Search options (Page 17 of 19)

Try using the CIDR netmask 85.210.0.0/18.

That should block all addresses in the range 85.210.0.1 - 85.210.63.255, which corresponds to the relevant section of the Pipex ADSL Dynamic IP address pool. That's about 16382 IP addresses...

You can add this either in PunBB [I think the IP blocklist in the Admin area supports CIDR netmasks?], or make the block happen via your .htaccess file:

deny from 85.210.0.0/18

I found it at:

http://www.punres.org/files.php?pid=317

I have a simple suggestion to defeat the bots, based around this concept of making each forum's user registration process in some way unique.

Rickard could code the Members section of the PunBB administrators area to allow Admins to add 1 (or more) custom form field(s) to the user registration page. This custom form field would allow (or require) each site to specify an additional unique registration variable for all forum signups, to supplement username, password and email verification.

The options available in this form could be anything the forum administrator likes. The format of it should also be variable, so that the admin can make it a drop down form, or radio-buttons, or a blank text input form box. Ideally, the php code or form ID for the subsequent form should also make its name unique, based on the form name or a randomly generated value.

Eg on one punBB forum it could be a drop-down form that asks the user at signup time to confirm: 'What's your favourite colour?', and gives them a selection of 'Red/ Green/ Yellow/ Blue'. Another punBB forum might have a drop down form that asks: 'Who is the President of the United States?', and gives them the option of specifying 'George Bush/ Dick Cheney/ Arnold Schwartzenegger'.

Etc, ad infinitum.

If every punBB forum that required signups had a unique question/response requirement like so, bots may have a harder time reaching into multiple punBB sites.

Is this concept valid?

What I am trying to express is some (built in) way of essentially randomising the punBB login sequence, so that each punBB board has in some way a unique login process.

Actually, a neater solution to this (now that I think about it) could be as simple as having the punBB installer assign a random prefix to either the login.php file or the register.php file, which is unique to each punBB install, so that for example on one site login.php becomes '123login.php', whereas on another site it is '99bblogin.php'.

That alone would screw the bots up.

FWIW, as a pun user, in my experience Rickard is pretty on the ball, in terms of being aware of security issues and fixing them promptly if they indeed are real vulns.

He's also quite receptive to being told about potential security issues, even though it may sometimes be a drag investigating some of the more obscure or poorly described ones.

And so far, the security track record of punBB re publicly known vulns, is pretty good, better probably than many of the larger forums.

Of course much of this may also be due to the lower profile of punBB, and consequently the lower number of hackers exposed to it and inclined to try and break it, rather than any guarantee about the security of its code.

So prudent installation, configuration and management of your punBB forum will still be required.

I agree on both counts. A 5% anti-spam improvement here, a 5% improvement there on an incremental basis is still very worthwhile in the anti-spam arms-race we are all hostage to nowadays, alas.

And yep, I think we need to assume that no matter what we do at the front-end of a forum, somehow a certain percentage of spammers will get their crap through onto even the best run punBB forum, and so we will increasingly need more efficient tools for hoovering spam posts out of a punBB forums.

Report any 'warez' you find on the Internet to the global, centralized Internet Authority that has power over every network on the Internet and every website.

And yes, of course the developer of punBB is personally responsibile for everything anyone does with the punBB forum, including all the content provided in any punBB forum world-wide, so immediately contact Rickard the developer and he will, I am sure, intervene to fix the problem asap on your say-so. Just tell him what you want done and he will do it.

And, sure, ping is a great tool to find out everything you need to know about a website, including domain name ownership and hosting arrangements. Just fire it up from within a command prompt and it will tell you everything you need to file a report of the problem to the Internet Authority.

Jeeze, sometimes I think people should be required to pass a 'Internet 101' course before they are allowed access to the Internet and, for example, to post to forums such as this.

Hmmm. I think it's time I upgraded my computer...

Aside from the option in PunBB Administration > Options to turn user info off (Show information about the poster under the username in topic view. The information affected is location, register date, post count and the contact links (e-mail and URL).

I would suggest just commenting out the fields you dont want displayed in the PHP file(s) used in the topic reading view?

Viewtopic.php (starting from about line 221) and profile.php are perhaps the files you might want to look into.

Once commented out in the PHP, those variables may still be processed and stored by PunBB, but the results wont be displayed to the user.

Oh, of course remember to backup any PHP files you modify before you make any changes to them.

Why should anyone bother to help?

Neither the tone of your post or your forum itself make the prospect of lending you a hand an inviting one.

Very nice. Loads fast, easy to read, nice clean layout, good colour family.

My only gripe would be that it is fixed width.

But I like what you did with

<div class="normal-header">
Designer's Table <span>Have a seat and discuss design, function, & web standards.</span>
</div>

I hadn't thought of doing it that way, to allow the bit in the span code to be the sub-title.

I guess such long category names may make the DB code a bit more complicated though, since those long names will find themselves in MySQL code behind the scenes I guess (??).

But well done. Your site illustrates very well the flexibility of the PunBB CSS + templating system.

where did it go? I get a blank page.

I still see a '24' favicon though, so that's something I guess.