1

(4 replies, posted in PunBB 1.2 show off)

Smartys wrote:

That's actually not true, if you set $_GET properly it can. However, yes, we have planned to add some more useful internal syndication features (at least as an official extension, if not as part of the core).

Oups, I didn't see it in the documentation (nor in the forum, but a Search is not always easy when one doesn't know exactly what text pattern to search - especially in non-native language).
Don't you think it should be included in the developer information page? (http://punbb.org/docs/dev.html#syndication)

Jérémie wrote:

That's easy. 1+1=3, for very very large values of one.

And sometimes 1+1 = 1
(refer JCVD video : http://www.dailymotion.com/bookmarks/go … imples_fun).
Sorry for non-frenchies, I did not found English translation...

3

(4 replies, posted in PunBB 1.2 show off)

Punbb integration of the forum in my site.
        http://forums.bdfi.net/
CSS is very slightly modified (only colors and borders are changed. All available styles are similar: green lines can be blue or red).

Not very sexy sad
I'll try to do more adaptations after 1.3 delivery...

And last messages are integrated in main page http://www.bdfi.net/
(this was not so easy: extern.php cannot be included directly and had to be modified. Will this point change in 1.3?)

Ti_BoSs wrote:

Hi all,
I'm benjamin, a french boy who use punbb for my community.
I create style for punbb and i take support for these.
I want have your opinion of my style.
http://forums.creapun.com : my support community ( french )
http://punbb.creapun.com : forum style previewer of my style ( the style when you arrive on the forum have be create by FSX wink
Sorry for my english, i don't speak very well.

Joli !
Some misquotes on forums.creapun.com:
... nous concerant -> nous concernant
... qui leur conviens -> convient
biai -> biais (2 fois)
ainsi q'a -> qu'a

And an idea: the "Preview" button to test a style is good, but better should be to display a little size image on the right as soon as one select a style in the list (to avoid unnecessary roundtrips...).

Is it possible to delete the "last zapped reports" (admin / reports) ?
Thanks,

It seems that my English is not good enough sad

I tried to list all possible solutions to fight forum spam in two cases:
- guest spam (if non registered users can post)
- bot registering

Too bad, no reactions. Il would like to see somewhere a full list of all ideas, even stupid (I can have a lot big_smile), with the reason hy they are; when stupid ideas are written, they don't come back, or they will come improved.

7

(71 replies, posted in News)

gil wrote:
gil wrote:

About documentation, the http://punbb.org/docs/install.html is not up to date :
There are several "1.2.12" in place of "1.2.14" (and a "12_to_1212_update.php" of course).
Sorry to only discover serious problems smile

(note; the install.html file in 1.2.14 zip package is OK)

Sorry, I was not present for the 1.2.15 version smile

I think my message was a little bit unclear smile :
  http://punbb.org/docs/install.html is not up to date (several 1.2.14 in place of 1.2.16)!

orlandu63 wrote:
gil wrote:

What I would say is not to search exactly the "[url]" pattern, but all the post using an image. Not possible indeed?

Possible.

How?

gil wrote:

Or the name of an image: with or without "*", it seems it doesn't work. Why?

Huh?

What I wanted to say: an image neo88.jpg is used in an [img] tag. I cannot find pattern "neo88.jpg" nor "*neo88*"...

orlandu63 wrote:
gil wrote:

And does somebody know if it will be possible with the 1.3 version?

The [ img] BBCode tag references the <img> HTML tag.

Yes, I know.

Because all search input is escaped, you won't even be able to search for "<img>."
So, in short, no.

What I would say is not to search exactly the "[img]" pattern, but all the post using an image. Not possible indeed?

Or the name of an image: with or without "*", it seems it doesn't work. Why?

gil wrote:

Is it possible to use punbb search function to find all [img] used in post?

Smartys wrote:

1. I don't think so

too bad

And does somebody know if it will be possible with the 1.3 version?

11

(71 replies, posted in News)

gil wrote:

About documentation, the http://punbb.org/docs/install.html is not up to date :
There are several "1.2.12" in place of "1.2.14" (and a "12_to_1212_update.php" of course).
Sorry to only discover serious problems smile

(note; the install.html file in 1.2.14 zip package is OK)

Sorry, I was not present for the 1.2.15 version smile

12

(125 replies, posted in News)

Smartys wrote:

That's still the wrong timeframe: as Rickard said, it was early in the summer wink

Before 02 July it seams.

matt1298 wrote:

My defininion of danger in this case is losing the forum, someone hacking into it and taking the admin account. i cant see any danger of spam bots, yeah they are annoying, and as they post links, you can just disable links in posts and if you are under attack from spam bots (in my case) my admins and mods would see this due to there activity and deleate it.

I think that the admin of this DH site should not agree with you... I'm sorry, but spam can be a true plague.

