Page Index Toggle Pages: [1] 2 
Topic Tools
Hot Topic (More than 10 Replies) Just a question (Read 7,095 times)
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,991
Location: Land of the Blazing Sun!

YaBB 2.6.1
Just a question
May 16th, 2012 at 10:33pm
Post Tools
Its a multiple ~

A. How many of you have your YaBB installed in 'cgi-bin\yabb2'?

B. How much help against 'bot' registrations do you think installing YaBB's 'cgi-bin' Perl executable in a non-standard directory (like it is here with URL/community/YaBB.pl) would be??

C. How much difference would it make if the executable wasn't YaBB.pl???

D. Have any of you noticed a fall-off in the number of X-rumer type bot registrations???

Thanks to all those who reply.
Cool

« Last Edit: May 16th, 2012 at 10:36pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Just a question
Reply #1 - May 17th, 2012 at 1:10am
Post Tools
Mine is now in the cgi directory. I'm not all that well experienced with it but would it actually make a difference to bots which folder it's installed in?

Pre 2.5ae, my installation wasn't in a cgi directory. I dont recall if it has made a difference or not. I know at one point, I was getting about 5 spammers registering per day. The anti-spam mods nipped that real quick.

Maybe I'll learn something here:)
« Last Edit: May 17th, 2012 at 1:11am by WestwegoMan »  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,713
Location: Los Angeles

YaBB 2.4
Answers. Re: Just a question
Reply #2 - May 17th, 2012 at 1:56am
Post Tools
A. /cgi-bin/yabb/YaBB.pl

Edited:
B. Because YaBB.pl is accessed publicly, being in a cgi-bin directory does nothing to stop bots. It really doesn't matter where it is. A cgi-bin directory is old hat thinking, and no longer effective.

JonB wrote on May 17th, 2012 at 4:59pm:
Quote:
Because YaBB.pl is accessed publicly, being in a cgi-bin directory does nothing to stop bots. It really doesn't matter where it is. A cgi-bin directory is old hat thinking, and no longer effective.

Actually Bill - on many hosted Apache Servers - cgi-bin (or a folder below it) are the ONLY place YaBB will run without a custom configuration.

...


The above is only a partial quote. You're encouraged to click JonB's full quotation for a more accurate, and thorough explanation.

C. YaBB could be any executable, and it wouldn't make a difference. However, because all YaBB forums have YaBB.pl as it's name, bots can find them very easily. Still, many more forums are in a public /forum/ directory, and those are also easy to find.

D. Attempted X-rumer type bot registrations are more than ever, and will continue to grow in some form or another. However, spam-bots can be stopped cold very easily with any 1 of 2 mods made for YaBB, or with a simple manual modification of CAPTCHA.

***************************************

Regarding spam-bots, using a CAPTCHA validation image is no longer needed. Besides, it's no longer effective anyway, so why bother people with it when they register?

Thanks to Carsten's Spamfruits mod, I don't even bother people with anything but choosing 1 of 4 fruit images. It's actually a fun way to register, plus it's very pretty. I've even stopped making registrants answer a question.

I also have Derek's Anti-Spam Question mod installed, although it's currently disabled, but it's at the ready if it's needed. I only tested it for a couple of days, but his mod seems to be just as effective as Carsten's, and it's easy to modify once it's installed.

I'm still keeping my fingers crossed with Carsten's Spamfruits, but so far, so good.  Smiley

Edited:
Edited to add a missing link.
« Last Edit: May 17th, 2012 at 5:22pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Just a question
Reply #3 - May 17th, 2012 at 2:06am
Post Tools
Bill Myers wrote on May 17th, 2012 at 1:56am:
I'm still keeping my fingers crossed with Carsten's Spamfruits, but so far, so good.

Both mods are very affective. I have both installed and use both. I think I went with both just for added protection. Spam bots had me frustrated to the point that I wanted to give up. Thankfully, those mods came to the rescue and not one bot has been able to get by. Smiley

Anti-spam mods and the Merv = 1
Spamtards = 0
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,713
Location: Los Angeles

YaBB 2.4
Re: Just a question
Reply #4 - May 17th, 2012 at 2:29am
Post Tools
WestwegoMan wrote on May 17th, 2012 at 2:06am:
Spam bots had me frustrated to the point that I wanted to give up.

