Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - All Issues
Author Message
phearfactor
New Member
New Member


Joined: Mar 06, 2008
Posts: 23

PostPosted: Thu Mar 06, 2008 10:12 pm Reply with quote

Hi everybody.

I know this sounds stupid, and I have read that RavenNuke is very secure. But am I really okay to set my forums up? Every forum I tried to run in the past got hacked by script kiddies, although I have never used Sentinel before which I think I have running now.

Will I be safe to set them up you think?

Oh and also, sorry to be a pain. Would someone just look at my site to make sure that I haven't missed anything. I know a little bit of coding and stuff but this is probably the first CMS that has ever worked for me lol, so I am eternally grateful already. I am just scared all the hours of work I am going to put into my new fully loaded website will get deleted by some kiddie.

Thanks for reading, you can find my woeful website Only registered users can see links on this board! Get registered or login! - please excuse my empty posts hehe.

Oh and one more thing, before I forget. How often does RavenNuke get updates and are they usually security related? Should I be visiting every day checking for an update to make sure my website will be secure for the future?


Last edited by phearfactor on Fri Mar 14, 2008 1:43 am; edited 1 time in total 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Thu Mar 06, 2008 10:56 pm Reply with quote

Welcome, phearfactor.

Regarding setting up forums, the most effective way to prevent comment spam is requiring membership to post. Many people using RN have been running forums for years without problems other than comment spam.

As for updates and support, check the forums here and you'll quickly get a sense for how good the support is and how well the team resolves issues - security or otherwise. For specific information on RN updates, you can check the downloads section or the changelog included with the latest download. I would say generally about 2-3 times a year - but check monthly to be safe. Of course, there is so much here that you could check daily and learn something new every time...

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
phearfactor
PostPosted: Thu Mar 06, 2008 11:05 pm Reply with quote

Is there anything I can implement or adjust (within the vast pages of settings I still haven't looked at yet) to stop spammers on the forums? Like a post time-limiter? No idea what the technical term is for them.

I really cannot set-up the authorization thing, just won't work for me. I am using the Approve Membership Lite addon to get around this so I don't have to email them authorization codes.

Is there anything you can suggest that will help me out other than the use of auth codes?

Thanks again for your swift reply.
 
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Fri Mar 07, 2008 1:21 am Reply with quote

Are you saying it is not sending the emails to new users for them to activate their account? Obviously if that is the case I would highly recommend trying to get that to work. There is now an option to use SMTP for sending the email, so where hosts have locked down php_mail you should still be able to use that function.

Also make sure you have the captcha turned on for all logins and lock down your admin area using HTTP_AUTH, or CGIAUTH. Have a search in the forums on how to do this.
 
View user's profile Send private message
phearfactor
PostPosted: Fri Mar 07, 2008 6:36 am Reply with quote

Thanks for that info Jakec.

Unluckily for me my problem is not related to my hosts as I host myself. My problem is my ISP, they are blocking port 25 and for the life of me I cannot understand exactly what to change in which files to get it to work.

I have got it working through php_mail, but the emails simply never appear. I haven't been able to get the SMTP one to work at all yet, I am probably missing something simple. I use to have a similar script working, but that was with my old ISP who didn't block my outgoing port 25, I believe my incoming one is fine.

I am based on a Windows PC using Apache2Triad, trying to make things as less complex as possible for myself. The email issue has really stumped me though, I spent a good 4 or 5 hours modifying things to no avail.

I haven't turned on error reporting though as I cannot seem to find any information on this. Is there a file I haven't looked at?

Thanks for all the help thus far!
 
jakec
PostPosted: Fri Mar 07, 2008 6:45 am Reply with quote

I've not setup my own server to host a site, apart from using XAMPP for testing, so it is difficult for me to comment specifically on this, but I'm sure you should be able to get the emails working. Presumably your hosts lets you send emails using Outlook and SMTP and therefore the SMTP option should work, or are you saying they have blocked that? Confused

One other thing slightly off topic, but I personally would not display a list of your referrers, because you could be subject to Referrer spam and you could end up with links pointing to unwanted content.
 
vaudevillian
Worker
Worker


Joined: Jan 18, 2008
Posts: 143

PostPosted: Fri Mar 07, 2008 7:05 am Reply with quote

To curb forum spamming, go to the admin control panel under the forums module.
Under General admin, click on configuration. In there a setting call flood Interval you can set this higher then the defualt of 15 seconds.