Paul wrote:

This is getting a bit off topic. To clarify; I changed the description because most people seeing a topic entitled "Majour security issue" would assume it was some kind of exploit being reported and not a topic about spam prevention.

I agree with that. It was just your definition of security that seems not compliant to me smile

matt1298 wrote:

Security is the condition of being protected against danger or loss

You are not in ANY danger when a spambot posts on your forum.
The only thing you can lose is possible forum members,

What is your definition of the word 'danger'? hmm Sorry, bad definition.

But There are mods you can install (lots) that will help remove the spam bots.

It is another subject!

Paul wrote:

I've edited the topic description because spam is not really a security issue, its a nuisance but it won't result in you being hacked.

I cannot agree with that definition: security is not only avoiding hacking, no.
Trying to avoid porn spams with photos is trying to increase security level, at least for our children.
wikipedia, wiktionnary

16

(89 replies, posted in PunBB 1.2 discussion)

A french (and abandonned, I suppose - maybe desperate administrators...) "Desperate Housewives" forum. One forum, among the others:
http://www.desperate-housewives-fr.be/f … 95437528bd

17

(89 replies, posted in PunBB 1.2 discussion)

MattF wrote:

I have to ask. What is the fuss about modding and personalising a software installation. For goodness sakes, with most *nix admins it's second nature. A pre-compiled with everything version of a programme is practically a living hell. Starting with minimal solutions and adapting has always been the best and most secure policy.

Modding and personalising a software is a good thing. But a mandatory function should not be modding. Avatar, for example, is not mandatory, and could be an extension. It is offered with the software, why not, but it was not an obligation. When a software *cannot* be used without an extension in the target context (just real world...), this package is not complete.

18

(89 replies, posted in PunBB 1.2 discussion)

Smartys wrote:
gil wrote:

It is our difference smile You say "mod"; I think that a real protection to spam *must* be included in the software, as not all users are able to find/do the needed modifications. For a lot of people, even the word (source) "code" is not understandable. Ok, in 1.3 version, open a source file will not be mandatory, it will be easier, but first the current version is 1.2, then even in 1.3 it will be mandatory to search, read, and understand in english forum (here or punres). Do you think that to have a good protection, one must be able to understand english and to edit/modify a source file? It will excludes a large part of the world, and it would be too bad.
Nevertheless, thank you for your responses. And I do not desesperate smile

With extensions in 1.3, nobody should need to edit code.

It's what I said, it will be easier, when you what you're searching for. But 1.3 is not the current version.

now,  You download the extension, upload it to your forum, hit Install, and you're done. And people need to know English to find/download/install PunBB right now: if they know enough to do that, they'll know enough to find extensions they might need.

I don't think so. English is not mandatory to find it, as it is provided in a lot of web site in several (at least) countries, like for example "bank" of freeware, Internet provider... or a not-official punbb site.  To install it, if there is no text with the download link, it is not very difficult to read the small help file.

19

(89 replies, posted in PunBB 1.2 discussion)

Smartys wrote:
MattF wrote:

If you modded your installation to use that method, it probably would kill your spam off either completely or to a negligible level. However, was not the point of this thread with regards to including standard spam prevention techniques within PunBB? If, for example, that mod was incorporated within 1.3 when it finally leaves R.C status, the thing would be cracked within a week. It is then not a deviant technology, but a core mainstream one. The fiscal benefit for the bot scripters would mean that it was viable to concentrate on it once that occured.

I wouldn't say cracked, since unless there's a flaw bots shouldn't be able to automatically crack something like the VIP code mod or a question mod. They would need a human to find the code/answer in the first place and THEN they can spam all they want (until it's changed, rinse and repeat).

I agree, but to attack all the forums in the world, searching the answer in each annoucement area or in rules text or elsewhere, or searching an encyclopedia/logical/thematic answer... in all languages? Don't you think spammer need an international army?

With the VIP Code, I hadn't looked at any demos of its implementation. My thought was that if people are simply posting a number/word on register.php, the bots can parse the HTML and get it from there. However, obviously that's not the case there. wink
So, lets assume automated grabbing of the code is not the issue. Spammers will still use humans to register for them. And the small and medium forums will not be protected: in large forums you're more likely to have an active moderator team that will delete your spam in minutes. The small/medium forums, where the spam lingers for days, are where spammers want to target.
That doesn't mean that the idea is worthless: far from it, I think it would make a wonderful extension. However, I personally think it puts too much of a burden on the admin. Plus, as I've said before, with fighting spam what works for one forum might not necessarily be right for another. A more modular approach helps make that a non-issue.

