Page Index Toggle Pages: 1
Topic Tools
Hot Topic (More than 10 Replies) Ack! Spoof Alert issues (Read 2,596 times)
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: Ack! Spoof Alert issues
Reply #11 - Jun 29th, 2012 at 4:38pm
Post Tools
xnoddyx wrote on Jun 29th, 2012 at 4:20pm:
no its not the phone but YaBB that need the mod or edit i have seen paid forums that let mobile phone work on them that lets the phone work no matter what its ip is

I stand corrected.  Wink
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,587
Location: UK:Scotland/livingston

None
Re: Ack! Spoof Alert issues
Reply #10 - Jun 29th, 2012 at 4:20pm
Post Tools
Bill Myers wrote on Jun 29th, 2012 at 3:50pm:
Ultimately, however, this kind of mod should be something mobile phone software developers should be providing to their customers.


no its not the phone but YaBB that need the mod or edit i have seen paid forums that let mobile phone work on them that lets the phone work no matter what its ip is

will yabb have this we will just have to see


Bill Myers wrote on Jun 29th, 2012 at 3:50pm:
Maybe it can be a "roaming" feature/setting for those who need it.


sounds good to me
« Last Edit: Jun 29th, 2012 at 4:21pm by xnoddyx »  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: Ack! Spoof Alert issues
Reply #9 - Jun 29th, 2012 at 3:50pm
Post Tools
xnoddyx wrote on Jun 29th, 2012 at 12:11pm:
... on my forums i have the defalt for "Default lifetime of login cookies" set to Until I quit the browser
and dont get this prob unless i have been login for a hour or more.

I've never really paid attention to that setting, but now I have a better understanding of how that security feature works. Thanks for letting us know about this.

In YaBB 2.4 it's called "Default Length for login cookies to last" and I think the default setting may be "Keeps" since we have that setting currently enabled in our forum.

Additionally, but in 2.4 it's worded a bit differently, the "Until I exit the browser" option is available along with 7 other options based on hourly times.

So evidently the reason I've gotten spoofing error messages is because of the different IP addresses that are assigned to my laptop, iPod, and iPad. It's not uncommon for me to bounce from one device to another while never having logged out of our forum.

Interesting!  Smiley


xnoddyx wrote on Jun 29th, 2012 at 3:20pm:
Quote:
Activate Session ID's?
This protects the Administrative Functions based on a three part Session Key based on IP address

so there might be away to make a mod that will let a user in there CP to turn this off for that user so even when they get a new ip it wont stop them posting to the forum or the need to log back in

Maybe it can be a "roaming" feature/setting for those who need it.

Ultimately, however, this kind of mod should be something mobile phone software developers should be providing to their customers.

Edited:
xnoddyx wrote on Jun 29th, 2012 at 4:20pm:
no its not the phone but YaBB that need the mod or edit i have seen paid forums that let mobile phone work on them that lets the phone work no matter what its ip is

Meanwhile, I suppose an admin can adjust their settings accordingly. But, would this be a good idea?
« Last Edit: Jun 29th, 2012 at 4:39pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,587
Location: UK:Scotland/livingston

None
Re: Ack! Spoof Alert issues
Reply #8 - Jun 29th, 2012 at 3:20pm
Post Tools
i have been thinking about this in admin you have

Quote:
Activate Session ID's?
This protects the Administrative Functions based on a three part Session Key based on IP address


so there might be away to make a mod that will let a user in there CP to turn this off for that user so even when they get a new ip it wont stop them posting to the forum or the need to log back in

all though it will leave them open to a Edited:
bot or
hacker possibility taking there cookie and taking over there there AC

what do you think?
« Last Edit: Jun 29th, 2012 at 3:23pm by xnoddyx »  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,264
Location: Earth

YaBB 2.6.0
Re: Ack! Spoof Alert issues
Reply #7 - Jun 29th, 2012 at 3:05pm
Post Tools
I'll pass this along to my one user with problems - along with the 'more than an hour' warning - and see if that helps.

