Topic: [release] pun_antispam

We have started to develop pun_antispam extension. It is based on the rei_captcha extension.

See the pun_antispam specification.

Download pun_antispam.

Feel free to report bugs or suggest improvements.

Re: [release] pun_antispam

it work good
thanks

3 (edited by mbole 2008-10-30 13:14)

Re: [release] pun_antispam

I just installed fresh 1.3RC and this extension.
On registration page, there is a box for entering captcha but there is no picture
Same on post by Guest.
On change password page, there is no captcha at all
(of course I did set it in Administration, Settings, Festures...)

Did I missed something?
I unzipped file in Extensions directoru, and installed it from administration panel.

Re: [release] pun_antispam

It was made for 1.3dev (SVN) version.
Though we've updated markup and this will not work there too ))
Please, wait for 1.3RC2 (today or tommorow). We will update extensions then.

Carpe diem

Re: [release] pun_antispam

Thanks for this, a captcha extension is an unfortunately necessary extension straight off!

Quick request:
- Support ReCaptcha as captcha source option (http://www.recaptcha.net).

It is a smart captcha solution and in wide use, and all entered text goes to helping computers understand printed text better (for things like book scanning).

Re: [release] pun_antispam

Casemon wrote:

Quick request:
- Support ReCaptcha as captcha source option (http://www.recaptcha.net).

Thanks for request.
This may be a good separate extension.
And as I remember there are hooks in pun_antispam to customize the CAPTCHA: you may create an extension depending on pun_antispam and replacing our CAPTCHA with reCAPTCHA.

Carpe diem

Re: [release] pun_antispam

Ahh good to know and I will take a look. If I do manage it, where shall I post the changes?

Re: [release] pun_antispam

Casemon wrote:

Ahh good to know and I will take a look. If I do manage it, where shall I post the changes?

You may just publish the extension.
It may be uploaded to the wiki.

Carpe diem

9

Re: [release] pun_antispam

Just installed 1.3 final (clear install).
Installed antispam (via PunBB Repository ext).

Same problem as before few weeks:
On registration page, there is a box for entering captcha but there is no picture
Same on post by Guest.
On change password page, there is no captcha at all
(of course I did set it in Administration, Settings, Festures...)

Verison of antispam system installed:1.2

Re: [release] pun_antispam

mbole wrote:

On registration page, there is a box for entering captcha but there is no picture
Same on post by Guest.

Maybe you have turned off pictures in your browser? And what browser do you use? Captcha picture in my Opera and IE7 looks fine smile

I have added an "alt" to all captcha images, you can try this new version (http://punbb.informer.com/trac/browser/ … ons/trunk, "Download in other formats: Zip Archive" link). If this really solves the problem, we will update extension in repository.

mbole wrote:

On change password page, there is no captcha at all

And there should be no captcha smile
We have decided so because a user can change his password only if he or she has logged in. But if the user is logged in he or she isn't a bot.

Captcha is displayed if somebody try to restore the password forgotten.

11

Re: [release] pun_antispam

mbole wrote:

Just installed 1.3 final (clear install).
Installed antispam (via PunBB Repository ext).

Same problem as before few weeks:
On registration page, there is a box for entering captcha but there is no picture
Same on post by Guest.
On change password page, there is no captcha at all
(of course I did set it in Administration, Settings, Festures...)

Verison of antispam system installed:1.2

This extension requires your PHP to have the GD image manipulation library installed. Maybe that's missing with your installation of PHP. What does your PHPinfo say on this matter? (Under Administration > Environment > Show Info, usually).

Re: [release] pun_antispam

sirena wrote:

This extension requires your PHP to have the GD image manipulation library installed. Maybe that's missing with your installation of PHP.

This extension will not be installed if there is no GD library (see the code). Thanks to Reines smile

13

Re: [release] pun_antispam

Maybe you have turned off pictures in your browser? And what browser do you use?

I just figured that if I manually download pun_antispam.zip form repository (or trunk doesn't matter), extract and install, it work fine.
If I install it via the pun_repository extension it doesn't work.

I compared all files in extensions\pun_antispam between manual and repository extension installation and all files are same.

Bingo ! smile
If permissions for pun_antispam folder are set to 755 it work
If permissions are 777 it don't work

Repository extension set permissions to 777

14 (edited by Parpalak 2008-11-12 13:59)

Re: [release] pun_antispam

mbole wrote:

Bingo ! smile
If permissions for pun_antispam folder are set to 755 it work
If permissions are 777 it don't work

Repository extension set permissions to 777

Well, great work! smile

Let's find the exact cause of this. I can't reproduce this bug on my server. Please, help me.

I think pun_antispam doesn't work on your server because of 'image.php' permissions. pun_repository gives this file 655 permissions, but maybe it should give 755.

I ask you to make the following steps to verify my hypothesis:

1. Uninstall pun_antispam.
2. Remove pun_antispam from the extensions folder.
3. Install pun_antispam via pun_repository. Make sure the error is present.
4. Set the permissions for 'image.php' file to 755. Does the error have disappeared?

You can directly open the captcha image in your browser (<forum URL>/extensions/pun_antispam/image.php) instead of opening a form with captcha.

15 (edited by mbole 2008-11-12 12:35)

Re: [release] pun_antispam

Pun repository gives permissions 644 to image.php on my server (and all other files in entire forum folder tree, including all files in extensions folder, have 644 permissions).
All folders in extensions folder (entire tree) have 777 permissions if installed via repository. If installed manually folders have 755 permissions and files have 644.

