Forum software upgrade
Post new topic Reply to topic Page 1 of 21, 2
Author

User avatar

Site Admin

Posts: 2104
Joined: Oct 19, 2002
Last Visit: Aug 02, 2021
Location: Honolulu, HI

Post Posted: Mon Sep 18, 2006 5:12 am 
 

This evening I've tweaked the forum software quite a bit under the hood (mostly security additions).  As usual, it's possible that something broke in the process.  If you notice anything out of the ordinary (error messages, the forum software calling you a spammer or a terrorist, or general shinannegans), please let me know.

The only real noticeable feature change is on the top of your screen, "Login Security".  Here, you can see the last ten IP address logins you've made -- an easy way to tell if someone other than you has been accessing your account.  Also, there's an (optional) "IP Range Scanner" which will send you a short message if another IP address logs on to your account.

The incentive for me to add additional security was due to the recent flood of spambots that have been successfully registering on the forum.  While actually not a large number (two to three per week), it's still annoying.  On a positive note, the number of spambots that have failed to register is much greater; about 20 to 30 per week.  It seems that phpBB forums in general have been under seige recently.

Foul

  

User avatar

Long-Winded Collector
Subweb Admin
JG Valuation Board

Posts: 4497
Joined: Nov 08, 2002
Last Visit: Aug 02, 2021
Location: Land of 10,000 ponds

Post Posted: Mon Sep 18, 2006 3:00 pm 
 

THANK YOU!
:D  :D  :D

ShaneG.


I reject your reality and substitute my own

 WWW  


Grandstanding Collector
Acaeum Donor

Posts: 6463
Joined: Dec 13, 2004
Last Visit: Apr 04, 2021

Post Posted: Mon Sep 18, 2006 3:22 pm 
 

Hey Foul,
  I know that you want to keep this as an unmoderated forum and I am all for that , but is there any chance that you might consider giving a least one or two other folks the ability to elimnate the spam threads when you are not around?  I know that you travel for your job and what not and allowing one or two others the ability to at least eliminate these annoying spam threads in your absense might be benficial.  Just a thought. :)


"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -Neitzche

  


Long-Winded Collector
Acaeum Donor

Posts: 3066
Joined: Jul 09, 2004
Last Visit: Apr 30, 2015

Post Posted: Mon Sep 18, 2006 4:13 pm 
 

Foul,

Are the bots actually getting through both the visual verification, the drop down verification and the email verification?   8O

I'm just asking because I'm now running a small phpBB board of my own.  It's private; I might have to force it to use "admin" verification.  Any advice would be appreciated.

 YIM  

User avatar

Grandstanding Collector

Posts: 8219
Joined: Jan 21, 2005
Last Visit: Jun 12, 2017
Location: Wallasey, Merseyside, UK

Post Posted: Mon Sep 18, 2006 4:33 pm 
 

i would be more than happy to help moderate - most folk here know i am cool like that and i am on here often enough - could help tidy things up etc...

Al



  

User avatar

Site Admin

Posts: 2104
Joined: Oct 19, 2002
Last Visit: Aug 02, 2021
Location: Honolulu, HI

Post Posted: Mon Sep 18, 2006 11:21 pm 
 

Nope; for now, the board shall remain unmoderated (or the quasi-moderation that really exists).  I hate moderated forums, and all the ridiculous rules that inevitably crop up on them -- along with the personality conflicts between moderators and users, which ends up causing people to leave.  What's nice about our current situation is that everyone likes me here.

Yes, a few bots were getting through the visual confirmation, the drop-down confirmation, and the e-mail confirmation.  Either that, or the ones getting through were actual humans registering and posting (not much we can do about those).  In the event that some clever bot software has been developed, however, this latest upgrade should stymie their efforts for at least a while.

Foul

  

User avatar

Grandstanding Collector

Posts: 5634
Joined: Jun 30, 2003
Last Visit: Jul 27, 2021
Location: New Hampsha

Post Posted: Mon Sep 18, 2006 11:41 pm 
 

Agreed, if this forum were moderated at all, it would be Game Over.


If you hit a Rowsdower, you get to keep it.

 WWW  


Grandstanding Collector
Acaeum Donor

Posts: 6463
Joined: Dec 13, 2004
Last Visit: Apr 04, 2021

Post Posted: Mon Sep 18, 2006 11:43 pm 
 

Like I said, I wasn't looking for moderation at all, just allowing the ability of some other folks to eliminate the annoying spam threads and nothing else.


"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -Neitzche

  

User avatar

Site Admin

Posts: 2104
Joined: Oct 19, 2002
Last Visit: Aug 02, 2021
Location: Honolulu, HI

Post Posted: Tue Sep 19, 2006 12:55 am 
 

Well, how about a compromise -- if spambots continue to be a bother, I'll strongly consider implementing some human intervention.

Foul

  

User avatar

Prolific Collector
Acaeum Donor

Posts: 529
Joined: Feb 25, 2005
Last Visit: Jun 02, 2021
Location: Lille, France.

Post Posted: Tue Sep 19, 2006 3:24 am 
 

FoulFoot wrote:Yes, a few bots were getting through the visual confirmation, the drop-down confirmation, and the e-mail confirmation.  
Foul


Stop being ironical, I am not a bot. :?
I really get through all those controls by myself, and if my english is not correct, that is because I am french, not a bot!
Sometimes <sometimes> I post something valuable. It might happen one or two times a year.
I am a human being... don't moderate me!

