Pages: [1] 2
  Print  
Author Topic: Forum spam bots issue  (Read 31560 times)
Cacatoes
Banned for leasing own account
Posts a lot
*

Cakes 73
Posts: 1427


also banned for baiting another to violate rules


« on: July 10, 2011, 02:41:29 PM »

1) Grant rights to some other people to validate accounts.
2) I don't see why installing recaptcha is impossible, that's surprising some piece of PHP can't be dealt with, let people investigate.
3) If not possible, then migrate from that SMF shit to something more manageable, a forum which doesn't allow you to have a normal use of it has to be thrown.

Quote: "do you really want to completely demotivate the project's only 3d technical artist, animator and creative lead?"

Don't demotivate your WHOLE team either.
Logged

Todo: Walk the cat.
Graion Dilach
Member


Cakes 12
Posts: 403



« Reply #1 on: July 10, 2011, 03:16:52 PM »

2) I don't see why installing recaptcha is impossible, that's surprising some piece of PHP can't be dealt with, let people investigate.

http://custom.simplemachines.org/mods/index.php?mod=1044

Give me the access for 10 minutes and it gets installed. Personally the latter could be nicer, but I don't care which one will be used.

http://custom.simplemachines.org/mods/index.php?mod=2932
Logged

One shall remind what have he left behind... to actually realize that it's still cool.
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #2 on: July 10, 2011, 03:42:42 PM »

1) HELL NO, this requires giving complete admin access rights to others, and given the dramatic hsitory of the community (like self-blanking everything, account self destruction etc) i'm not trusting anybody to this. not to mention the takeover potential and social engineering problems.
2) Because SMF uses FTP access to install and modify modules on the fly. Manual installation involves editing PHP files and that's a hassle, not to mention the risk of me breaking something. also isn't recaptcha not even avalable for 1.1.14?
3) It was not my choice to use SMF. It's SMF or nothing. Deal with it. Be grateful about the e107 use also, or maybe I should go back to plain HTM files for the web site then?

Quote: "do you really want to completely demotivate the project's only 3d technical artist, animator and creative lead?"

Don't demotivate your WHOLE team either.
...

You know, dealing with melodramatic posts like this is part of the reason why. You should already know better that the development forum is no place for this.
« Last Edit: July 10, 2011, 04:07:43 PM by fromhell » Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #3 on: July 10, 2011, 04:04:55 PM »

I might try notCaptcha out, sounds more reasonable than recaptcha. I always hated trying to read the text of a bad word inker, plus i'm gonna do the custom pictures thing anyway, it even sounds like fun!

but then, for every SMF update, i'd have to keep manually applying the mod. This is one of the obstacles I hate. I used to update SMF via the built in FTP access through the admin panel, but for years I no longer had that ability.

and before anyone says this, let me get this out of the way


phpBB is not an option
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
Cacatoes
Banned for leasing own account
Posts a lot
*

Cakes 73
Posts: 1427


also banned for baiting another to violate rules


« Reply #4 on: July 10, 2011, 06:18:30 PM »

Oh please, stop being that funny.
Development isn't the place for this, but Club Nub isn't either. So where's the right place in fact ?
You won't deal with issues by closing topics, you only push people getting nervous that way and then you obtain the behaviours of blanking posts you just criticize.
I wasn't sounding melodramatic but sarcastic, you tell about your own motivation, do you need to accumulate motivation for months without being contraried to actually produce something ? Contrary to what you think: people here are trying to push YOU and YOUR PROJECT forward, not to put you down.
When I say "don't demotivate your team" I mean DO NOT STOP ITS INERTIA, which is exactly what happens when you REFUSE to let people work around issues like that silly spambot affair which is just one issue amongst many which could have been dealt by experienced people who came upon this board.
You talk about trust, people who talk about trust always take the problem by the wrong end. Opensource guys are here to collaborate, not to ask themselves if they can trust each other. You can't work if you don't have the ground to do it. I don't care if my ground is smaller or bigger than my neighbour's one, I just want to be able to work on the ground my activity requires, and that's why most people can tolerate leaders (who have the bigger grounds). Opensource is against CONTROL, period.
Logged

Todo: Walk the cat.
RMF
Member


Cakes 12
Posts: 694



« Reply #5 on: July 10, 2011, 06:42:20 PM »

