You are not logged in. Please login or register.

Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

Pages: 1 2 Next

#1 FluxBB discussion » "Powered by" footer altered » 2011-06-15 14:11:53

bgiddins
Replies: 5

Saw a site running FluxBB that has altered the footer copyright notice to remove the link back to Fluxbb.org - is this a copyright breach?

#2 Re: General support (1.4) » Users changing email addresses after registration » 2011-05-03 12:11:26

bgiddins

Thanks - forgot to come back and say that I've implemented this, works just fine - cheers.

#3 General support (1.4) » Users changing email addresses after registration » 2011-03-21 03:00:10

bgiddins
Replies: 8

Having a bit of a problem on my forum with users creating "sockpuppet" accounts, and immediately altering their email address after account creation to a fake email address that is not verified.

Is there a way to log or capture permanently the registration details provided (e.g. email address) at registration time, so even if they overwrite them there is a record of what they provided at signup? I'd rather not enable email notifications to administrators on every new registration, as it's a relatively high traffic website, but I need to have an audit trail somewhere.

#4 Re: General support (1.4) » Zero day exploit? Guest able to post when guest posting disabled!!! » 2010-12-05 10:26:06

bgiddins

Fixed it!!!

I'd accidentally deleted the guest account earlier today - I had manually recreated a guest, but it was in the wrong group, so the guest user group was empty. By creating the guest account in the members group, guests had full permissions of a normal user hmm

Recovered it from a database export - simply reinserted the proper guest record. Glad that's sorted!!!

#5 Re: General support (1.4) » Zero day exploit? Guest able to post when guest posting disabled!!! » 2010-12-05 10:21:44

bgiddins

Crap - I think this is a bug. The "Post reply" and "Post new topic" links show up in my forum regardles of whether you're logged in or not, despite this being explicitly disabled in Administration.

Been able to add reCAPTCHA to guest posting using the option as an interim, but this is a coding bug in my forum.

#6 Re: General support (1.4) » Zero day exploit? Guest able to post when guest posting disabled!!! » 2010-12-05 10:16:04

bgiddins

I was just able to replicate this attack by attempting to register, and then NOT completing the reCAPTCHA fields - but if I then log in with the failed credentials (that still don't exist in the user table!) I get guest posting access.

Will see if it's not something else - this forum just launched and is only 2 days old, was previously running 1.2.

#7 Re: General support (1.4) » Zero day exploit? Guest able to post when guest posting disabled!!! » 2010-12-05 10:11:49

bgiddins

Raw access logs:

79.120.85.139 - - [05/Dec/2010:20:56:58 +1100] "GET /viewtopic.php?id=1746 HTTP/1.0" 200 35149 "http://forums.silverstackers.com/viewtopic.php?id=1746" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:00 +1100] "GET /register.php HTTP/1.0" 200 16725 "http://forums.silverstackers.com/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:02 +1100] "GET /register.php?agree=Agree HTTP/1.0" 200 14478 "http://forums.silverstackers.com/register.php?agree=Agree" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:04 +1100] "POST /register.php?action=register HTTP/1.0" 200 15047 "http://forums.silverstackers.com/register.php?agree=Agree" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:06 +1100] "GET /login.php HTTP/1.0" 200 8496 "http://forums.silverstackers.com/login.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:07 +1100] "POST /login.php?action=in HTTP/1.0" 200 6523 "http://forums.silverstackers.com/login.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:08 +1100] "GET /forum-9-gold-coins.html HTTP/1.0" 200 26933 "http://forums.silverstackers.com/forum-9-gold-coins.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:10 +1100] "GET /post.php?fid=9 HTTP/1.0" 200 14463 "http://forums.silverstackers.com/post.php?fid=9" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:12 +1100] "POST /post.php?action=post&fid=9 HTTP/1.0" 302 1081 "http://forums.silverstackers.com/post.php?fid=9" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
79.120.85.139 - - [05/Dec/2010:20:57:14 +1100] "GET /message-60091.html HTTP/1.0" 200 17137 "http://forums.silverstackers.com/message-60091.html#p60091" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

So they go through the registration process, but are able to post as guests. No entry exists in the user table for the spammers. Other registrations have been occurrng as normal.

#8 Re: General support (1.4) » Zero day exploit? Guest able to post when guest posting disabled!!! » 2010-12-05 10:07:16

bgiddins

Just checked EVERY forum - not a single one had guest permission to post or start new topics (some had read access), so it's definitely an exploit.

Guests had search permission - I removed that in case there's an exploit there. I will see if disabling guest search stops them.

#9 Re: General support (1.4) » Zero day exploit? Guest able to post when guest posting disabled!!! » 2010-12-05 10:01:35

bgiddins

I also have the reCAPTCHA plugin enabled, and it requires reCAPTCHA for guests even though I don't allow guests to post anywhere on the forum.

#10 Re: General support (1.4) » Zero day exploit? Guest able to post when guest posting disabled!!! » 2010-12-05 10:00:02

bgiddins

Just had another spam posting, same approach, new IP address 79.120.85.139.

Was spam in Cyrillic full of links.

#11 General support (1.4) » Zero day exploit? Guest able to post when guest posting disabled!!! » 2010-12-05 09:43:02

bgiddins
Replies: 9

Running forum 1.4.2 - just had a guest post in a forum where guest posting is explicitly disabled.

Username: Bofoffilk
Email address: xrumerivanovichbotmasterov@gmail.com
IP address: 109.184.61.248
host address: 109-184-61-248.dynamic.mts-nn.ru
subject: stomatolog
post contents:

<h1>Account suspended</h1>

The email address is showing up in a ton of spam reports on the web - I'm concerned this is a zero day exploit as I've checked and there DEFINITELY is no guest topic posting privileges in the forum where the post appeared.

Anyone else seen this?

RESOLVED - operator error! see http://fluxbb.org/forums/viewtopic.php?pid=36482#p36482

#12 General support (1.4) » CSS question » 2010-12-04 05:29:03

bgiddins
Replies: 0

Basic question - how do I make the signature DIV in a post go to the bottom of the post?

The markup for a single post on my 1.4.2 forum looks like this:

<div class="postright">
    <h3>Post subject</h3>
    <div class="postmsg">
        <p>Some post text</p>
    </div>
    <div class="postsignature postmsg"><hr /><p>Some signature text</p></div>
</div>

I want the div with class "postsignature" to be at the bottom of the "postright" div, not immediately underneath the "postmsg" div. The height of the "postright" div is determined by the profile next to it.

cheers

#13 Modifications (1.4) » Uploadile? » 2010-11-23 12:08:09

bgiddins
Replies: 26

Saw this new mod today - but no discussion? Can't read French so the fluxbb.fr links are a bit useless for me - are there screenshots anywhere?

Been using http://www.punres.org/desc.php?pid=362 on a FluxBB 1.2 board, updating to 1.4 and seeing if there's improvements available.

#14 Re: General support (1.4) » Extra checkbox on edit.php » 2010-11-23 12:03:43

bgiddins

Found it - it was timelimit_v1.0.2

Been using patcher, and I missed "/lang/[language]/post.php" where language was not specified in the readme.txt.

#15 Re: Modifications (1.4) » [Mod] Another Private Messaging / Topic System - 3.0.1 » 2010-11-23 11:54:10

bgiddins
adaur wrote:

But tell me: are folders viewables by the members, or only by you?

Folders are only viewable by the member who has received the message. Just like a custom folder in an email client.

Folders are maintained in a separate table with a unique id, name and owner id. The messages table is extended with a folder_id field.

#16 General support (1.4) » Extra checkbox on edit.php » 2010-11-18 11:31:23

bgiddins
Replies: 1

Getting a spare checkbox with no label when editing posts in Admin mode:

<label><input type="checkbox" name="hide_smilies" value="1" tabindex="3" />Never show smilies as icons for this post<br /></label>
<label><input type="checkbox" name="silent" value="1" tabindex="4" checked="checked" />Silent edit (don't display "Edited by ..." in topic view)<br /></label>
<label><input type="checkbox" name="editpost" value="1" tabindex="5" /><br /></label>

The rendering code is on line 236 of edit.php:

if ($pun_user['g_id'] == PUN_ADMIN)

{

    if ((isset($_POST['form_sent']) && !isset($_POST['editpost'])) || (!isset($_POST['form_sent']) && $cur_post['edit_post'] != 1))

        $checkboxes[] = '<label><input type="checkbox" name="editpost" value="1" tabindex="'.($cur_index++).'" />'.$lang_post['EditPost edit'].'<br /></label>';

    else

        $checkboxes[] = '<label><input type="checkbox" name="editpost" value="1" tabindex="'.($cur_index++).'" checked="checked" />'.$lang_post['EditPost edit'].'<br /></label>';

}

It's not in the original edit.php, so one of my many mods has inserted this - looks like I have a missing language entry for $lang_post['EditPost edit'] - anyone recognise the mod before I start trawling through mod zips?

Editing posts with and without the checkbox doesn't have any discernable difference in behaviour.

cheers

#17 Re: Modifications (1.4) » [Mod] Another Private Messaging / Topic System - 3.0.1 » 2010-11-18 11:16:52

bgiddins

Are folders planned for inclusion in this messaging system in future?