Then under user admin. Click on ban control. You Can use this short list I have compiled so far. Put these emails in.

*@sevastopol.in
*@mymail-in.net
*@s2worldsports.net
*@c2voyage.org
*@babusya.com
*@d2pills.org
*@s2sportblog.org
*@mail.ru
*@email.net
*@mail2.hqhost.net
*@hot-pussy.info (sorry raven, was a huge bot spammer on my stand alone boards. nothing like waking up to a crap load of porn all over your board.)
*@mail.health-ua.com
*@cheapoemsoft4u.net
*@jetfix.ee
*@email.com
*@e-mail
*@gawab.com
*@gmail.net
*@inbox.ru
*@objes.com
*@mymail.com
*@mp3-world.us
*@bk.ru
*@cowdump.com

Well thats all I have right now.
 
View user's profile Send private message Send e-mail
phearfactor
PostPosted: Fri Mar 07, 2008 7:07 am Reply with quote

I will try again with the SMTP set-up later. Trying to do that HTTP_Auth now.

I am using this thread: Only registered users can see links on this board! Get registered or login!

Is that what you was referring to? Also, the real path command doesn't seem to be working for me, it replies nothing.

Thank vaudevillian, that's what I was looking for. I will get all that sorted before I turn the forums on hehe
 
phearfactor
PostPosted: Fri Mar 07, 2008 7:23 am Reply with quote

Ah found out my real_path - thanks for all the help everyone!
 
jakec
PostPosted: Fri Mar 07, 2008 7:26 am Reply with quote

That's quite an old post. I'm not familiar with your hosting setup, but if it supports HTTPAUTH, you should be able to simply switch it on in the Nukesentinel settings.

If it doesn't support HTTPAUTH you will need to use CGIAUTH.

Further details on setting these up can be found in the HowToInstall directory of your installation, or here: Only registered users can see links on this board! Get registered or login! Look under NukeSentinel.

In addition to what vaudevillian has suggested you can add strings to the string blocker in Sentinel to help prevent spamming.
 
phearfactor
PostPosted: Fri Mar 07, 2008 7:38 am Reply with quote

Yeah I just switched it on in the Sentinel control panel and now it seems to work! Now I will try out that smtp thing. Thanks for all the help Jakec.
 
phearfactor
PostPosted: Fri Mar 07, 2008 8:03 am Reply with quote

jakec wrote:
Presumably your hosts lets you send emails using Outlook and SMTP and therefore the SMTP option should work, or are you saying they have blocked that? Confused


I can use my POP GoogleMail account which uses port 587. I have that set-up now in my Outlook. Any idea where I go from there? Can I use my Gmail settings via the TegoNuke Mailer with SMTP set to Method?
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Fri Mar 07, 2008 8:09 am Reply with quote

You never replied back to kguske's point: are you allowing anyone, even non-registered users, to post in your forums? If so, you really need to turn that off and allow only registered users to post.

Also, ask your host how you are supposed to send mail. If they really got it horked up like that then I would switch to a different host ASAP.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
phearfactor
PostPosted: Fri Mar 07, 2008 8:13 am Reply with quote

At the moment I don't have my forums running. I do have authorization code turned on at the moment but it is not working correctly because I cannot send my own emails for some reason (Port 587).

I am hosting it myself on my Windows PC and it is my ISP that is blocking Port 25. I am not sure how to get around that other than getting another ISP lol (not an option, not until 2010 anyway).

Gmail does work though, so it is surely possible for me to get it working, using Port 587. When I send newsletters using these settings though I receive a blank page.

I can use php_mail but when I change the default settings from Port 25 to 587 instead of getting email sent successfully, I receive the blank page again. There is something holding me back but I do not have enough knowledge or experience with this to have a clue, I don't even know where to begin.
 
Gremmie
PostPosted: Fri Mar 07, 2008 9:21 am Reply with quote

Yeah well technically you probably aren't supposed to be hosting a server like that (most ISP's forbid running a server of any kind). Find a web host. Smile
 
phearfactor
PostPosted: Fri Mar 07, 2008 9:38 am Reply with quote

Oh no its not forbidden, well I don't think it is lol. I am from England so maybe things work differently here, I know a lot of ISPs here block port 25 though.

I am trying to set-up a relay in xmail so it uses my gmail account, doesn't seem to be working yet but hopefully I will figure it out.
 