I just did what you wrote in your previous post, but no luck.
I tried every possible combination of permissions on image.php. Nothing.

so there are combinations that work:
pun_antispam folder: 755
image.php: 655, 755, 644, 744, 455, 444

don't work
pun_antispam folder: 777
image.php: any

don't work
pun_antispam folder: 755
image.php: x6x, xx6, x7x, xx7

If you need any other info just ask. This is test instalation so we can play with it. I testing 1.3 becouse I considering to move one exixting 1.2.15 forum to 1.3 (and also change provider to new one, so I put test instalation on new server).

Re: [release] pun_antispam

Maybe the reason is the file owner?

The owner of files and directories created by pun_repository is web-server user. And if you upload files manually, theirs owner could be your user.

The next iteration is:

1. Uninstall pun_antispam.
2. Remove pun_antispam from the extensions folder.
3. Install pun_antispam via pun_repository. Make sure the error is present.
4. Set the permissions for 'pun_antispam' folder to 755. As you wrote above, the error should disappear. Is it really so? If it isn't, the cause is files owner (not permissions).

17

Re: [release] pun_antispam

1. Uninstall pun_antispam.
2. Remove pun_antispam from the extensions folder.
3. Install pun_antispam via pun_repository. Make sure the error is present.
4. Set the permissions for 'pun_antispam' folder to 755. As you wrote above, the error should disappear. Is it really so? If it isn't, the cause is files owner (not permissions).

I did it exactly the same way before.
Any way just for check I did it again.
After step 3. there is error when i open image.php (and there is no picture in forum but without any error):

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@xxx.xxx and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

After I changed permissions on pun_antispam to 755 everything work fine.

18 (edited by niceboy 2008-11-12 14:29)

Re: [release] pun_antispam

did exactly what you said. but still, no captcha image.

i think i've to upload it my self as someone suggested above.

Update : Sorry, it works perfectly when i changed permissions to 755.

thanks.

nb.

Re: [release] pun_antispam

Anyway, seems that it's pun_repository's problem.
Anatoly and I will continue to work with PunBB next week (because of circumstances). Then we'll fix it (if somebody doesn't fix it before smile).

20

Re: [release] pun_antispam

I also have had this issue, fixed by following the items mentioned above.
-
Further I have also installed

  • BBC Code

  • Private message

They both have 0777 permissions.

Re: [release] pun_antispam

bach wrote:

I also have had this issue, fixed by following the items mentioned above.
-
Further I have also installed

  • BBC Code

  • Private message

They both have 0777 permissions.

Do you have problems with these extensions? Or they are functioning fine?

pun_repository intentionally sets permissions to 777. This enables users to delete downloaded files manually (for example, via FTP).

22

Re: [release] pun_antispam

parpalak wrote:
bach wrote:

I also have had this issue, fixed by following the items mentioned above.
-
Further I have also installed

  • BBC Code

  • Private message

They both have 0777 permissions.

Do you have problems with these extensions? Or they are functioning fine?

pun_repository intentionally sets permissions to 777. This enables users to delete downloaded files manually (for example, via FTP).

seems to work fine, wasn't sure if it was appropriate at the time so I thought I would mention it.

23 (edited by mbole 2008-11-13 22:24)

Re: [release] pun_antispam

BTW
I'm little confused here.
If I understand it well, 777 mean that everyone have full permissions on file.
On the other hand 755 mean that Group (what ever this is) and World (as I understand it was literally anyone), do not have write permissions on folder/file.
Why more permissions make the problem?

pun_repository intentionally sets permissions to 777. This enables users to delete downloaded files manually (for example, via FTP)

Giving 777 permissions so user can manually delete files look little bit strange to me.
I can't figure situation where I will give ftp (or any other kind of direct access) to any user (owner of site of course have access via cpanel, FTP or some other way depending on provider).

24

Re: [release] pun_antispam

mbole wrote:

BTW
I'm little confused here.
If I understand it well, 777 mean that everyone have full permissions on file.
On the other hand 755 mean that Group (what ever this is) and World (as I understand it was literally anyone), do not have write permissions on folder/file.
Why more permissions make the problem?

pun_repository intentionally sets permissions to 777. This enables users to delete downloaded files manually (for example, via FTP)

Giving 777 permissions so user can manually delete files look little bit strange to me.
I can't figure situation where I will give ftp (or any other kind of direct access) to any user (owner of site of course have access via cpanel, FTP or some other way depending on provider).

me too. Won't this become security issue?

Re: [release] pun_antispam

mbole wrote:

Giving 777 permissions so user can manually delete files look little bit strange to me.
I can't figure situation where I will give ftp (or any other kind of direct access) to any user (owner of site of course have access via cpanel, FTP or some other way depending on provider).

When pun_repository downloads and writes file to the /extensions/, the real owner of this file is not your FTP user, but the user of web-server. So, if it keeps the default 755, you will be able to read the files (via FTP), but not edit/remove. Changing owner to your FTP-user is usually forbidden to the web-server user.

ganes wrote:

me too. Won't this become security issue?

It is security issue at incorrectly configures shared hosting services. Though it doesn't make your forum less secure (compared to one without pun_repository), as other users/scripts also may write to your forum's cache dir (and execute their code that way). If hosting provider did allow other users to see files of each other.

Carpe diem