Scratch

The small steps on how to secure your online site or community
A guide by LS97

Once you get into computers and programming, sometimes just visiting sites isn’t enough. Making your own site becomes a fun and useful alternative. This often turns out to be very productive, educational and satisfying. However, there are some really useful key points that you want to keep in mind while creating your online community.

Passwords, passwords, passwords…
First of all, you need a good password. This keeps on coming up everywhere, from school email accounts to game registrations, and it’s a must. It is extremely important to get a strong password and keep it safe. Nobody needs to know it, and it has to be hard to guess but easy to remember.

Choosing the tools
Second, think about the purpose of your site. What will people use it for? Who will use it? How? If the site is meant to promote a product and give more information about it, it’s better to use an online site maker such as Weebly. In general, these popular online site makers are better to use for this kind of site because they are more secure. Try to avoid site makers with advertisements because they can contain viruses or inappropriate content that you can’t control.

If you want to make an online community with user-moderated forums, uploads, or chats, the story gets a bit more complicated. You need to start from a blank file in notepad, and there are a lot of security precautions to take.

Before you even start, you have to know the basics of whatever programming language you’ll use (commonly PHP). Trust me, it helps.

I’ve got the power!
As much as your own passwords are important, so are the passwords and information about other users. Make sure that all of the user’s information is stored safely on the server and is encrypted. Also store the users’ IP address in a database so that you can ban them if they do anything wrong.

Moderation is another important aspect of online communities. Any user-submitted content (forums, chats, messages, comments, blogs) must have a word filter/censor in place! Also, check the content regularly to make sure no bad pictures are posted. Private chats are dodgy because they can’t be moderated, so avoid them.

You might get excited about being able to control other users: don’t abuse of your power. It’s never a good idea to allow many people to moderate your site. You will manage just fine with yourself alone as a moderator. If your site gets very popular you can maybe add a second power-person. I wouldn’t have more than that because things will get difficult to manage.

Spam time!
Spam has become so popular that even the most secure sites nowadays are occasional victims of this senseless practice. On your forums, try to implement a system similar to the one on the Scratch website. When a user registers, give them partial abilities until you know you can trust them.

As much as the 60 second rule is annoying, it helps so much in reducing spam I can’t even describe it. Being a nice guy and removing the rule from your site will probably earn you hours of spam-removal.

The time rule doesn’t only have to apply to forums. Uploads can be a big problem to remove if you don’t have the good tools, so prevention is the key. Add a 5 minute delay between uploads and you’ll be fine.

Just in case spam does happen, and it’s inappropriate, think of an easy method to quickly remove it or hide it from view, until you took care of it completely. You don’t want a bunch of people seeing stuff they don’t want to see.

Verification of Scratchers – Not everyone is who they say they are…
On the internet it’s really easy to pretend you’re someone other than who you really are. Some bad people might pretend to be a known Scratcher and apply for admin on your site under that fake username. To avoid this happening, first ask the user to post a comment on your Scratch projects with that account name. If they don’t, there’s a good chance they’re some kind of bad guy.

The Happy Ending
Once you think you’re following these rules and feel good about your site’s security, you can go ahead and publish it. Run it through to the Scratch Team to see if it’s acceptable to advertise on the Scratch Forums. If you’re lucky, you’ll see your site grow from a bunch of code to a wonderful community.
Have fun making your own site! 

Last edited by scimonster (2012-05-21 14:01:52)