Thanks guys. It's one of those issues I can't duplicate so I can't work on it myself.

  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,587
Location: UK:Scotland/livingston

None
Re: Ack! Spoof Alert issues
Reply #6 - Jun 29th, 2012 at 12:11pm
Post Tools
The
Quote:
"Error: ALERT!! Form Spoofing Detected coming from IP address: xxx"


is part of the forum security namely to stop your cookies from being copied from your computer=A to a new computer=B by means of your ip so (B) can clone your cookies but it cant clone your ip and therefore cannot undermine your login

i use a smartphone a (lg e900 optimus 7 windows 7 on Vodafone UK) to access YaBB forums like  this one and Carsten's YaBB Mod Forum and the boardmod forum as well.

on my forums i have the defalt for "Default lifetime of login cookies" set to Until I quit the browser
and dont get this prob unless i have been login for a hour or more.
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: Ack! Spoof Alert issues
Reply #5 - Jun 28th, 2012 at 10:08pm
Post Tools
Dandello wrote on Jun 28th, 2012 at 9:06pm:
Even if there isn't an 'easy' solution, at least having this topic here will let people know they're not alone. And it's not the fault of YaBB.

Agreed!

From my 10+ years of using YaBB, my thinking is that much of what appears to go wrong in YaBB has nothing to do with YaBB's software. In other words, YaBB's basic functions work just fine.

Offering CAPTCHA verification codes is a good example, because in fact, this has been a normal function to help stop spam-bots for a while now. In other words, this is a well used standard feature that software developers need to pay attention to when developing their own software.

But more to the point, the use of IP addresses has been a staple of using the Internet from day one, so smart phone software developers need to be fully up to speed when it comes to keeping alive internet connections however they choose to do it.


Dandello wrote on Jun 28th, 2012 at 9:06pm:
(Um, this particular user is very good at finding issues that more technologically adept users would never even dream of.  Shocked )

Ain't that the truth.  Smiley

I know I'm dreaming (think of the movie Avatar), but it would be really great to create a virtual Dandello avatar in microscopic human/digital form that could be ported smack into the middle of any given software code to poke around, and clean up the place.

Or maybe the movie Source Code would be more representative. Or maybe The Matrix.

What I wouldn't give to see that! Smiley


All joking aside, and I was only half joking at that, I don't think we're that far away from having the tiniest of avatars with human characteristics (the good kind) that can be directly where any given problem may be ... traveling inside the human body to find, and repair abnormalities ... porting into machines to do the same.

All in a good day's work, and discussed in a YaBB forum.  Wink

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,264
Location: Earth

YaBB 2.6.0
Re: Ack! Spoof Alert issues
Reply #4 - Jun 28th, 2012 at 9:06pm
Post Tools
Even if there isn't an 'easy' solution, at least having this topic here will let people know they're not alone. And it's not the fault of YaBB.

(Um, this particular user is very good at finding issues that more technologically adept users would never even dream of.  Shocked )
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Re: Ack! Spoof Alert issues
Reply #3 - Jun 28th, 2012 at 7:41pm
Post Tools
I manually use the Stop Forum Spam site regularly enough to have added it to our private admin menu (yet another great YaBB feature/option).

Like Dandello, I like the idea of CAPTCHA validation on things like password reminders and such. But again, using it does nothing to stop spam bots, so what's left is unnecessarily irritating forum members (especially when "Random Noise" is chosen).

Regarding the problem of smart phones losing any given post because a connection has timed out, another "best practice" option is to keep a 2nd browser window open for a quick reconnection before posting.

Mind you, I often use a poor man's smart phone, i.e., my iPod using Wi-Fi.  Roll Eyes

In other words, in addition to copying one's post before trying to publish it (another "best practice" option), that 2nd open window can be refreshed to check that the connection is active, and if it isn't, a reconnection can be quickly made, and a new log-in can be applied.

That way, all that's left is to do in that 1st window is to choose "Post Message" to publish it.  Wink

Admittedly, I really only copy messages when I know I'm in "a problem area" that loses connections.