More serioulsy, thanks for all that work Foul!

  

User avatar

Site Admin

Posts: 2104
Joined: Oct 19, 2002
Last Visit: Aug 02, 2021
Location: Honolulu, HI

Post Posted: Sun Oct 08, 2006 12:42 am 
 

A new security upgrade that the spammers (and other nefarious types) are going to REALLY dislike.  A word to the wise -- attempting to reach the forums while masking your IP address (for instance, using a CGI proxy) will not only fail (hopefully), but will also get your account banned.  This should not affect anyone using a normal proxy, such as a corporate LAN.

On a lighter note, there's a new feature that everyone should like, on the Private Messaging screen... a dropdown list for usernames.

Foul

  

User avatar

Sage Collector
Acaeum Donor

Posts: 2459
Joined: Nov 06, 2002
Last Visit: Jul 05, 2021
Location: Queensland, Australia

Post Posted: Sun Oct 08, 2006 6:37 am 
 

hehe, I got baned from my work address since they mask IP addresses.. no problens since now they have blocked access to the site as well.. hehehe.. so just I use dialup...

Brette:)

 WWW  


Prolific Collector

Posts: 636
Joined: Sep 14, 2005
Last Visit: Jan 16, 2009
Location: Montreal, Canada

Post Posted: Mon Oct 09, 2006 2:30 am 
 

I think I may be affected by this update although I'm not sure why.  When I try to access the forums using Firefox, I get a mostly empty page (screenshot) for regardless of which page I try to access (even the logout page).  If I use IE, I can access the forums just fine.  Both browsers are configured to use the same proxy (Squid Proxy, running on my home network).  

If I change the settings on either browser to bypass the proxy, I can't load the forums at all.  It just hangs on the connection.  My home network does masquerade ip addresses, but I doubt that's the problem since its done the same way a corporate lan would be.

 WWW  

User avatar

Site Admin

Posts: 2104
Joined: Oct 19, 2002
Last Visit: Aug 02, 2021
Location: Honolulu, HI

Post Posted: Mon Oct 09, 2006 2:46 am 
 

I checked the filter, and it indicates that you're using some sort of Java applet to mask your IP.  Any ideas?

Foul

  

User avatar

Site Admin

Posts: 2104
Joined: Oct 19, 2002
Last Visit: Aug 02, 2021
Location: Honolulu, HI

Post Posted: Mon Oct 09, 2006 2:56 am 
 

After looking through the logs some more, I've discovered about a half-dozen regular users who have been inadvertently blocked by the new security module.  Ergo, I've disabled most of the module's functionality, until such time as the module author updates it.

Foul

  


Prolific Collector

Posts: 636
Joined: Sep 14, 2005
Last Visit: Jan 16, 2009
Location: Montreal, Canada

Post Posted: Mon Oct 09, 2006 3:19 am 
 

I'm not intentionally using any sort of java applet and I don't seem to be running any firefox extensions.   I tried disabling Java in firefox, but that had no effect.

Are the connections that say I'm using a java applet coming from the same ip (67.71.168.207) as the ones that say I'm not?

I don't have a network sniffer installed so I can't easily check if the requests from the two browsers are the same once they leave squid, but a cursory check of the HTTP headers sent when requesting pages from a my work site shows no significant difference between the two browsers.

I also just installed Opera and it suffers from the same problem as Firefox.  Lynx running on my gateway works fine.

 WWW  

User avatar

Grandstanding Collector

Posts: 8219
Joined: Jan 21, 2005
Last Visit: Jun 12, 2017
Location: Wallasey, Merseyside, UK

Post Posted: Mon Oct 09, 2006 5:06 am 
 

yes it seems i got banned too, but after a 15 min rant at deimos, he kindly contacted scott and it seems the problem is sorted :)

thankyou!

Al



  


Prolific Collector

Posts: 636
Joined: Sep 14, 2005
Last Visit: Jan 16, 2009
Location: Montreal, Canada

Post Posted: Mon Oct 09, 2006 8:21 pm 
 

I'm still experiencing the problem in firefox.  I've discovered that if I block the "phpbb2_mysql_sid" cookie I can browse the forum normally.  If I log in, I have the empty page problem I posted about above, regardless of which cookies I accept.

Its not the end of the world but I much prefer firefox's tabbed browsing to IE's new windows.

 WWW  


Grandstanding Collector

Posts: 5643
Joined: Nov 16, 2002
Last Visit: Jul 29, 2021
Location: Wichita, KS, USA

Post Posted: Mon Oct 09, 2006 9:18 pm 
 

Have you upgraded versions, NetRodent?  I'm running Firefox 1.5.0.7 and can access the forum fine, but I'm also not using any filtering or proxies.


Allan Grohe ([email protected])
Greyhawk, grodog Style

Editor and Project Manager, Black Blade Publishing
https://www.facebook.com/BlackBladePublishing/

 WWW  


Prolific Collector

Posts: 636
Joined: Sep 14, 2005
Last Visit: Jan 16, 2009
Location: Montreal, Canada

Post Posted: Tue Oct 10, 2006 2:57 am 
 

I'm running 1.5.0.7 as well.

 WWW  
Next
Post new topic Reply to topic Page 1 of 21, 2