Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Eventual forum upgrade plan
ruud wrote:
I’m not sure if this is taken care of in the new forum software.
FluxBB does not have any anti-spam features.
In any case, I’d be grateful if you take out the part that sends me mails with “a whole lot of crap” in it (probably something I put in for debugging purposes).
We will. The debugging code will not end up on the live server, nor to the source repository even. We’re trying to apply any needed modification using patches, and packaging them as FluxBB’s installable mods maybe even.
Offline
Re: Eventual forum upgrade plan
Gocom wrote:
FluxBB does not have any anti-spam features.
I think that Rudd has implemented some features from stopforumspam.com which I would strongly suggest we should maintain. Even with those in action, we still get a lot of spammers here.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Eventual forum upgrade plan
^^ exactly, they were quite effective at blocking spammy user registrations.
I also added some debugging code to check if it would be effective to block a user that turns out to be spammy when posting for the first time. That was never implemented. I guess it would block 1-5 spammers per month.
Offline
Re: Eventual forum upgrade plan
It is of course going to stay. We will have to write a generic PHP wrapper for it and release it as a separate component, rather than keeping our own hacks. I would rather let others be able to patch it when the API changes, outside from Textpattern sphere.
The bad thing about the spam check is that you can totally circumvent it as its implemented now. Unfortunately SFS only accepts 20 000 requests a day from a single IP, after which it responds with an error page. The check relaying on active third party connection, correctly aborts on any error , but this lets any user to register.
Once a bot exhausts the quota, he can register without any worries. We can neither prevent registration since then someone could just write a nasty script that totally prevents anyone from registering.
Thing that could help would be to cache blocked IPs (ban the IP in FluxBB when the user is flagged for the first time).
Last edited by Gocom (2013-10-01 12:46:52)
Offline
Re: Eventual forum upgrade plan
Yes, definitely not keep it as a hack. Upgrading was rather painful due to all the patches that were applied.
Is that 20k limit a theoretical problem or has it occurred already?
Offline
Re: Eventual forum upgrade plan
ruud wrote:
Yes, definitely not keep it as a hack.
Unfortunately FluxBB employs mod culture, and doesn’t have real good plugin system (observers or stuff). Best we can do is to organize the modification well (e.g. by branching using git and merging), and patch new release. At some point this may fail tho; mod is a mod and diffs aren’t magical unicorns.
But we most certainly do have to update; there has been some pretty big security updates to FluxBB since the forum was last updated.
Is that 20k limit a theoretical problem or has it occurred already?
Hasn’t happened yet as far as I’m aware, but executing such ‘attack’ would be easy. There has been registrations from IPs/emails that have been in the spam database, but those all could as well been errors in querying SFS or alterations done after registering etc.
Last edited by Gocom (2013-10-01 17:06:27)
Offline
Re: Eventual forum upgrade plan
I’ve gotten the SFS protection solved on registration pages. Instead of modding FluxBB, I’ve successfully;
- intercepted the the registration HTTP POST requests
- check whether the details are in FluxBB ban table, if yes, abort and resume normal registration process
- otherwise check SFS database for the email and IP
- if found, create a new ban record to FluxBB’s database and flus cache.
FluxBB takes care of preventing access and presenting messages.
Last edited by Gocom (2013-10-02 11:17:52)
Offline
Re: Eventual forum upgrade plan
And I’ve gotten the log in done too. Will still need to separate the actual logic from the config file, and then that the spam protection — with zero mods.
Offline
Re: Eventual forum upgrade plan
Thinking about it, I’m wondering if we could do Textile support the same way as Stop Forum Spam integration; by capturing output buffer, using DOM parser to get the post body contents from the page, parse the contents and output the modified page contents. That would mean that we wouldn’t have to make any mods to FluxBB source. Wondering tho what it does to memory consumption.
Altho, the FluxBB uses its own BBCode based syntax, which will interfere with Textile.
Last edited by Gocom (2013-10-03 07:08:56)
Offline
Re: Eventual forum upgrade plan
Work on the forum has gone forward. Since our forum’s additional features require modifying FluxBB source, we’ve been offloading as much of it to JavaScript as possible. This includes sharing buttons, ranks and post quoting.
The new quote uses the first actual paragraph and links to the original post; this ensures quotes actually render working syntax; as we know, most quotes on these forums are unreadable and broken. Since it works by JavaScript, you are also able to quote multiple posts from one page, if needed.
New (pending) features include embedded Gist and Tweets (now using the official Twitter API), and some new ranks so that we all aren’t omegas. Must. Slip. Omega Shenron. In.
Last edited by Gocom (2013-10-04 11:41:07)
Offline
Re: Eventual forum upgrade plan
Nice work Jukka! I’ll continue work on the forum CSS over the weekend.
Offline
#24 2013-10-04 12:36:38
- els
- Moderator
- From: The Netherlands
- Registered: 2004-06-06
- Posts: 7,458
Re: Eventual forum upgrade plan
Wonderful, thanks guys!
Gocom wrote:
and some new ranks so that we all aren’t omegas.
Very good. A forum full of omegas looks like an old people’s home ;)
Offline