- Admin access is NOT needed to approve members.
- I brought on multiple and even easier modifications to the registration page which might stop the flood completely already.
- ReCaptcha is a perfectly good system, especially because you are not only verifying you are human but at the same time you help digitalising books. If the image is too hard, there's an 'other image' button.
- You are right not to trust everyone, but I think there are enough trustworthy people around here to install a mod or whatever. Also there is something called backups (which should be taken every few days anyway, ifnot more often), you can always revert and change passwords when someone screws things up. Takes about 4 minutes to put into motion, then you go do something else while it runs, and at the end you generate a new sql dump from phpmyadmin or the admin panel itself (takes another minute or maybe two), and nothing can happen anymore. Setting back a backup takes not much longer ifnot just as long.
Logged
Graion Dilach
Member


Cakes 12
Posts: 403



« Reply #6 on: July 11, 2011, 04:21:41 AM »

but then, for every SMF update, i'd have to keep manually applying the mod. This is one of the obstacles I hate. I used to update SMF via the built in FTP access through the admin panel, but for years I no longer had that ability.

I have to disagree with this one. I've did some updates from time to time... and I haven't seen such errors. Of course, I don't deny it's existance but the registration code is still the same from 1.1.6, IIRC, and I doubt it will ever gets updated. Since SMF 1.1 gets only security updates from 1.1.10.

OK, I see your reasons not to give access to the admin panel for anybody, but I have never met an SMF mod which took more time than 5 minutes to install, including custom theme updates. (OK, a custom profiler in SMF 1.1 took an hour to set up because I used it for online RPG character database and that required 40+ fields to set up).

If you use English and not English-UTF8, it will get even easier, because only the theme-template gets involved. Or even that one, neither. (Here lies a big addendum within SMF 2.0, it'll update every theme and every language pack, not just English and the basic themes. Although it adds the English lines for all language packs)

RMF, I don't like ReCaptcha. My reason is simple... I've had plenty problems with connection issues with it. Besides, ReCaptcha needs an account on it's page, and seeing fromhell's steps, I doubt she will get that one. This is why I suggested notCaptcha, it fits much better to her, since it doesn't rely on external places.

I don't get why Cacatoes hates SMF... I never liked phpBB myself... and I wouldn't use any forum software besides SMF, so meh.
Logged

One shall remind what have he left behind... to actually realize that it's still cool.
Cacatoes
Banned for leasing own account
Posts a lot
*

Cakes 73
Posts: 1427


also banned for baiting another to violate rules


« Reply #7 on: July 11, 2011, 04:38:04 AM »

I don't hate it at all, that was simple reasoning: if, as fromhell seemed to state, it can't have a proper registration system working (with spambot filter and so on) , then it doesn't fulfil its role, so it's good to be thrown.
Truth is: this forum can fulfil its role (contrary would be surprising).
I'm happy with the current board. I'm not a big fan of phpBB either, and if I need a forum fluxbb usually suits my needs, but that's not the topic.
Logged

Todo: Walk the cat.
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #8 on: July 11, 2011, 11:40:56 PM »

I've attempted to install notCaptcha manually. It broke registrations completely.


god damn it.
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #9 on: July 12, 2011, 01:42:26 PM »

Somewhere along the line it tells me to copy the code in generate_config.php to a new file in notcaptcha/notcaptcha_config.php (security reasons beyond my control can not change this to allow it to generate on the fly). I did exactly that.
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
Cacatoes
Banned for leasing own account
Posts a lot
*

Cakes 73
Posts: 1427


also banned for baiting another to violate rules


« Reply #10 on: July 12, 2011, 04:10:29 PM »

There's obviously an error in that file, you may even paste its content here (cleaning passwords if there are).
Logged

Todo: Walk the cat.
Graion Dilach
Member


Cakes 12
Posts: 403



« Reply #11 on: July 12, 2011, 05:16:02 PM »

Tomorrow I'll set up an SMF 1.1.14 for field tests on my own. If this is messy, I figure it out.
Logged

One shall remind what have he left behind... to actually realize that it's still cool.
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #12 on: July 13, 2011, 12:32:57 PM »

hope you're doing it manually

I did it with the generated instructions, the notcaptcha_config's my only roadblock