I'm using a respun version of 1.2.4c from FluxBB 1.2, updated for FluxBB 1.4 - the version with folders. This is an important feature, as I trim private messages every 30 days from users inboxes, UNLESS they've been moved to a folder. This is done for some privacy reasons that the members are happy to accept.

Interested in moving to a more modern PM system, but I need one either with folders, or a "sticky" feature to flag PMs so that my cleanup script can ignore deleting them.

#18 Re: General support (1.4) » does Google Sitemap Generator v1.0.4 is avalible on ver 1.4.1? » 2010-10-17 23:28:30

bgiddins
Smartys wrote:

Also, shouldn't this come packaged with a RewriteRule so that a request to sitemap.xml returns a result?

Your sitemap file does not need to be named sitemap.xml. See http://www.sitemaps.org/protocol.php#informing

Ah okay thanks - I read a blog "somewhere" that said it was required for Google.

Something I haven't checked out with this mod, does it only reflect topics etc with guest access? i.e. if you have member-only forums, they shouldn't be part of the sitemap that gets generated. At work now so I can't try this out to check it.

I'll investigate the URL rewriting aspects.

#19 Re: Modifications (1.4) » Simple Poll mod » 2010-10-17 05:11:49

bgiddins

Just installed 1.0.3, I need to test it some more, as I'm seeing THREE instances of the poll in the edit view.

Also, is there no "skip" button to skip voting and just see the responses?

I'm going to try creating a separate poll.php based on post.php, and have separate "Post new topic | Post new poll" links, and see how it feels. I don't like the poll on every page, and I'm not sure about using the jQuery mod (although that might work fine).

Might install Auto Poll and compare the two.

#20 Re: General support (1.4) » does Google Sitemap Generator v1.0.4 is avalible on ver 1.4.1? » 2010-10-17 04:49:50

bgiddins

Has anyone modified this to produce the sort of URLs you get in conjunction with the Fluxrewrite-essentials mod by Kévin Dunglas?

e.g. display /forums/forum-1-test-forum.html instead of /forums/viewforum.php?id=1

Also, shouldn't this come packaged with a RewriteRule so that a request to sitemap.xml returns a result?

RewriteRule (.*)\.xml(.*) $1.php$2 [nocase]

#21 Re: General support (1.4) » capcha? » 2010-10-16 12:49:12

bgiddins

Yep, think that did it. Not clear on why the install didn't work though hmm

#22 Re: General support (1.4) » capcha? » 2010-10-16 12:38:38

bgiddins

Not sure what's going on here... I manually created entries in the config table for the four values, now the Options screen won't persist the key values to the table. Other database functions work, like creating topics etc.

#23 Re: General support (1.4) » capcha? » 2010-10-16 11:38:56

bgiddins

Bizarre - brand new 1.4.2. out-of-the-box install, I copied the new and changed files for the reCAPTCHA mod into the relevant locations, ran install_mod, get the message "Your database has been successfully prepared for reCAPTCHA. See readme.txt for further instructions.", can see the new admin options, but the database hasn't been updated, and I can't find an error log anywhere to indicate why the SQL didn't take.

Any suggestions? Been using PunBB and FluxBB for a number of years, but this is my first 1.4 experience - not sure why the install fails on the DB task (but no error messages).

#24 Re: Modifications (1.4) » A few mods (in progress) » 2010-10-13 00:29:43

bgiddins

Can the SFS mod be configured to only check against email addresses, or perhaps allow registrations to go ahead, but just report or flag the user to the administrator for review? This might help avoiding incorrectly-blacklisted IPs from preventing users from signing up, or from maliciously-blacklisted email addresses being denied registration.

#25 General support (1.4) » Guests and "hidden" forums » 2010-08-16 06:13:44

bgiddins
Replies: 1

A feature I'm unable to implement on 1.2 is the desire to have some forums' threads and posts visible to registered members only, but with the fact that forum exists visible to non-registered guests (i.e. to encourage them to sign up). I've had to resort to duplicating forums, with one set up for "Guests: Read only" and the other set up normally with members having all permissions (and guests none). This means however that as an administrator logged in, I see both forums hmm

Making threads "read only" for guests isn't an option I want to pursue.

Does 1.4 allow the option of making member-only forums visible to guests, but not the threads/posts within? It would be nice if forums could be visible to guests, and on clicking that forum, they are presented with a nice message about "this forum available to members only - please register" rather than just not being able to see the forum at all.

Pages: 1 2 Next

Board footer

Powered by FluxBB 1.4.8