Moved to Troubleshooting and closed
You'll need to talk to Connorhd, since he runs MyPunBB. We can't help you with issues with that setup.
3,076 2007-05-23 15:02
Re: Many bugs... help~~~ (1 replies, posted in PunBB 1.2 troubleshooting)
3,077 2007-05-23 09:49
Re: Will not work unless I turn off my Zone Alarm Security (21 replies, posted in PunBB 1.2 troubleshooting)
Ports aren't the issue here
3,078 2007-05-23 02:02
Re: Topic header in "last post" column.. how do I get that? (17 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Assuming the first query is unbuffered to begin with, you just remove the second parameter of the call to $db->query
3,079 2007-05-23 01:09
Re: pagination (16 replies, posted in PunBB 1.2 modifications, plugins and integrations)
towelie wrote:
oops I meant to say limit heh..
Are you sure it wouldnt be LIMIT x, #
or will it make a difference
Yes, I'm sure. When you have two numbers, the first specifies the record to start at (0 being the first) and the second specifies the number of records to return
towelie wrote:
also I would need to assign a variable to your little $_GET(...) global there wouldnt I?
Can I see an example of how you would write this query?
LIMIT 15,X WHERE X = $X
$X = $_GET( blah blah )? ? ?
confused
Again, you have the limit backwards, and I gave you the formula for calculating the index to use based on the page number. I would recommend assigning the input page number into a variable so you can check it (eg: it's a number, it's > 0, it's not too big, etc)
3,080 2007-05-23 01:06
Re: Will not work unless I turn off my Zone Alarm Security (21 replies, posted in PunBB 1.2 troubleshooting)
3,081 2007-05-23 00:38
Re: Array after Forum Description (5 replies, posted in PunBB 1.2 troubleshooting)
towelie wrote:
Thats prolly the best idea; there may be an exploit where you can use some code in the description, if it allows it, and stop it from echoing anything after what you type.
Err, exploit isn't the right word, and using HTML to hide it isn't the right solution 
3,082 2007-05-23 00:35
Re: Array after Forum Description (5 replies, posted in PunBB 1.2 troubleshooting)
Sounds like you edited index.php and messed with the moderator display 
I'd suggest uploading a clean copy of index.php
3,083 2007-05-23 00:04
Re: pagination (16 replies, posted in PunBB 1.2 modifications, plugins and integrations)
LIMIT #, x
where x is the number of entries per page and # is the entry to start at, either calculated from a page number (so ($_GET['page'] - 1) * 50) or just in terms of the starting entry #
3,084 2007-05-22 23:56
Re: pagination (16 replies, posted in PunBB 1.2 modifications, plugins and integrations)
He means here:
http://thpsvids.com/
and here
http://thpsvids.com/users/
3,085 2007-05-22 15:19
Re: Will not work unless I turn off my Zone Alarm Security (21 replies, posted in PunBB 1.2 troubleshooting)
That's because only admins/moderators are subject to that security check. However, like I said, you do not need to disable all of Zonealarm to fix this: you simply need to enable sending your referrer
3,086 2007-05-22 10:46
Re: How do I set permissions on a specific user ? (4 replies, posted in PunBB 1.2 troubleshooting)
Give those specific users their own usergroup 
3,087 2007-05-22 10:26
Re: Will not work unless I turn off my Zone Alarm Security (21 replies, posted in PunBB 1.2 troubleshooting)
Dr.Jeckyl wrote:
rondy wrote:I have installed PunnBB at http://homehouseinspections.com/ I notice that I have turn off my "Zone alarm Security Suite" to post a message.
How do I get my PunnBB to work so users do not have turn off there security fire wall to post a message on my Forums.i would check YOUR firewall settings to make sure they aren't set too high.
Indeed, that's the issue I believe (assuming you're getting Bad HTTP Referer messages). That's a paranoid "privacy" setting you need to disable in Zonealarm
3,088 2007-05-22 10:24
Re: encoded extern.php (6 replies, posted in PunBB 1.2 troubleshooting)
Well, basically, something like
$charset = isset($_GET['charset']) ? $_GET['charset'] : $lang_common['lang_encoding'];Then change the charset used to be $charset
3,089 2007-05-22 00:26
Re: An awesome update to cash mod- check it out! (5 replies, posted in PunBB 1.2 modifications, plugins and integrations)
There is a lottery I believe
3,090 2007-05-21 23:33
Re: . (2 replies, posted in PunBB 1.2 modifications, plugins and integrations)
And moved
3,091 2007-05-21 16:24
Re: encoded extern.php (6 replies, posted in PunBB 1.2 troubleshooting)
Alter the coding for extern.php to accept an overriding charset in the URL
3,092 2007-05-21 13:28
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
gil wrote:
Smartys wrote:MattF wrote:If you modded your installation to use that method, it probably would kill your spam off either completely or to a negligible level. However, was not the point of this thread with regards to including standard spam prevention techniques within PunBB? If, for example, that mod was incorporated within 1.3 when it finally leaves R.C status, the thing would be cracked within a week. It is then not a deviant technology, but a core mainstream one. The fiscal benefit for the bot scripters would mean that it was viable to concentrate on it once that occured.