BTW for those who want me to send them 'smf files' - i'm only using a vanilla installation with loads of themes. I don't have to send or 'give access' to you (btw I don't even have the ability to grant access anyway lol)
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
Peter Silie
Member


Cakes 2008
Posts: 610



« Reply #13 on: July 13, 2011, 01:01:10 PM »

maybe a little irc session could also help... Grin
Logged
Graion Dilach
Member


Cakes 12
Posts: 403



« Reply #14 on: July 13, 2011, 02:25:20 PM »

Somewhere along the line it tells me to copy the code in generate_config.php to a new file in notcaptcha/notcaptcha_config.php (security reasons beyond my control can not change this to allow it to generate on the fly). I did exactly that.

That is the problem.

Replace all \' with pure ' and it will work.

EDIT: Huh, I forgot... Replace $salt with the proposed cookie name.
Logged

One shall remind what have he left behind... to actually realize that it's still cool.
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #15 on: July 13, 2011, 09:03:12 PM »

Thank you. i'll do that in an hour

thanks for being helpful!
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #16 on: July 13, 2011, 10:02:23 PM »

half-working. images don't show up but sliders do

reading others experiences lately, apparently it's a php/gd library problem? makes no sense when the default smf captcha shows.

gd problem indeed. god damnit
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
Graion Dilach
Member


Cakes 12
Posts: 403



« Reply #17 on: July 14, 2011, 03:15:03 AM »

Sad thing. Although i don't get the exact reason behind it, because it seems to me that GD was installed... yet the error message is the missing imagerotate() function.

Meh.
Logged

One shall remind what have he left behind... to actually realize that it's still cool.
Cacatoes
Banned for leasing own account
Posts a lot
*

Cakes 73
Posts: 1427


also banned for baiting another to violate rules


« Reply #18 on: July 14, 2011, 03:30:24 AM »

Yep.

I don't know which distrib the server runs, but if it's Debian Etch as I think, from which that function wasn't available in default gd packages, it's discontinued and should be updated.

Logged

Todo: Walk the cat.
Graion Dilach
Member


Cakes 12
Posts: 403



« Reply #19 on: July 14, 2011, 03:37:51 AM »

Not just Debian. Ubuntu never included itn, neither. Somewhere I read that SUSE missed it out, too.

On the other hand, the missing imagerotate function is so common that there are at least 3 different implementations of it using basic PHP and GD functions in the comments of http://php.mainseek.com/manual/en/function.imagerotate.php . By copying any of that into the beginning to Register.php (best are those which starts with ( !function_exists( 'imagerotate' ) ) because those will use the same attributes as the original), the issue could be solved.
Logged

One shall remind what have he left behind... to actually realize that it's still cool.
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #20 on: July 14, 2011, 04:41:38 AM »

Cool! This is the implementation I am using. It is working!

Thanks!
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
fromhell
Administrator
GET A LIFE!
**********

Cakes 35
Posts: 14520



WWW
« Reply #21 on: July 14, 2011, 05:00:39 AM »

I JUST REJECTED A SPAMBOT ALREADY!!! THIS ISNT WORKING I FAILED.
Logged

asking when OA3 will be done won't get OA3 done.
Progress of OA3 currently occurs behind closed doors alone

I do not provide technical support either.

new code development on github
Cacatoes
Banned for leasing own account
Posts a lot
*

Cakes 73
Posts: 1427


also banned for baiting another to violate rules


« Reply #22 on: July 14, 2011, 05:02:12 AM »

Wink
Logged

Todo: Walk the cat.
WingedPanther
Member


Cakes 4
Posts: 190



« Reply #23 on: July 14, 2011, 05:08:47 AM »

Having a spambot get past a captcha doesn't tell you anything.  See if it slows down the volume of them over the next couple days.  You have to remember that they're working hard to break captchas.
Logged

Programming is a branch of mathematics.
Graion Dilach
Member


Cakes 12
Posts: 403



« Reply #24 on: July 14, 2011, 09:55:44 AM »

I JUST REJECTED A SPAMBOT ALREADY!!! THIS ISNT WORKING I FAILED.

Disable the captcha. IIRC that causes it. But moment.
Logged

One shall remind what have he left behind... to actually realize that it's still cool.
Pages: [1] 2
  Print  
 
Jump to: