Need help writing a RFC

[trancended1]

Hi all, to really get to the heart of the matter you need to know where im coming from
for starters hello world! im currently wading my way though a stack of books taller than me to get my little hobby online, its a unholy monster of a social network that will crush everything else out there like an egg. Not for profit of course. Mostly whats been holding me back ins the security arciteture, and that is about 90% figured out. Ive spent many months reachearching it. Problem is my phbb forums have attracted a pet spam bot its relentless and irritating, i put up with it for a while, but what sent me on the war path was when it started advertising child porn.

That tore it, i can see many improvements that i can put into the forum security, and weak points that are a big problem. So im happy to modify a very large pile of my defences i dreamed up and if i get others figured out them to. happy to give the forums security a complete overhaul and give you a nice new shiny array of toys to make their life miserable.
that said, i really could use the help and guidance of experienced web developers (mainly picking brains about little things here and there) ill host it, test it, get it pen tested with the hackers i know, and upload the code as a RFC so you can have fun picking it apart and hardening it further...

as for my other website, well ill be keeping that quet for now due to the fact once i got the security done, the rest is easy, and my main concerns will be figuring out how to deploy servers fast enough....

[brunoais]

Eh... what? I didn't understand what exactly do you need help for...
You stated improving security, which parts of phpBB do you think that lacks security?
What kind of changes are you thinking on doing to make bots' lifes miserable?

[Mess]

Good luck with err... that.

[Jacob]

Good luck with err... that.

Sorry, couldn't help myself.

[trancended1]

Fine I'll just fix up ridiculous *beep* like 5000. Posts a minute 100 accounts an etc how Is this not done allready I'm more worried about unique browser value per ip into session cookie and then detecting modification/sessions hijack with hash checksum along with sql and xSS countermeasure. Looking at client side crypto to see if I can get less server side overhead but looking at corruption of by escaping chars and so fourth I can give better explanation but at wwedding atm talk later.

[brunoais]

huh?

[DavidIQ]

Not sure what "security issues" you're experiencing with phpBB but none have been reported in the current phpBB Olympus line in a few years. SPAM issues are not security issues.