I wouldn't say cracked, since unless there's a flaw bots shouldn't be able to automatically crack something like the VIP code mod or a question mod. They would need a human to find the code/answer in the first place and THEN they can spam all they want (until it's changed, rinse and repeat).
I agree, but to attack all the forums in the world, searching the answer in each annoucement area or in rules text or elsewhere, or searching an encyclopedia/logical/thematic answer... in all languages? Don't you think spammer need an international army?
If their goal is to spam everyone at once, yes. However, they only want to spam a finite number of forums at a given time. Which means they can pay people to search through and find it. But like I said, it's still a good mod
gil wrote:
With the VIP Code, I hadn't looked at any demos of its implementation. My thought was that if people are simply posting a number/word on register.php, the bots can parse the HTML and get it from there. However, obviously that's not the case there.
So, lets assume automated grabbing of the code is not the issue. Spammers will still use humans to register for them. And the small and medium forums will not be protected: in large forums you're more likely to have an active moderator team that will delete your spam in minutes. The small/medium forums, where the spam lingers for days, are where spammers want to target.
That doesn't mean that the idea is worthless: far from it, I think it would make a wonderful extension. However, I personally think it puts too much of a burden on the admin. Plus, as I've said before, with fighting spam what works for one forum might not necessarily be right for another. A more modular approach helps make that a non-issue.It is our difference
Nevertheless, thank you for your responses. And I do not desesperate
With extensions in 1.3, nobody should need to edit code. You download the extension, upload it to your forum, hit Install, and you're done. And people need to know English to find/download/install PunBB right now: if they know enough to do that, they'll know enough to find extensions they might need.
3,093 2007-05-21 10:47
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
MattF wrote:
If you modded your installation to use that method, it probably would kill your spam off either completely or to a negligible level. However, was not the point of this thread with regards to including standard spam prevention techniques within PunBB? If, for example, that mod was incorporated within 1.3 when it finally leaves R.C status, the thing would be cracked within a week. It is then not a deviant technology, but a core mainstream one. The fiscal benefit for the bot scripters would mean that it was viable to concentrate on it once that occured.
I wouldn't say cracked, since unless there's a flaw bots shouldn't be able to automatically crack something like the VIP code mod or a question mod. They would need a human to find the code/answer in the first place and THEN they can spam all they want (until it's changed, rinse and repeat).
MadHatter wrote:
you're right...
there's no better way than whats been implemented.
nothing else anyone can do outside of whats been done.
if you want your official punbb forum, you just have to deal with the spam.glad I finally figured that out. I'm a bit slow so you'll have to forgive me (us) for thinking all this massive spam is a problem.
please continue (not) developing the next version.
Well thanks for your sarcasm MadHatter, it makes me happy that I took the time to respond to your post
Nobody has said spam is not an issue. Nobody has said we can't do more. However, we can't add an anti-spam feature to PunBB without considering how it will be affected by going from "small userbase" to "all of PunBB's users."
gil wrote:
Smartys wrote:sirena wrote:Just FYI.
There is apparently a very effective yet simple mod that is available for phpBB discussed here:
http://www.phpbb.com/community/viewtopic.php?t=435702
It works by allowing the admin to specify a 'VIP code' or pass-phrase, essentially, that users need to enter when they register. The variability of this across phpBB boards makes it effective against scripted bots.
Judging from the feedback in the thread above, it seems to work well. Some forum admins even report being able to turn off their CAPTCHAs.
It's similar to some of the approaches already discussed here.
It's like the question method people have been discussing.
However, once enough people start using a tool to fight spammers, the spammers try to adapt. If there's a way to detect what the word is, for example, they'll do it.Of course, but How? If it is not hard-coded, if it is different in each forum, and if it can be changed by the admin when he want to do? Only human action can help spambot, scripting isn't sufficient it seems. If a large forum is a specific target for some spammer, of course a human help will be used. But all the small or medium forums (99%) will be protected!
I totally agree with Sirena and it "cost-effective" contribution...
With the VIP Code, I hadn't looked at any demos of its implementation. My thought was that if people are simply posting a number/word on register.php, the bots can parse the HTML and get it from there. However, obviously that's not the case there.
So, lets assume automated grabbing of the code is not the issue. Spammers will still use humans to register for them. And the small and medium forums will not be protected: in large forums you're more likely to have an active moderator team that will delete your spam in minutes. The small/medium forums, where the spam lingers for days, are where spammers want to target.