But probably the "best practice" option to employ is to enable one's smart phone Wi-Fi option, which presumably will use one constant IP address without losing its connection.

And for those watching their minutes, using Wi-Fi can also save money.  Smiley

Qualification: I've gotten spoofing error messages while working with 2 open browser windows after losing a connection.

Just saying.  Wink

Edited:
Edited to correct bad formatting.
« Last Edit: Jun 28th, 2012 at 7:43pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,264
Location: Earth

YaBB 2.6.0
Re: Ack! Spoof Alert issues
Reply #2 - Jun 28th, 2012 at 3:32pm
Post Tools
I've already pretty much disabled StopForumSpam and may turn it off altogether. CAPTCHA is set at 'very easy' - I like the idea of CAPTCHA validation on things like password reminders and such. The Anti-spam quiz and the COPPA birthday seem to be doing a good job - COPPA catches a couple bots a week - they can't figure out what month to put in.

But investigating the smartphone issue (I don't have one and I'm sure each model and service are different) what I think is happening is that the phone (whether used as a mobile device in and of itself or as a WIFI hotspot) has a connection time-out. So if the user takes too long in writing a post, they end up reconnecting with a new IP address and needing to re-log in. In the meantime, they've lost their post.

My current recommendation to them is to copy their post into memory or NotePad or the equivalent (if possible) before hitting POST. At least that way they haven't lost their message.  My further recommendation is to get themselves a netbook or iPad or equivalent and use a real WIFI connection to get onto the forum. (There's a freaking Starbuck's on nearly every corner on the West Coast US. My grocery store has free WIFI!)
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,606
Location: Los Angeles

YaBB 2.4
Spoof alert issues, etc.
Reply #1 - Jun 28th, 2012 at 8:00am
Post Tools
Edited:
I wonder if there could be a way to first check a member's credentials before moving on to check an IP address? In other words, certain members could be pre-approved for access no matter what errors might otherwise prevent them from accessing a forum.

And/or maybe a white list could be created so that an admin could give chosen members a free pass of sorts to gain access.

Just thinking aloud.


Dandello wrote on Jun 27th, 2012 at 11:05pm:
Now what I need is a way to disable spoof checking and/or IP checking for a specific user OR for smartphones.  (Or a good workaround so I can explain this to someone who has a hard time figuring out how to get logged in at all.)  Huh

Thanks for updating us about this particular problem. How frustrating!

What you've described is one of the reasons that I try to keep our forum as user friendly as possible. In other words, I put up as few "roadblocks" as I need to so that people aren't unnecessarily shut out of our forum.

As the present time, for instance, I'm only using one anti-spam mod (with a 2nd one ready to activate at any time since it's been installed).

I don't even use the CAPTCHA verification code any more since there's really no point in using it because it's so easily defeated by spam-bot scripts.

Interestingly, since I dropped the CAPTCHA verification code, I've had an uptick in registrations; legitimate ones.
« Last Edit: Jun 28th, 2012 at 8:13am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,264
Location: Earth

YaBB 2.6.0
Ack! Spoof Alert issues
Jun 27th, 2012 at 11:05pm
Post Tools
I swear I should loan this person out for a fee.

What I think is happening:
I have one person using a smartphone to access one of my forums and because it's a phone its IP address appears to change randomly. (Like three times while sitting at Starbucks.) I've already had turn turn off the IP checker on StopForumSpam because the phone/data company in question has a lot of bad IP listings and this user was randomly getting spam-ban notices while trying to log in. (Luckily the Anti-spam quiz and the COPPA birthday requirements do an excellent job of stopping bots, so far, so turning off IP checking hasn't hurt. )

Now what I need is a way to disable spoof checking and/or IP checking for a specific user OR for smartphones.  (Or a good workaround so I can explain this to someone who has a hard time figuring out how to get logged in at all.)  Huh
« Last Edit: Jun 27th, 2012 at 11:08pm by Dandello »  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top