YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 
Topic Tools
 
Better protection for "PM to admin" function? (Read 1,839 times)
 Feb 16th, 2013 at 7:52pm
There are no actions to perform.  

Homer J. S. 
God Member
*****
Offline
Posts: 1,949
Germany


YaBB 2.5
Better protection for "PM to admin" function?
The registration in Y2.5.2 is quite well protected against spam bots. But "PM to admin" is not. The only "protection" is the captcha which does not prevent the bots from using it anyway. I just got an broadcast message by some spam bot. So why does that function not use the anti spam question or the honeypot function?
 
My Homer is not a communist. He may be a liar, a pig, an idiot, a communist, but he is not a porn star.

www.silenthill-forum.de (YaBB 1.3.1 with 150+ mods)
www.retrogamerwelt.de (YaBB 2.5.2)
WWW 87313348  
IP Logged  
 Reply #1 - Feb 16th, 2013 at 9:45pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Better protection for "PM to admin" function?
Install ggn's captcha hack (it complexifies the captcha and makes it VERY difficult for spam-bots to get through.)http://www.yabbforum.com/community/YaBB.pl?num=1324832594 and http://testbed.dandello.net/cgi-bin/yabb254/YaBB.pl?num=1357163985/1.

(And this problem has been addressed for 2.5.4 thanks to Derek Barnstorm.)
 
WWW  
IP Logged  
 Reply #2 - Feb 16th, 2013 at 11:17pm
There are no actions to perform.  

Homer J. S. 
God Member
*****
Offline
Posts: 1,949
Germany


YaBB 2.5
Re: Better protection for "PM to admin" function?
Integrated that - simple and efficient  Smiley
 
My Homer is not a communist. He may be a liar, a pig, an idiot, a communist, but he is not a porn star.

www.silenthill-forum.de (YaBB 1.3.1 with 150+ mods)
www.retrogamerwelt.de (YaBB 2.5.2)
WWW 87313348  
IP Logged  
 Reply #3 - Feb 17th, 2013 at 3:21am
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Better protection for "PM to admin" function?
Homer J. S. wrote on Feb 16th, 2013 at 11:17pm:
Integrated that - simple and efficient  Smiley

I know; ain't it the bomb?  Smiley

It's amazing that something so simple can be so effective. I am so glad that Derek Barnstorm authored ggn's anti-spam hack into YaBB, and that Dandello made it happen.
Way to go YaBB! Smiley

 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #4 - Feb 18th, 2013 at 10:10pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,614
Land of the Blazing Sun!


None
Re: Better protection for "PM to admin" function?
You can also just disable PM to Admin

Wink
 
I find your lack of faith disturbing.
 
IP Logged  
 Reply #5 - Feb 19th, 2013 at 3:40am
There are no actions to perform.  

Derek Barnstorm 
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline
Posts: 1,269
United Kingdom


YaBB 2.5
Re: Better protection for "PM to admin" function?
JonB wrote on Feb 18th, 2013 at 10:10pm:
You can also just disable PM to Admin

Wink

I don't see the help in that - he obviously enabled it for a reason, and unless you want to add a contact page or add other contact information, it's the only way for guests to easily contact you.

You could easily stop registration spam by disabling registration or just not having a forum - it's not really the point.

If a feature can be enabled, then it should be usable - which is why it has been sorted in the next release.

Smiley
 
 
IP Logged  
 Reply #6 - Feb 19th, 2013 at 4:11am
There are no actions to perform.  

westwegoman 
Ex Member
*


YaBB 2.5
Re: Better protection for "PM to admin" function?
Derek Barnstorm wrote on Feb 19th, 2013 at 3:40am:
If a feature can be enabled, then it should be usable

I have to agree. There is no point in having a feature if you have to disable it.
 
Never use both feet to test the depth of the water
 
IP Logged  
 Reply #7 - Feb 19th, 2013 at 6:24am
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,614
Land of the Blazing Sun!


None
Re: Better protection for "PM to admin" function?
And I disagree - (my right,OK?)

You (webmaster) made this decision:

Allow Guests to send Broadcast Messages to the Administrator(s)?
Enable Alert Moderator button in threads?
(Sends Private Message to Moderators of a board with a link to the thread)      
Show Alert Moderator button in threads for Guests?


What exactly did anyone think the outcome of that would be?

All I have to say on this:  This is an old, old topic for 2.x boards.  Homer, J.S. never saw that topic because that option did not exist (AFAIK) in 1.x. So there is no blame on that.

'turn it off', "Guests" with issues can always e-mail the 'webmaster/admin'

"just sayin"

Good Luck to all.
Wink

Edited:
here is a topic:
What should be left behind - hard to say...
Other view - like Register2, the default in the setup can be changed...
« Last Edit: Feb 19th, 2013 at 6:27am by JonB »  
I find your lack of faith disturbing.
 
IP Logged  
 Reply #8 - Feb 19th, 2013 at 6:37am
There are no actions to perform.  
Derek Bullock 
Ex Member


None
Re: Better protection for "PM to admin" function?
Derek Barnstorm wrote on Feb 19th, 2013 at 3:40am:
f a feature can be enabled, then it should be usable - which is why it has been sorted in the next release.


I have to agree with that as well.

I opened all mine up again after I installed the StopForumSpam Mod and all seems to be good so far.
 
 
IP Logged  
 Reply #9 - Feb 19th, 2013 at 8:35am
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Better protection for "PM to admin" function?
I think I must be in the middle here. Huh Or maybe more accurately, I think both sides may be correct. Wink

I agree that if a feature can be enabled, then it should be usable.

