Spam in forums in rnv2.02.02

deadl0ck · Hangin' Around Joined: Apr 09, 2006 Posts: 44

Hi all,
I'm using RavenNuke 2.02.02 (Version in config table is rnv2.02.02).

I have recently started a forum and it is being spammed a lot.

How can I stop this happening ? The site is for a charity organisation for people with MD and it's very inappropriate for these spam messages to be appearing...

Any help would be greatly appreciated !

montego · Posted: Thu May 07, 2009 7:42 am

Oh my. You need to get to 2.3.01!!! There are exploits on older versions that are in the public domain. As with any software, purchased or otherwise, one needs to keep up or risk losing their sites.

With regards to your question, the forums is separate software for the most part to RavenNuke(tm) so other than keeping up on the BB2Nuke updates (which I believe we're all the way up to 2.0.23 still), there isn't anything extra special for controlling spam. You will see it all throughout the forums here that to reduce spam in the forums, all you can do is:

1. Make your forum posting permissions to registered users only.
2. Shut-off the ability for users to sign-up new users via the forums (forums configuration setting)
3. Force new user registration to use the captcha (in config.php).
4. Highly recommended: upgrade to RavenNuke(tm) latest in order to get the newer and better captcha -- the old captcha is of no use any longer for the more professional spammers as it is easily compromised.

That is basically all you can do at the moment, out-of-the-box wise. There has been talk and some postings here about using some additional third-party spam stopping utilities. You could try

Only registered users can see links on this board!
Get registered or login to the forums!

(from Guardian2003 here). There are other more advanced captcha's that folks have suggested for forum posting, but I don't have anything to point you too at the moment.

nuken · Posted: Thu May 07, 2009 8:20 am

I don't know how well phpBB 3 stops spam but there are a few bridges for Nuke out there.

temp_deadl0ck · New Member Joined: May 07, 2009 Posts: 3

Thanks guys.

Some guidance required :

Quote:

2. Shut-off the ability for users to sign-up new users via the forums (forums configuration setting)

I can't for the life of me find this in the forums configuration....

Quote:

Force new user registration to use the captcha (in config.php)

Again, I can't find this in my main site config.php - all I have there is :

Code:

<?php

######################################################################
# PHP-NUKE: Advanced Content Management System
# ============================================
#
# Copyright (c) 2002 by Francisco Burzi (fbc@mandrakesoft.com)
# http://phpnuke.org
#
# This module is to configure the main options for your site
#
# This program is free software. You can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License.
######################################################################

if (stristr(htmlentities($_SERVER['PHP_SELF']), "config.php")) {
Header("Location: index.php");
die();
}

######################################################################
# Database & System Config
#
# dbhost: SQL Database Hostname
# dbuname: SQL Username
# dbpass: SQL Password
# dbname: SQL Database Name
# $prefix: Your Database table's prefix
# $user_prefix: Your Users' Database table's prefix (To share it)
# $dbtype: Your Database Server type. Supported servers are:
# MySQL, mysql4, postgres, mssql, oracle, msaccess,
# db2 and mssql-odbc
# Be sure to write it exactly as above, case SeNsItIvE!
# $sitekey: Security Key. CHANGE it to whatever you want, as long
# as you want. Just don't use quotes.
# $gfx_chk: Set the graphic security code on every login screen,
#    You need to have GD extension installed:
#    0: No check
#    1: Administrators login only
#    2: Users login only
#    3: New users registration only
#    4: Both, users login and new users registration only
#    5: Administrators and users login only
#    6: Administrators and new users registration only
#    7: Everywhere on all login options (Admins and Users)
#    NOTE: If you aren't sure set this value to 0
# $subscription_url: If you manage subscriptions on your site, you
# must write here the url of the subscription
# information/renewal page. This will send by
# email if set.
# $admin_file: Administration panel filename. "admin" by default for
#       "admin.php". To improve security please rename the file
# "admin.php" and change the $admin_file value to the
# new filename (without the extension .php)
# $tipath: Path to where the topic images are stored.
# $display_errors: Debug control to see PHP generated errors.
# false: Don't show errors
# true: See all errors ( No notices )
#
# Added for RavenNuke76
# $bypassNukeSentinelInvalidIPCheck: Debug control to bypass NukeSentinel(tm)
# InvalidIP check when set to TRUE. Leave
# this FALSE for production sites.
# $bypassInstallationFolderCheck: Debug control to bypass RavenNuke76(tm)
# setup/runtime check when set to TRUE. Leave
# this FALSE for production sites.
######################################################################

$dbhost = "localhost";
$dbuname = "XXXXXX";
$dbpass = "XXXXXX";
$dbname = "XXXXXX";
$prefix = "nuke";
$user_prefix = "nuke";
$dbtype = "MySQL";
$sitekey = "XXXXXX";
$gfx_chk = 0;
$subscription_url = "";
$admin_file = "admin";
$tipath = "images/topics/";
$display_errors = TRUE; //This should only be used (set to TRUE) when testing locally and not in a production environment
$advanced_editor = 1;
/*********************************************************************/
/* The following settings have been added for use in RavenNuke76 */
/*********************************************************************/
$bypassNukeSentinelInvalidIPCheck = TRUE; //This should only be used (set to TRUE) when testing locally and not in a production environment
$bypassInstallationFolderCheck = TRUE; //This should only be used (set to TRUE) when testing locally and not in a production environment

