Closed ghost closed 2 years ago
Automated bots looking for vulnerabilities are popping up all the time. Thankfully they haven't found any because the site isn't using any of the technologies they're trying to find weaknesses in.
In fact, a lot needs to be done here - hopefully it never needs to be used but there should be facilities to mute or ban troublemakers should they arrive, as well as the ability to put people on ignore at the user's own discretion.
Currently I think the site achieves security through obscurity but that may not last.
At least account activation after verification through email should be implemented
I would hold off on email activation at least until we get our first spam bot. For now I think making it easy to get started playing on the site is more important than keeping out the as-yet nonexistent spambots. The feature could be added, but not switched on until it's needed.
Four years later and we haven't had a single automated spam bot and we have mute and ban commands for admins. Closing this.
It's only a matter of time before spammers find this site and begin to flood the chat with pr0n ads. Also, some consideration needs to be made for the ability of spammers to effectively DDOS the site by creating a bunch of sessions and consuming all available resources on the machine.