Gremmie
PostPosted: Fri Mar 07, 2008 9:47 am Reply with quote

True, I was speaking from a US perspective. Well....good luck! But why put yourself through all that when you can find a web host? I wouldn't want to have my own PC on the internet like that. Yikes. Smile
 
phearfactor
PostPosted: Fri Mar 07, 2008 9:51 am Reply with quote

I dunno, I quite like running it myself it allows me to modify everything and anything, plus I don't need to use crappy ftp programs hehe. Yeah it is definitely scary at times, I try not to read the logs lol.

Ah well, what's the worst that could happen? Actually, don't tell me lol

Anything you can suggest other than buying hosting to help with my mail issues hehe?
 
jakec
PostPosted: Fri Mar 07, 2008 12:06 pm Reply with quote

Hosting really isn't that expensive, you can get it for £9 a year from some UK hosts. .....but of course Raven's is the best. Wink

That way you don't have the worry if mucking something up on your server and letting all the script kiddies in.
 
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Fri Mar 07, 2008 7:30 pm Reply with quote

vaudevillian wrote:
To curb forum spamming, go to the admin control panel under the forums module.
Under General admin, click on configuration. In there a setting call flood Interval you can set this higher then the defualt of 15 seconds.

Then under user admin. Click on ban control. You Can use this short list I have compiled so far. Put these emails in.

*@sevastopol.in
*@mymail-in.net
*@s2worldsports.net
*@c2voyage.org
*@babusya.com
*@d2pills.org
*@s2sportblog.org
*@mail.ru
*@email.net
*@mail2.hqhost.net
*@hot-pussy.info (sorry raven, was a huge bot spammer on my stand alone boards. nothing like waking up to a crap load of porn all over your board.)
*@mail.health-ua.com
*@cheapoemsoft4u.net
*@jetfix.ee
*@email.com
*@e-mail
*@gawab.com
*@gmail.net
*@inbox.ru
*@objes.com
*@mymail.com
*@mp3-world.us
*@bk.ru
*@cowdump.com

Well thats all I have right now.


Thanks vaudevillian Smile If you can come up with more post them as a public service.

And phearfactor, all we need to phear is phear itself. RavenNuke including the Forums is way more secure than the PhPNuke turned out by FB. There is no comparison.

_________________
Computer Science is no more about computers than astronomy is about telescopes.
- E. W. Dijkstra 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
phearfactor
PostPosted: Fri Mar 07, 2008 8:57 pm Reply with quote

That is what I was thinking, I was just worried that the forum didn't reside under the secured bits you see. Good to know it does!

I have sorted out some alternate hosting now, emails seem to be working fine with the default settings, thankfully lol. Just need to work out how CGIAUTH works as the host doesn't seem to support the other one, the one I had already got running (bah humbug lol).

Ah well, it's all fun and games!

Thanks for the posts everyone, you have been very helpful.

Oh, just thought of something. Do I have to keep my phpbb forum up to date or should the RN updates be enough to cover the forum too?
 
southern
PostPosted: Fri Mar 07, 2008 9:21 pm Reply with quote

cgiauth is not that difficult. I have some really simple directions here Only registered users can see links on this board! Get registered or login!
RavenNuke 2.20.01 updated the Forums too to 2.0.23, if other phpbb releases come out use those if you want.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Sat Mar 08, 2008 2:07 am Reply with quote

phearfactor wrote:
Oh no its not forbidden, well I don't think it is lol. I am from England so maybe things work differently here, I know a lot of ISPs here block port 25 though.

I am trying to set-up a relay in xmail so it uses my gmail account, doesn't seem to be working yet but hopefully I will figure it out.

Most UK ISP's will allow mail on port 26 if port 25 is blocked.
If your ISP is Blueyonder, Telewest or NTL these are all now owned by Virgin Media but their existing policy is still that they only allow 10 concurrent connections via a pasword protected connection to your PC.
 
View user's profile Send private message Send e-mail
phearfactor
PostPosted: Sat Mar 08, 2008 2:27 am Reply with quote

Yeah, I am using ADSL2+ (Be*) and they just out-right blocked most useful things heh. I could work around it by paying them £4 a month, in which case they then allow its use.. But I found a host that was even cheaper than that, silly ISP.
 
southern
PostPosted: Sat Mar 08, 2008 5:05 pm Reply with quote

£4?? How much is that in USD?
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - All Issues

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©