/*********************************************************************/
/* You have finished configuring the Database settings. Now you can */
/* change all you want in the Administration Section. To enter, just */
/* point your web browser to http://yourdomain.com/admin.php */
/* */
/* Remember to go to Settings section where you can configure your */
/* new site. In that menu you can change all you need to change. */
/* */
/* Congratulations! now you have an automated news portal! */
/* Thanks for choosing PHP-Nuke: The Future of the Web */
/*********************************************************************/

// DO NOT TOUCH ANYTHING BELOW THIS LINE UNTIL YOU KNOW WHAT YOU'RE DOING

$reasons = array("As Is","Offtopic","Flamebait","Troll","Redundant","Insighful","Interesting","Informative","Funny","Overrated","Underrated");
$badreasons = 4;
#$AllowableHTML = array("b"=>1,"i"=>1,"u"=>1,"div"=>2,"a"=>2,"em"=>1,"br"=>1,"strong"=>1,"blockquote"=>1,"tt"=>1,"li"=>1,"ol"=>1,"ul"=>1);
###############################################################################
#
# nukeWYSIWYG Copyright (c) 2005 Kevin Guske http://nukeseo.com
# kses developed by Ulf Harnhammar http://kses.sf.net
# kses enhancement ideas contributed by sixonetonoffun http://netflake.com
# FCKeditor by Frederico Caldeira Knabben http://fckeditor.net
# Original FCKeditor for PHP-Nuke by H.Theisen http://phpnuker.de
#
###############################################################################
# To completely disable the WYSIWYG editor, set $advanced_editor = 0;
# You may also override the config.php setting by setting $advanced_editor in the module index.php
$AllowableHTML = array(
"a" => array("href" => 1, "target" => 1, "title" => array("minlen" => 4, "maxlen" => 120)),
"b" => array(),
"blockquote" => array(),
"br" => array(),
"center" => array(),
"div" => array("align" => 1),
"em" => array(),
"font" => array("face" => 1, "style" => 1, "color" => 1, "size" => array("minval" => 1, "maxval" => 7)),
"h1"=>array(),
"h2"=>array(),
"h3"=>array(),
"h4"=>array(),
"h5"=>array(),
"h6"=>array(),
"hr" => array(),
"i" => array(),
"img" => array("alt" => 1, "src" => 1, "hspace" => 1, "vspace" => 1, "border" => 1, "align" => 1),
"li" => array(),
"ol" => array(),
"p" => array("align" => 1),
"pre" => array("align" => 1),
"span" =>array("class" => 1, "style" => array("font-family" => 1, "color" => 1)),
"strong" => array(),
"table" => array("align" => 1, "border" => 1, "cell" => 1),
"td" => array(),
"tr" => array("align" => 1),
"tt"=>array(),
"u" => array(),
"ul" => array(),
);
$CensorList = array("f***","cunt","f***er","f***ing","pussy","cock","c0ck","cum","twat","clit","bitch","fuk","fuking","motherfucker");
// Nuke Patched 3.1
// Further enhanced by Raven at http://ravenphpscripts.com

?>

Sorry if I'm missing something obvious.

(P.S. I changed my email address on the forums here and now for some reason I can't login with my proper username, hence the temp_ version of my username)

jakec · Posted: Thu May 07, 2009 10:18 am

The captcha is the $gfx_chk option. Set it to 7 for it to display everywhere.

jakec · Posted: Thu May 07, 2009 10:19 am

BTW if you changed your email address you should of received an email asking you to confirm the email address.

montego · Posted: Thu May 07, 2009 4:59 pm

To answer your other question, check Forums --> General Admin --> Configuration and see this option here:

Enable account activation

It should be set to "None" to ensure no-one can set up a new user via phpBB.

evaders99 · Posted: Thu May 07, 2009 11:43 pm

Actually montego, I don't think it works that way. By setting it to none, you just allow all registrations with no user (email) or admin (approval) setting

Somehow, I remember we did something for BBToNuke always to redirect to use the Your_Account module for registrations. At least, that's the way my sites have been. Wonder if this was changed somewhere

temp_deadl0ck · New Member Joined: May 07, 2009 Posts: 3

Thanks for all the info guys.

I have turned on the captcha so hopefully that will make a difference.

evaders99, that's how I read the "Enable account activation" also...

jakec, I did get a confirmation email and I clicked the link, but now when I log in and go to the forums I just get :

Only registered users can see links on this board!
Get registered or login to the forums!

(Click to enlarge)

jakec · Posted: Fri May 08, 2009 5:41 am

Drop Raven an email and he will sort the login problem out for you.

temp_deadl0ck · New Member Joined: May 07, 2009 Posts: 3

Quote:

Oh my. You need to get to 2.3.0

Is there a migration path from 2.02.02 -> 2.3.0 ?

fkelly · Posted: Fri May 08, 2009 9:40 am

Temp, the migration path is covered extensively in the documentation that comes with 2.3.01. Note that you want the .01 because that has important security fixes. The database upgrade script that comes with the release will do much of the work for you but you still need to read the upgrading information (there is a Howtoinstall directory) carefully and heed it.