And yet, I also agree that if any given feature is enabled, one must realize the possible consequences.

Think about it ... an admin can enable guest posting because it is indeed a feature of YaBB. Therefore, it's usable. But how many of us really want to enable that feature? The consequences of enabling that once usable feature means that it becomes unusable because of spammers.

Now that I'm thinking about it, regarding the guest posting option, what if that feature was made usable by enabling one or more anti-spam measures?

Come to think of it, Dandello seems to have already figured this out (click here, and then click "Start new topic"). Pretty cool stuff.

Edited:

Ah, so any of us can do what Dandello has done; very cool!  Cool

Bill Myers wrote on Feb 19th, 2013 at 6:13pm:
I've been using YaBB since 2002, and yet, I had no idea that an admin can activate the validation code for guest posting. I noticed how Dandello was doing it in her testbed forum, and I just thought it was yet another brilliant thing she knew how to do.

« Last Edit: Feb 19th, 2013 at 6:15pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #10 - Feb 19th, 2013 at 3:42pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Better protection for "PM to admin" function?
Remember - it's a team effort. But with the addition of the captcha hack and the other anti-spam measures, Guest Posting on the 2.5.4 testbed has been active for quite some time and not a single spammer has gotten through. (Although there have been thousands of attempts as evidenced by the error log.) Of course we also have referrer checking turned on with almost no functions permitted from outside the domain.
 
WWW  
IP Logged  
 Reply #11 - Feb 19th, 2013 at 6:03pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Better protection for "PM to admin" function?
Dandello wrote on Feb 19th, 2013 at 3:42pm:
Of course we also have referrer checking turned on with almost no functions permitted from outside the domain.

To add another layer of protection, I started doing this as well (although many of our functions are still allowed).

Each forum will be a bit different from any other, so what works best for some may not work best for all. Surprisingly, I found that using ggn's CAPTCHA hack was all our forum needed to stop spam-bots.

However, after I learned how to use the BoardMod program, I installed Derek Barnstorm's Anti-Spam Question mod (I even supplied the answers). Because of something I probably did to make it stop working, this mod is no longer active. At the present time, it doesn't seem that I need this extra layer of protection.

Generally speaking, my preference is to make it as easy as possible for people to register. I prefer not to make them jump through any hoops because I feel it's user unfriendly. Still, I ended up installing Carsten's SpamFruits mod because it looks so pretty, and it's easy for people to use.
Currently, our forum has open registration without approvals.   Smiley

 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #12 - Feb 19th, 2013 at 6:13pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Better protection for "PM to admin" function?
Bill Myers wrote on Feb 19th, 2013 at 8:35am:
Come to think of it, Dandello seems to have already figured this out (click here, and then click "Start new topic"). Pretty cool stuff.

I am SO embarrassed! Embarrassed

I've been using YaBB since 2002, and yet, I had no idea that an admin can activate the validation code for guest posting. I noticed how Dandello was doing it in her testbed forum, and I just thought it was yet another brilliant thing she knew how to do.

Sorry for my double post here, but you have to admit, it's worth the good laugh at my stupidity. Roll Eyes

« Last Edit: Feb 19th, 2013 at 6:16pm by Bill Myers »  
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #13 - Feb 19th, 2013 at 6:29pm
There are no actions to perform.  

Homer J. S. 
God Member
*****
Offline
Posts: 1,949
Germany


YaBB 2.5
Re: Better protection for "PM to admin" function?
Derek Barnstorm wrote on Feb 19th, 2013 at 3:40am:
he obviously enabled it for a reason, and unless you want to add a contact page or add other contact information, it's the only way for guests to easily contact you.



And that's the reason. Besides that I don't want to put my mail address on the page - THEN I would have a spam problem.

Besides that I live in Germany and we have weird laws. Every website owner has to put his address (where he lives, not e-mail), phone number and e-mail on the website. Instead of the e-mail I use "PM to admin".

On YaBB 1 I have created a mailing form but I'm too lazy to edit it for the new forum - and why should I when I can use "PM to admin"? Therefor it is no feature that should be disabled. And I don't see any reason to let the damned spambots win. If spambots attack you, you don't have to say "Oh no! I disable the feature" - you have to say "crappity smack you! I'll find a way to kick your ass!". And that is what Dandello did  Wink
 
My Homer is not a communist. He may be a liar, a pig, an idiot, a communist, but he is not a porn star.

www.silenthill-forum.de (YaBB 1.3.1 with 150+ mods)
www.retrogamerwelt.de (YaBB 2.5.2)
WWW 87313348  
IP Logged  
 Reply #14 - Feb 19th, 2013 at 6:59pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Better protection for "PM to admin" function?
Homer J. S. wrote on Feb 19th, 2013 at 6:29pm:
And that is what Dandello did   Wink

She always figures out a way! Cool

Happily, as I've already thanked her publicly, she's included ggn's anti-spam CAPTCHA hack in a future release of YaBB.  Smiley

On that note, particularly if you end up implementing ggn's anti-spam CAPTCHA hack, you can go to your Admin Center to activate the validation code for guest posting (as I just realized we can do). That way, your PM to admin feature will have that extra layer of protection.

I can't remember if you need to activate guest posting for the validation code to appear when the PM to admin feature is enabled. I guess you'll have to experiment with that to find out.

Good luck!
 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
Pages: 1 2 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.