Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
deadl0ck
Hangin' Around


Joined: Apr 09, 2006
Posts: 44

PostPosted: Thu May 07, 2009 6:57 am Reply with quote

Hi all,
I'm using RavenNuke 2.02.02 (Version in config table is rnv2.02.02).

I have recently started a forum and it is being spammed a lot.

How can I stop this happening ? The site is for a charity organisation for people with MD and it's very inappropriate for these spam messages to be appearing...

Any help would be greatly appreciated !
 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Thu May 07, 2009 7:42 am Reply with quote

Oh my. You need to get to 2.3.01!!! There are exploits on older versions that are in the public domain. As with any software, purchased or otherwise, one needs to keep up or risk losing their sites.

With regards to your question, the forums is separate software for the most part to RavenNuke(tm) so other than keeping up on the BB2Nuke updates (which I believe we're all the way up to 2.0.23 still), there isn't anything extra special for controlling spam. You will see it all throughout the forums here that to reduce spam in the forums, all you can do is:

1. Make your forum posting permissions to registered users only.
2. Shut-off the ability for users to sign-up new users via the forums (forums configuration setting)
3. Force new user registration to use the captcha (in config.php).
4. Highly recommended: upgrade to RavenNuke(tm) latest in order to get the newer and better captcha -- the old captcha is of no use any longer for the more professional spammers as it is easily compromised.

That is basically all you can do at the moment, out-of-the-box wise. There has been talk and some postings here about using some additional third-party spam stopping utilities. You could try Only registered users can see links on this board! Get registered or login! (from Guardian2003 here). There are other more advanced captcha's that folks have suggested for forum posting, but I don't have anything to point you too at the moment.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
nuken
RavenNuke(tm) Development Team


Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina

PostPosted: Thu May 07, 2009 8:20 am Reply with quote

I don't know how well phpBB 3 stops spam but there are a few bridges for Nuke out there.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
temp_deadl0ck
New Member
New Member


Joined: May 07, 2009
Posts: 3

PostPosted: Thu May 07, 2009 9:03 am Reply with quote

Thanks guys.

Some guidance required :
Quote:
2. Shut-off the ability for users to sign-up new users via the forums (forums configuration setting)

I can't for the life of me find this in the forums configuration....

Quote:
Force new user registration to use the captcha (in config.php)

Again, I can't find this in my main site config.php - all I have there is :


Code:
<?php


######################################################################
# PHP-NUKE: Advanced Content Management System
# ============================================
#
# Copyright (c) 2002 by Francisco Burzi (fbc@mandrakesoft.com)
# http://phpnuke.org
#
# This module is to configure the main options for your site
#
# This program is free software. You can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License.
######################################################################

if (stristr(htmlentities($_SERVER['PHP_SELF']), "config.php")) {
   Header("Location: index.php");
   die();
}

######################################################################
# Database & System Config
#
# dbhost:       SQL Database Hostname
# dbuname:      SQL Username
# dbpass:       SQL Password
# dbname:       SQL Database Name
# $prefix:      Your Database table's prefix
# $user_prefix: Your Users' Database table's prefix (To share it)
# $dbtype:      Your Database Server type. Supported servers are:
#               MySQL, mysql4, postgres, mssql, oracle, msaccess,
#               db2 and mssql-odbc
#               Be sure to write it exactly as above, case SeNsItIvE!
# $sitekey:   Security Key. CHANGE it to whatever you want, as long
#               as you want. Just don't use quotes.
# $gfx_chk:   Set the graphic security code on every login screen,
#      You need to have GD extension installed:
#      0: No check
#      1: Administrators login only
#      2: Users login only
#      3: New users registration only
#      4: Both, users login and new users registration only
#      5: Administrators and users login only
#      6: Administrators and new users registration only
#      7: Everywhere on all login options (Admins and Users)
#      NOTE: If you aren't sure set this value to 0
# $subscription_url: If you manage subscriptions on your site, you
#                    must write here the url of the subscription
#                    information/renewal page. This will send by
#                    email if set.
# $admin_file: Administration panel filename. "admin" by default for
#         "admin.php". To improve security please rename the file
#              "admin.php" and change the $admin_file value to the
#              new filename (without the extension .php)
# $tipath:          Path to where the topic images are stored.
# $display_errors:  Debug control to see PHP generated errors.
#                   false: Don't show errors
#                   true: See all errors ( No notices )
#
# Added for RavenNuke76
# $bypassNukeSentinelInvalidIPCheck: Debug control to bypass NukeSentinel(tm)
#                                    InvalidIP check when set to TRUE.  Leave
#                                    this FALSE for production sites.
# $bypassInstallationFolderCheck: Debug control to bypass RavenNuke76(tm)
#                                    setup/runtime check when set to TRUE.  Leave
#                                    this FALSE for production sites.
######################################################################

$dbhost = "localhost";
$dbuname = "XXXXXX";
$dbpass = "XXXXXX";
$dbname = "XXXXXX";
$prefix = "nuke";
$user_prefix = "nuke";
$dbtype = "MySQL";
$sitekey = "XXXXXX";
$gfx_chk = 0;
$subscription_url = "";
$admin_file = "admin";
$tipath = "images/topics/";
$display_errors = TRUE;  //This should only be used (set to TRUE) when testing locally and not in a production environment
$advanced_editor = 1;
/*********************************************************************/
/* The following settings have been added for use in RavenNuke76     */
/*********************************************************************/
$bypassNukeSentinelInvalidIPCheck = TRUE;  //This should only be used (set to TRUE) when testing locally and not in a production environment
$bypassInstallationFolderCheck    = TRUE;  //This should only be used (set to TRUE) when testing locally and not in a production environment