It is our difference smile You say "mod"; I think that a real protection to spam *must* be included in the software, as not all users are able to find/do the needed modifications. For a lot of people, even the word (source) "code" is not understandable. Ok, in 1.3 version, open a source file will not be mandatory, it will be easier, but first the current version is 1.2, then even in 1.3 it will be mandatory to search, read, and understand in english forum (here or punres). Do you think that to have a good protection, one must be able to understand english and to edit/modify a source file? It will excludes a large part of the world, and it would be too bad.
Nevertheless, thank you for your responses. And I do not desesperate smile

20

(89 replies, posted in PunBB 1.2 discussion)

Smartys wrote:
sirena wrote:

Just FYI.

There is apparently a very effective yet simple mod that is available for phpBB discussed here:

http://www.phpbb.com/community/viewtopic.php?t=435702

It works by allowing the admin to specify a 'VIP code' or pass-phrase, essentially, that users need to enter when they register. The variability of this across phpBB boards makes it effective against scripted bots.

Judging from the feedback in the thread above, it seems to work well. Some forum admins even report being able to turn off their CAPTCHAs.

It's similar to some of the approaches already discussed here.

It's like the question method people have been discussing. smile
However, once enough people start using a tool to fight spammers, the spammers try to adapt. If there's a way to detect what the word is, for example, they'll do it.

Of course, but How? If it is not hard-coded, if it is different in each forum, and if it can be changed by the admin when he want to do? Only human action can help spambot, scripting isn't sufficient it seems.  If a large forum is a specific target for some spammer, of course a human help will be used. But all the small or medium forums (99%) will be protected!
I totally agree with Sirena and it "cost-effective" contribution...

21

(89 replies, posted in PunBB 1.2 discussion)

yemgi wrote:
gil wrote:
yemgi wrote:

If you allow guest posting or do not enable rules and and email registration then you will not be able to avoid SPAM. Whichever forum software you use this is a basic way to limit SPAM.
It is more a management/policy issue than a software one.

If you're true, so these options (enabling guest posting or using no rules) can be deleted from punbb, as there are not usable... No ?

I'm sorry, but nowadays I think it's not only a management/policy issue, it's a software one... Not really a bug, but a missing capacity.

Why should they be deleted ? Some people wants and use them.

Flooded by porn picture spam? It's not what one can say "usable"... Not my opinion, at least.

What I said is if you set your forums this way, there is no way to stop SPAM whichever forum software you use.

I don't think so. I think that the "anti-captcha" should be personalised by the admin, and should not be a hard-coded question for example. Like a question and answer defined by the admin for example, but one can find another solution, I don't know.

22

(89 replies, posted in PunBB 1.2 discussion)

Smartys wrote:

Spammers already pay people to manually register accounts for them wink

Humm. 10 thousands forums in the world? When each admin can change the question as often as he want?

Plus, this makes for a great deal more work for the administrator

I don't think so. It's not a difficult job. More easy as to find a good extension when computer or internet is not your job and you want to find a good and easy forum for your site...

23

(89 replies, posted in PunBB 1.2 discussion)

For my point of view, it's not a bug (a bug is a no-conformity in a provided and specified function). It's rather a lacking function or option... but it's only exploiting the words. Doesn't matter.

But I cannot use punbb in an "open" configuration (guest allowed, or no e-mail procedure),  so I think there is a fundamental problem. If a function is provided, we should be able to use it without extension.
If a spambot can fight a forum software, it can not fight all the administrator in the world. So why not an option with two text fields, a "question" and an "answer", both defined (as often as wished) by the admin? And each guest message or inscription, the "question" is displayed, and the answer is checked (whithout spaces, no capital letters). Like a standard anti-captcha, but here, a spambot cannot spam all the forum in the world, each forum must be first manually attacked.


PS: No mistake: I like punbb, i donated someting for it, and i will donate again when 1.3 will be here. My contribution (like others I think) are not criticisms. I just want to see a better punbb!

24

(89 replies, posted in PunBB 1.2 discussion)

calande wrote:
gil wrote:

no images and links for guest message or for the N first messages of a registered user

This is not a solution. To fight spam, you have to think out of the box.

- If you can't post images or links for guests, as a spammer you put your URL in your profile.
- If you are a registered spammer and can't post images and links before 10 messages, then you send then canned messages such as those that we get everyday that say something very generic ("Hi, nice web site, just wanted to say hello"). And when your bot has sent 10 automatic messages, start sending your spam.

I didn't say that *this* is the solution. It can be completed for example with a "trial period" then an admin validation.

I think that we (or the punbb team) should list all the existing (or not yet existing) tools and ideas to avoid or fight spam, then that some simple options should be added by default in punbb.

25

(89 replies, posted in PunBB 1.2 discussion)

yemgi wrote:

If you allow guest posting or do not enable rules and and email registration then you will not be able to avoid SPAM. Whichever forum software you use this is a basic way to limit SPAM.
It is more a management/policy issue than a software one.

If you're true, so these options (enabling guest posting or using no rules) can be deleted from punbb, as there are not usable... No ?

I'm sorry, but nowadays I think it's not only a management/policy issue, it's a software one... Not really a bug, but a missing capacity.