I had the same problem with spam-bots. In fact, I was just about ready to shutter our forum because of it a couple of years ago.

Many YaBB forums have been shuttered because of spam.

Instead, I updated to V2.4 and started requiring admin approval for registrations.

That worked for a while, but at some point I was getting too many spam-bot registrations, which of course I denied.

I next implemented a CAPTCHA modification that stopped every single spam-bot cold.

Finally, I installed BoardMod and learned how to use it, so I installed the anti-spam mods I mentioned.

While I guess it's kind of fun to mess around with the requirements of registration, playing around with it for the sake of having fun with mods is a disservice to registrants, and it's an unnecessary irritation for them.

I'm all about inclusion versus exclusion, so as long as spamfruits is working, that's the only hoop I'm going to make people jump through.

As things are now, and as they've been for a while, our forum continues to have Open registration without approvals; not even an email validation is needed.

Edited:
Update: Our Open registration without approvals experiment is going along fine enough except that, to my disappointment, as of this edit a hu-bot registered to spam our forum. Luckily I was around to deal with it, but it did happen. I haven't changed anything because of this, not just yet, but I'm at the ready to add a question or two in the registration process if it's needed.

However this works out, I'm very grateful for the anti-spam mods that YaBB has available to utilize.

So to both Carsten and to Derek, my hat is off to you. Smiley

I'm trying to have the same attitude about spam-bots that JonB has; he just won't let them get to him even when they get through from time to time.

On our site so far, no spam posts have been made. But I just know that it's probably only a matter of time before it happens.

I just have to hold my tongue, and not nuke the forum because of it.  Roll Eyes

Edited:
Edited to correct a spelling error.
« Last Edit: May 19th, 2012 at 6:31am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Just a question
Reply #5 - May 17th, 2012 at 3:19am
Post Tools
I guess you could say that SpamFruits is a great feeture on your site, Bill. Wink
  
Back to top
 
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Just a question
Reply #6 - May 17th, 2012 at 4:31am
Post Tools
Bill Myers wrote on May 17th, 2012 at 2:29am:
As things are now, and as they've been for a while, our forum continues to have Open registration without approvals; not even an email validation is needed.

I had been using pre-registration with email activation.Going to try Open registration without approvals since I have the mods installed. I'll see how that goes. I think it will work out well but, like most things web related, only time will tell.
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,713
Location: Los Angeles

YaBB 2.4
Re: Just a question
Reply #7 - May 17th, 2012 at 6:40am
Post Tools
Derek Barnstorm wrote on May 17th, 2012 at 3:19am:
I guess you could say that SpamFruits is a great feeture on your site, Bill. Wink

Yes, I really like it a lot. I've always wanted to use it.

By the way, for those of you who don't know it yet, Derek's Anti-Spam Question mod works very well. After you install it, the questions that come with it can be edited or deleted, and you can even add your own questions. All this is easily done directly in your Admin Center.

Derek writes, "Obviously this won't do anything for human spam but will hopefully help against robots."

Actually, this can be very effective against human spam as well if you decide to ask a question that is unique to your forum.

For instance, I know a forum that asks the question, "What state is at the top of this page?"

What's great about that question is that spammers in general are outside of the United States, so it's highly unlikely that any of them could get this question correct. Very clever.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Just a question
Reply #8 - May 17th, 2012 at 4:24pm
Post Tools
I don't think you got my joke. Smiley

Derek Barnstorm wrote on May 17th, 2012 at 3:19am:
great feeture

  
Back to top
 
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Just a question
Reply #9 - May 17th, 2012 at 4:36pm
Post Tools
I sure didn't catch that one.  Grin

Running slower in my old age
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,713
Location: Los Angeles

YaBB 2.4
Re: Just a question
Reply #10 - May 17th, 2012 at 4:54pm
Post Tools
WestwegoMan wrote on May 17th, 2012 at 4:36pm:
I sure didn't catch that one.  Grin

Running slower in my old age

I'm pretty sure the regulars get it since a number of them already know including you of course.  Wink

For obvious reasons I remain discreet about it.  Shocked
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,991
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Just a question
Reply #11 - May 17th, 2012 at 4:59pm
Post Tools
Quote:
Because YaBB.pl is accessed publicly, being in a cgi-bin directory does nothing to stop bots. It really doesn't matter where it is. A cgi-bin directory is old hat thinking, and no longer effective.