/*********************************************************************/
/* You have finished configuring the Database settings. Now you can  */
/* change all you want in the Administration Section. To enter, just */
/* point your web browser to http://yourdomain.com/admin.php         */
/*                                                                   */
/* Remember to go to Settings section where you can configure your   */
/* new site. In that menu you can change all you need to change.     */
/*                                                                   */
/* Congratulations! now you have an automated news portal!           */
/* Thanks for choosing PHP-Nuke: The Future of the Web               */
/*********************************************************************/

// DO NOT TOUCH ANYTHING BELOW THIS LINE UNTIL YOU KNOW WHAT YOU'RE DOING

$reasons = array("As Is","Offtopic","Flamebait","Troll","Redundant","Insighful","Interesting","Informative","Funny","Overrated","Underrated");
$badreasons = 4;
#$AllowableHTML = array("b"=>1,"i"=>1,"u"=>1,"div"=>2,"a"=>2,"em"=>1,"br"=>1,"strong"=>1,"blockquote"=>1,"tt"=>1,"li"=>1,"ol"=>1,"ul"=>1);
###############################################################################
#
# nukeWYSIWYG Copyright (c) 2005 Kevin Guske            http://nukeseo.com
# kses developed by Ulf Harnhammar                      http://kses.sf.net
# kses enhancement ideas contributed by sixonetonoffun  http://netflake.com
# FCKeditor by Frederico Caldeira Knabben               http://fckeditor.net
# Original FCKeditor for PHP-Nuke by H.Theisen          http://phpnuker.de
#
###############################################################################
# To completely disable the WYSIWYG editor, set $advanced_editor = 0;
# You may also override the config.php setting by setting $advanced_editor in the module index.php
$AllowableHTML = array(
   "a" => array("href" => 1, "target" => 1, "title" => array("minlen" => 4, "maxlen" => 120)),
   "b" => array(),
   "blockquote" => array(),
   "br" => array(),
   "center" => array(),
   "div" => array("align" => 1),
   "em" => array(),
   "font" => array("face" => 1, "style" => 1, "color" => 1, "size" => array("minval" => 1, "maxval" => 7)),
   "h1"=>array(),
   "h2"=>array(),
   "h3"=>array(),
   "h4"=>array(),
   "h5"=>array(),
   "h6"=>array(),
   "hr" => array(),
   "i" => array(),
   "img" => array("alt" => 1, "src" => 1, "hspace" => 1, "vspace" => 1, "border" => 1, "align" => 1),
   "li" => array(),
   "ol" => array(),
   "p" => array("align" => 1),
   "pre" => array("align" => 1),
   "span" =>array("class" => 1, "style" => array("font-family" => 1, "color" => 1)),
   "strong" => array(),
   "table" => array("align" => 1, "border" => 1, "cell" => 1),
   "td" => array(),
   "tr" => array("align" => 1),
   "tt"=>array(),
   "u" => array(),
   "ul" => array(),
);
$CensorList = array("f***","cunt","f***er","f***ing","pussy","cock","c0ck","cum","twat","clit","bitch","fuk","fuking","motherfucker");
// Nuke Patched 3.1
// Further enhanced by Raven at http://ravenphpscripts.com

?>


Sorry if I'm missing something obvious.

(P.S. I changed my email address on the forums here and now for some reason I can't login with my proper username, hence the temp_ version of my username)
 
View user's profile Send private message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Thu May 07, 2009 10:18 am Reply with quote

The captcha is the $gfx_chk option. Set it to 7 for it to display everywhere.
 
View user's profile Send private message
jakec
PostPosted: Thu May 07, 2009 10:19 am Reply with quote

BTW if you changed your email address you should of received an email asking you to confirm the email address.
 
montego
PostPosted: Thu May 07, 2009 4:59 pm Reply with quote

To answer your other question, check Forums --> General Admin --> Configuration and see this option here:

Enable account activation

It should be set to "None" to ensure no-one can set up a new user via phpBB.
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu May 07, 2009 11:43 pm Reply with quote

Actually montego, I don't think it works that way. By setting it to none, you just allow all registrations with no user (email) or admin (approval) setting

Somehow, I remember we did something for BBToNuke always to redirect to use the Your_Account module for registrations. At least, that's the way my sites have been. Wonder if this was changed somewhere

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
temp_deadl0ck
PostPosted: Fri May 08, 2009 4:23 am Reply with quote

Thanks for all the info guys.

I have turned on the captcha so hopefully that will make a difference.

evaders99, that's how I read the "Enable account activation" also...

jakec, I did get a confirmation email and I clicked the link, but now when I log in and go to the forums I just get :
Only registered users can see links on this board! Get registered or login!
(Click to enlarge)
 
jakec
PostPosted: Fri May 08, 2009 5:41 am Reply with quote

Drop Raven an email and he will sort the login problem out for you.
 
temp_deadl0ck
PostPosted: Fri May 08, 2009 9:06 am Reply with quote

Quote:
Oh my. You need to get to 2.3.0

Is there a migration path from 2.02.02 -> 2.3.0 ?
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Fri May 08, 2009 9:40 am Reply with quote

Temp, the migration path is covered extensively in the documentation that comes with 2.3.01. Note that you want the .01 because that has important security fixes. The database upgrade script that comes with the release will do much of the work for you but you still need to read the upgrading information (there is a Howtoinstall directory) carefully and heed it.
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©