accounts total.


The next Fighting in your style is out!
AdditionallyThat
Scratcher
5 posts

ITopic: The small steps on how to secure your online site or community

GrannyCookies wrote:

davidkt wrote:

LS97 wrote:

it’s better to use an online site maker such as Weebly
NOOOO!!! Never! LS97, don't discourage people from the fun of making websites! I'd rather use plain HTML and CSS than Weebly, or any stupid online site makers. A website is not actually your website if you don't program it yourself.
*high five*

*same*

Powered by DjangoBB

Standard | Mobile