Disabling user registrations

[ragabash]

So we have an interesting option for spam control that I'd like to try. It's a graphical (mouse-driven) dealie where you are presented with a list of terms, with a question on how to filter the list. Here's a demo:

http://www.derky.nl/sortables/posting.p ... ly&f=2&t=1

What I'd like to do is have you guys come up with a list of canonical Dune characters that most enthusiasts would know, and a list of non-Dune SF characters. We would present that to a potential registrant with the question, "which of these characters were in Dune?" I'm thinking pretty obvious answers that a machine would have problems with, since it wouldn't understand the question. An example list would be Paul Atredies, Vladimir Harkonnen, Luke Skywalker, Jean-Luc Picard, and Helen-Gaius Monyhan.

[ragabash]

Honestly, this onslaught is kind of recent. I used to weedwhack the user registrations, and in fact did it a few months ago and there were only a few new registrants. Maybe a page each time.

But after that, we got bombed. Not sure why.

It's happening because I finally got around to unfucking mail coming from the server.

[Omphalos]

Honestly, this onslaught is kind of recent. I used to weedwhack the user registrations, and in fact did it a few months ago and there were only a few new registrants. Maybe a page each time.

But after that, we got bombed. Not sure why.

It's happening because I finally got around to unfucking mail coming from the server.

What I am talking about has got nothing to do with the email, Bro. I think. What I am saying is that a few months ago all of a sudden we had a jillion new members waiting in the queue for approval, and all of them were spam accounts.

[Freakzilla]

The emails are certainly working now, it's a constant flood. I just ignore them then delete the lot daily. There's no way I could sort through even a fraction of them.

[ᴶᵛᵀᴬ]

Guys, spam is no more an issue at all in the new board version. The Test Forum is still in development. I beg your indulgence and a little more patience. Maybe just 2 or 3 days and you'll see

[Freakzilla]

Guys, spam is no more an issue at all in the new board version. The Test Forum is still in development. I beg your indulgence and a little more patience. Maybe just 2 or 3 days and you'll see

[Serkanner]

[georgiedenbro]

[ragabash]

Honestly, this onslaught is kind of recent. I used to weedwhack the user registrations, and in fact did it a few months ago and there were only a few new registrants. Maybe a page each time.

But after that, we got bombed. Not sure why.

It's happening because I finally got around to unfucking mail coming from the server.

What I am talking about has got nothing to do with the email, Bro. I think. What I am saying is that a few months ago all of a sudden we had a jillion new members waiting in the queue for approval, and all of them were spam accounts.

Oh, I see. The timeline seems longer than that to me; when we upgraded the board to 3.0.14, it broke the CAPTCHA system we had installed, and that's when I noticed the spam accounts flowing in. I went back and bulk deleted them over a few days the week before last.

[ragabash]

Guys, spam is no more an issue at all in the new board version. The Test Forum is still in development. I beg your indulgence and a little more patience. Maybe just 2 or 3 days and you'll see

New version? Are we going to upgrade Jacurutu again?

Also, if you are using spam tools, I'll need a complete list of what to install on the back end. How much effort is this going to involve?

[ᴶᵛᵀᴬ]

Guys, spam is no more an issue at all in the new board version. The Test Forum is still in development. I beg your indulgence and a little more patience. Maybe just 2 or 3 days and you'll see

New version? Are we going to upgrade Jacurutu again?

Yep, from 3.0.14 version [May 2015] to 3.1.10 [October 2016].

phpBB 3.1 Ascraeus is the culmination of nearly 8 years of development since phpBB 3.0—an eternity when it comes to web development. When phpBB team finally released phpBB 3.1, they announced that phpBB would from now on see feature releases on an annual basis.

3.1.10 is not the latest version (3.2.1), but it's stable, complete & fully TESTED. I've been working on it for the past six months (upgrading style & customizing some functionalities).

Also, if you are using spam tools, I'll need a complete list of what to install on the back end. How much effort is this going to involve?

No more "MODS" with the new "extensions" system. Just copy and past. A piece of cake, truly. You'll see

[ragabash]

Guys, spam is no more an issue at all in the new board version. The Test Forum is still in development. I beg your indulgence and a little more patience. Maybe just 2 or 3 days and you'll see

New version? Are we going to upgrade Jacurutu again?

Yep, from 3.0.14 version [May 2015] to 3.1.10 [October 2016].

phpBB 3.1 Ascraeus is the culmination of nearly 8 years of development since phpBB 3.0—an eternity when it comes to web development. When phpBB team finally released phpBB 3.1, they announced that phpBB would from now on see feature releases on an annual basis.

3.1.10 is not the latest version (3.2.1), but it's stable, complete & fully TESTED. I've been working on it for the past six months (upgrading style & customizing some functionalities).

Also, if you are using spam tools, I'll need a complete list of what to install on the back end. How much effort is this going to involve?