That doesn't mean that the idea is worthless: far from it, I think it would make a wonderful extension. However, I personally think it puts too much of a burden on the admin. Plus, as I've said before, with fighting spam what works for one forum might not necessarily be right for another. A more modular approach helps make that a non-issue.
3,094 2007-05-21 01:36
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
MadHatter wrote:
this is the only thing that I'd have to reproduce on my side if I wanted to sign up with an invalid email.
// // Generate a random password of length $len // function random_pass($len) { $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $password = ''; for ($i = 0; $i < $len; ++$i) $password .= substr($chars, (mt_rand() % strlen($chars)), 1); return $password; }
Indeed: now, tell me how you plan on generating the password you were assigned from that? The whole point of it is that it's generated randomly
MadHatter wrote:
when I delete these accounts I research the domains that the emails use, and 100% of them do not exist. yea they could sign up with one email, sign in, and change it, then post spam, but that type of critical thinking might lead to some sort of progress in the way of fixing the issue and is therefore dangerous.
I'm not quite sure what you're getting at to be honest
Out of curiosity though, what forum(s) are you referring to?
MadHatter wrote:
at the very least, adding logging to the forum for actions like registration, password, and email changing would help narrow down the point of attack, and would allow you to "fix" the area of exploitation.
What kind of logging would you propose adding and how would it help?
3,095 2007-05-21 01:00
Re: Paid to post mod (2 replies, posted in PunBB 1.2 modifications, plugins and integrations)
And I'll close it, since you seem to have already made a topic here
3,096 2007-05-21 01:00
Re: Paid to post mod (2 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Moved to Modifications
3,097 2007-05-21 00:29
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
MadHatter wrote:
Smartys wrote:from what I've seen the spam bots do not have valid email addresses and would therefore not be able to receive the email with the uuid
Then how do they get past email validation now?
good question. maybe we should ask one of the punbb developers?
Now where would we find one of those... oh, wait! 
I'll answer then: they use legit emails (usually disposable accounts that get deleted soon after), read the emails, and grab the passwords from them.
3,098 2007-05-20 22:09
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
sirena wrote:
Just FYI.
There is apparently a very effective yet simple mod that is available for phpBB discussed here:
http://www.phpbb.com/community/viewtopic.php?t=435702
It works by allowing the admin to specify a 'VIP code' or pass-phrase, essentially, that users need to enter when they register. The variability of this across phpBB boards makes it effective against scripted bots.
Judging from the feedback in the thread above, it seems to work well. Some forum admins even report being able to turn off their CAPTCHAs.
It's similar to some of the approaches already discussed here.
It's like the question method people have been discussing.
However, once enough people start using a tool to fight spammers, the spammers try to adapt. If there's a way to detect what the word is, for example, they'll do it.
3,099 2007-05-20 22:04
Re: Missing Moderator options (7 replies, posted in PunBB 1.2 troubleshooting)
No, I don't think you're explicitly marking it not to be displayed, I think all your layout changes have forced it somewhere out of the page
3,100 2007-05-20 21:59
Re: Vulnerable to spambots (89 replies, posted in PunBB 1.2 discussion)
from what I've seen the spam bots do not have valid email addresses and would therefore not be able to receive the email with the uuid
Then how do they get past email validation now?
the uuid is different than generating the password on their side and posting the login info to the specific page without ever having received an email.
Yes. But as I've said, PunBB already has email validation. Bots simply use disposable email sites if they need.
adding a cron job is about as much trouble as installing a mod, or extension.
No, since while anyone who runs PunBB can edit a file, not everyone has access to crontab on their server
a smarter process for verifying that a human is registering is the only thing I think needs to be implemented. there are so many ways that that can be achieved without having to set up mods / extensions / custom work, so that joe nobody who doesnt know a thing about php / mysql or even the web, can download, upload and run punbb, and have a fairly obscure level of protection from spam bots.
Such as?
instead of finding ways to keep from writing this (I'm a software engineer, and I understand disagreeing with the users of your software, and trying to force them to see your point of view, so please don't think I'm trying to be rude when I say this, because I know where you're coming from), if you spent as much time thinking of a new registration process that would do what people want and be as non-disruptive as possible as has been spent explaining to people why captcha is snake oil, I think we all could have out of the box installs that are 90 something percent spam free.
If I were trying to find ways to keep from writing code, I wouldn't have agreed to be a PunBB developer and I certainly wouldn't have written/integrated 3 anti-spam tools for PunBB 1.2 on a Saturday.
I'm open to suggestions and I'm certainly thinking of ways to deal with the issue of spam, but we have to keep in mind that spammers will try to cope, as they always do. The "add questions to registration" idea, for example, is interesting (and certainly worthy of an extension), but all it takes for a spammer to get around it is a little human interaction (which spammers are willing to pay people for).
And in the end, having a more modular approach to fighting spam allows people to use the tools they want as opposed to having certain tools forced upon them.