Actually Bill - on many hosted Apache Servers - cgi-bin (or a folder below it) are the ONLY place YaBB will run without a custom configuration.  The reason for this is the same as the problem with a universal installer. YaBB is written in Perl which, unless you are running Perl ISAPI or the scrpt is mod_perl compatible (YaBB is not + mod_perl only runs on Apache), requires running a BINARY PROGRAM EXECUTABLE on the remote server, i.e perl.exe, and passing a plain-text script to that executable.  Apache requires special permissions on folders that allow remote execution of programs on the server (think about it).  There is a protocol for this called CGI - (Common Gateway Interface). Perl and YaBB use that framework.

Perl, BTW, is NOT in the Apache ServerRoot or DocumentRoot -- In fact it has nothing to do with Apache, its actually a programming language environment installed on the server in the Server OS. The real issue is that the source code of YaBB AND its data would be readable if it were placed in the DocumentRoot.

Perl is the most common tool for building Control Panels and Web administrative interfaces in the Linux/Unix world. It does not need a browser to execute and Perl is almost universal on Linux boxes (It was the original P in LAMP).

Webmin (the leading Open Source Unix web admin tool) is a Perl script, many parts of cPanel and Plesk are also in Perl, so YaBB is in fine company.  As a point, the Virtual Server this forum now runs on is created and administered wirh Virtualmin and Webmin respectively. The whole infrastructure of the ISP hosting system can be built with those tools. (tools I know and love myself - all my Linux servers get Webmin, whether mine or remote).

http://httpd.apache.org/docs/2.0/mod/mod_alias.html#scriptalias

http://en.wikipedia.org/wiki/Common_Gateway_Interface

OTAY???

Wink

* JonB puts away ServerGeek 101 syllabus.
« Last Edit: May 17th, 2012 at 5:54pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,713
Location: Los Angeles

YaBB 2.4
Re: Just a question
Reply #12 - May 17th, 2012 at 5:21pm
Post Tools
JonB, you explain it well.  Smiley
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,991
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Just a question
Reply #13 - May 17th, 2012 at 6:49pm
Post Tools
Oddly enough, I just checked my PayPal acccount -

Guess what?

Code
Select All
https://www.paypal.com/us/cgi-bin/webscr?cmd=_logout 



Wink
« Last Edit: May 17th, 2012 at 6:51pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
westwegoman
Ex Member
**




YaBB 2.5.2
Re: Just a question
Reply #14 - May 17th, 2012 at 7:01pm
Post Tools
JonB wrote on May 17th, 2012 at 4:59pm:
on many hosted Apache Servers - cgi-bin (or a folder below it) are the ONLY place YaBB will run without a custom configuration.  The reason for this is the same as the problem with a universal installer. YaBB is written in Perl which, unless you are running Perl ISAPI or the scrpt is mod_perl compatible (YaBB is not + mod_perl only runs on Apache), requires running a BINARY PROGRAM EXECUTABLE on the remote server, i.e perl.exe, and passing a plain-text script to that executable.  Apache requires special permissions on folders that allow remote execution of programs on the server (think about it).  There is a protocol for this called CGI - (Common Gateway Interface). Perl and YaBB use that framework.


Ohhhh! I have a headache now.... Only because most of this stuff is foreign to me. It often impresses me how you guys learn this stuff and run through it like its such a simple task.

Everybody has their strong spot, as for me.... better stick with my small html knowledge and water treatment. Surely dont want to overload my brain cells.
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: [1] 2 
Topic Tools
 
  « Board Index ‹ Board  ^Top