No more "MODS" with the new "extensions" system. Just copy and past. A piece of cake, truly. You'll see

I was reading up on it, I'm sure it will be. My only concern is the amount of time to upgrade. I have a lot of constraints on my time from now until mid-October. How time intensive is the upgrade process?

I presume there's going to be a significant amount of back end work.

[ᴶᵛᵀᴬ]

My only concern is the amount of time to upgrade. I have a lot of constraints on my time from now until mid-October. How time intensive is the upgrade process?

I presume there's going to be a significant amount of back end work.

Well, this is not a quick process, though - we might end up with an unusable forum if we've only allocated 10 minutes or so to do it! So, I think it's always better to be safe than sorry

Upgrading to phpBB 3.1 will render previously installed MODifications and styles unusable. phpBB 3.1 is not compatible with 3.0 and most of the previous files will need to be removed prior to upgrading to 3.1.

Last thing : Your server must be running at least PHP 5.3.3 and less than PHP 7

[ragabash]

My only concern is the amount of time to upgrade. I have a lot of constraints on my time from now until mid-October. How time intensive is the upgrade process?

I presume there's going to be a significant amount of back end work.

Well, this is not a quick process, though - we might end up with an unusable forum if we've only allocated 10 minutes or so to do it! So, I think it's always better to be safe than sorry

Upgrading to phpBB 3.1 will render previously installed MODifications and styles unusable. phpBB 3.1 is not compatible with 3.0 and most of the previous files will need to be removed prior to upgrading to 3.1.

Last thing : Your server must be running at least PHP 5.3.3 and less than PHP 7

I'm currently running php 5.3.3.

I agree that it will take time to do the upgrade properly. My point is that I don't currently have that much time to devote to it, at least until mid-October.

Are you making the theme work with phpbb 3.1 on the test server?

[ᴶᵛᵀᴬ]

My point is that I don't currently have that much time to devote to it, at least until mid-October.

Mid-October, no problemo

Are you making the theme work with phpbb 3.1 on the test server?

Of course . Upgrading to phpBB 3.1 will render previously installed themes unusable (jacurutu, prosilver, subsilver). Styles for 3.0.x can not be used on 3.1.x and vice versa. So, I made a new jacurutu theme.

[ragabash]

My point is that I don't currently have that much time to devote to it, at least until mid-October.

Mid-October, no problemo

Are you making the theme work with phpbb 3.1 on the test server?

Of course . Upgrading to phpBB 3.1 will render previously installed themes unusable (jacurutu, prosilver, subsilver). Styles for 3.0.x can not be used on 3.1.x and vice versa. So, I made a new jacurutu theme.

Very nice. Thank you for your work.

[ragabash]

I'm trying a new tactic. I'm using RBLs (realtime black lists). They're lightweight, fast services that spam control services use to track spam domains.

I installed an apache mod that queries two popular RBL sites with the source IP of every request to the site, and denies anyone from spam domains.

Contact me of facebook if you can't log into the site.

[Freakzilla]

It seems to be working. I originally tried having the RBL scanner protect the entire site, but that seemed a bit draconian; I changed it to only protect the registration URL. This seems to be working. I haven't seen a spam account registration since last night. The mod_secure log is full of rejection messages.

There may be false positives if either of the RBLs we use identify a spammer incorrectly. That's why I limited access to only the registration page. If someone who should have access gets a 403, they should be able to get contact info via the site itself and let us know. I hope we display that somewhere.

[ragabash]

It seems to be working. I originally tried having the RBL scanner protect the entire site, but that seemed a bit draconian; I changed it to only protect the registration URL. This seems to be working. I haven't seen a spam account registration since last night. The mod_secure log is full of rejection messages.

There may be false positives if either of the RBLs we use identify a spammer incorrectly. That's why I limited access to only the registration page. If someone who should have access gets a 403, they should be able to get contact info via the site itself and let us know. I hope we display that somewhere.

Whoops! that last post was me, not Freak, sorry about that! I guess I have Freak's credentials stored in my browser and used them by mistake.

[Freakzilla]

I seem to be getting less emails today.

[ragabash]

I've extended the RBL protecion to TaU as well.

[ragabash]

Hah, look at this excerpt from mod_security's log.

[15/Sep/2017:11:52:19 --0700] [tau.solahpmo.com/sid#7f9de1a07b70][rid#7f9de1d99d18][/ucp.php][1] Access denied with connection close (phase 2). RBL lookup of 244.152.28.37.zen.spamhaus.org succeeded at REMOTE_ADDR (Illegal 3rd party exploits). [file "/etc/httpd/conf/mod_security_phpbb3.conf"] [line "14"] [id "400010"] [msg "Spam host detected by zen.spamhaus.org"]

The IP it's using isn't valid; it's from a reserved block for future use. So someone is spoofing an IP that doesn't even exist yet.

What a tool.

[Omphalos]

Like putting Freak's pants on and walking around the room, do you?

[Freakzilla]

I have nice pants!

[Serkanner]

I have nice pants!

Pictures or get the fuck out.