core: Backing-off algorithm for flood control

0 votes

Vote

Raised 0% of 18 credits
(18 credits = 3 hours or $123.73)

Rather than the flood control just limiting the number of hits per second per IP, have it reduce the allowed rate for an IP over time.

For example, if 10 hits per 10 seconds are allowed, only allow say 40 hits per 60 seconds, and 100 hits per 10 minutes, and so on.

This is to reduce the ability for b…

Suggested by Chris Graham on 14th October 2018

core: Harsher flood control under high load

0 votes

Vote

Raised 0% of 42 credits
(42 credits = 7 hours or $288.70)

A good webhost can offer DDOS protection against attacks lower in the network stack (good article saying what they do: https://www.quora.com/How-do-DDOS-mitigation-techniques-work-e-g-RioRey). Suspicious activity can be detected relatively easily, and each machine doing it is not impacting that much of a c…

Suggested by Chris Graham on 14th October 2018

core: Enhanced control of dates during validation

0 votes

Vote

Raised 0% of 18 credits
(18 credits = 3 hours or $123.73)

When you go to some non-validated content, either through the admin_unvalidated module, or an e-mail notification about non-validated content, open up the edit form in a special validation mode.

Instead of a validated checkbox, have a series of radio buttons:
1) Edit but leave non-validated
2) Validat…

Suggested by enelson on 5th October 2018

health_check: Google Webmaster Tools errors

1 vote

Vote

Raised 0% of 24 credits
(24 credits = 4 hours or $164.97)

Automatically interface with the Google Search Console API, and find any errors on the Composr site that shouldn't be. Ignore things relating to external links, but anything on the sitemap for a sitemap file that still exists should not be returning any kind of error.

Suggested by Chris Graham on 2nd October 2018

health_check: Automatic speed tests

0 votes

Vote

Raised 0% of 144 credits
(144 credits = 24 hours or $989.81)

Do many of the tests of tools referenced in testManualPerformance, automatically.

Suggested by Chris Graham on 2nd October 2018

securitylogging: Configurable hack-attack response behaviour

1 vote

Vote

Raised 0% of 36 credits
(36 credits = 6 hours or $247.45)

Composr will detect many hack-attacks, but there is scope for false positives:

1) Badly written bots which accidentally trigger suspicious URLs (e.g. appending full URLs as 'id' parameters by incorrectly composing URLs).

2) On rare occasion, bugs.

3) Past bugs getting stuck in search engine crawl…

Suggested by Chris Graham on 27th September 2018

core: More configurability of IP address session locking

3 votes

Vote

Raised 0% of 24 credits
(24 credits = 4 hours or $164.97)

Rather than having a global option about how sessions are restricted to IP address, make it configurable based on usergroup.

Possibilities (in decreasing order of security):
1) Check full IP
2) Check without last octet
3) Check same subnet
4) No check

A session would be restricted based on the hi…

Suggested by Chris Graham on 25th September 2018

core: Run the PHP codebase through PHP_CodeSniffer beautifier

2 votes

Vote

Raised 0% of 42 credits
(42 credits = 7 hours or $288.70)

Running the beautifier breaks easy merging so we need to take that into consideration. Sometimes reformatted spacing can make code harder to follow but we can fine tune the Code Sniffer config file to deal with that I think.

Attached is the rule set config file following coding standards agreed at https…

Suggested by Salman on 7th September 2018

msn: Support custom fields (catalogue-style fields)

0 votes

Vote

Raised 0% of 60 credits
(60 credits = 10 hours or $412.42)

Allow custom fields to work across MSN.

To do this we need to make most of the catalogues code MSN-aware, which is a lot of complexity.

Suggested by Chris Graham on 28th August 2018

core: Allow main_multi_content block to select by tag

1 vote

Vote

Raised 0% of 6 credits
(6 credits = 1 hour or $41.24)

Select all content by searching for use of a tag, rather than category.

Suggested by Chris Graham on 5th August 2018