Page Index Toggle Pages: [1] 2 
Topic Tools
Hot Topic (More than 10 Replies) Stupid question regarding referrer security (Read 2,886 times)
greydane
Junior Member
**
Offline



Posts: 61
Location: Windsor, Nova Scotia

YaBB 2.6.0
Re: Stupid question regarding referrer security
Reply #19 - May 27th, 2013 at 1:07am
Post Tools
xnoddyx wrote on May 26th, 2013 at 8:14pm:
sorry Bruce I did not see your post till just now


No Problems Xnoddyx. Smiley

Thanks Bruce

  
Back to top
WWW  
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,584
Location: UK:Scotland/livingston

None
Re: Stupid question regarding referrer security
Reply #18 - May 26th, 2013 at 8:14pm
Post Tools
greydane wrote on May 25th, 2013 at 5:05pm:
xnoddyx wrote on May 25th, 2013 at 3:58pm:
why i recommend that it is on for some items just the same way that you don't have a open ftp access on your website.



Hi Xnoddyx:

Bruce here.  Thanks for the explanation as I wasn't quite sure what the referrer security did.  So my question is, if referrer security is activated (ie. Checked under Security settings) what Board Actions should be checked off under the menu Referrer Security to prevent access from outside your Domain Name.  As Batchman stated, the Description of Referrer Security in Admin is confusing.  It reads as if you must Select (ie: Check off) the Board Action to ALLOW outside access.  From the explanations I gather that the proper procedure is to select (check off) the Board Actions to prevent outside access.  Is that correct and if so what Actions should I check off.

Hope this doesn't sound too confusing.  Thanks Bruce


sorry Bruce I did not see your post till just now looks like you replied when i was replying and doing some more items at the same time  Embarrassed at least your question was answered  Smiley
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: Stupid question regarding referrer security
Reply #17 - May 25th, 2013 at 7:54pm
Post Tools
Now that I'm looking at it again, Batchman did have it correct. But that's not surprising. He's generally very good with knowing how YaBB works.

batchman wrote on May 22nd, 2013 at 2:38pm:
This would seem to indicate that the actions that are checked are the specific actions you will allow from outside your own domain.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
greydane
Junior Member
**
Offline



Posts: 61
Location: Windsor, Nova Scotia

YaBB 2.6.0
Re: Stupid question regarding referrer security
Reply #16 - May 25th, 2013 at 7:49pm
Post Tools
Ahh.  Ok, Thanks Bill.  Straight forward answer. Smiley

Bruce
  
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: Stupid question regarding referrer security
Reply #15 - May 25th, 2013 at 7:46pm
Post Tools
greydane wrote on May 25th, 2013 at 7:35pm:
Allowed to do what?  Allow outside access from your Domain Name or Deny outside Access to your Domain Name.  That was Batchman's original Question.

Thanks Bruce

If an item is checked, then it is allowed from outside your own domain.

In contrast, if an item is unchecked, then it is not allowed from outside your own domain.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
greydane
Junior Member
**
Offline



Posts: 61
Location: Windsor, Nova Scotia

YaBB 2.6.0
Re: Stupid question regarding referrer security
Reply #14 - May 25th, 2013 at 7:35pm
Post Tools
Bill Myers wrote on May 25th, 2013 at 7:26pm:
if a check is in the box, then it's allowed.



Allowed to do what? If the box in Board actions are checked does it Allow OUTSIDE ACCESS from your Domain Name or DENY OUTSIDE ACCESS to your Domain Name.  That was Batchman's original Question not whether to use it or not.  A straight forward answer to his question seem to have gotten lost in this thread.

Thanks Bruce
« Last Edit: May 25th, 2013 at 7:46pm by greydane »  
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: Stupid question regarding referrer security
Reply #13 - May 25th, 2013 at 7:26pm
Post Tools
Regarding Referrer Security, if a check is in the box, then it's allowed.

But thankfully as I mentioned, I no longer need to activate Referral Security Checking. Smiley
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,584
Location: UK:Scotland/livingston

None
Re: Stupid question regarding referrer security
Reply #12 - May 25th, 2013 at 5:20pm
Post Tools
Bill Myers wrote on May 25th, 2013 at 4:33pm:
xnoddyx wrote on May 25th, 2013 at 3:58pm:
... i recommend that it is on for some items just the same way that you don't have a open ftp access on your website.

Your point is well taken.  Smiley


Thank you it is just as i am a YaBB Support Team Member i also feel that it is my responsibility to prevent malicious harm to YaBB and all that run and use YaBB from the admins to it's Members and i am sorry if it sounded like i was being arrogant or dictating but i think it is better to make a decision on full information than on little or some information so at the end of the day if i can help with improving informed decision making then i am doing my job right and this is all i try and do.  Smiley
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
greydane
Junior Member
**
Offline



Posts: 61
Location: Windsor, Nova Scotia

YaBB 2.6.0
Re: Stupid question regarding referrer security
Reply #11 - May 25th, 2013 at 5:05pm
Post Tools
xnoddyx wrote on May 25th, 2013 at 3:58pm:
why i recommend that it is on for some items just the same way that you don't have a open ftp access on your website.



Hi Xnoddyx:

Bruce here.  Thanks for the explanation as I wasn't quite sure what the referrer security did.  So my question is, if referrer security is activated (ie. Checked under Security settings) what Board Actions should be checked off under the menu Referrer Security to prevent access from outside your Domain Name.  As Batchman stated, the Description of Referrer Security in Admin is confusing.  It reads as if you must Select (ie: Check off) the Board Action to ALLOW outside access.  From the explanations I gather that the proper procedure is to select (check off) the Board Actions to prevent outside access.  Is that correct and if so what Actions should I check off.

Hope this doesn't sound too confusing.  Thanks Bruce
« Last Edit: May 25th, 2013 at 5:06pm by greydane »  
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: Stupid question regarding referrer security
Reply #10 - May 25th, 2013 at 4:33pm
Post Tools
xnoddyx wrote on May 25th, 2013 at 3:58pm:
... i recommend that it is on for some items just the same way that you don't have a open ftp access on your website.

Your point is well taken.  Smiley

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,584
Location: UK:Scotland/livingston

None
Re: Stupid question regarding referrer security
Reply #9 - May 25th, 2013 at 3:58pm
Post Tools
Bill Myers wrote on May 24th, 2013 at 1:49am:
My preference is to have as much open access into our forum that there can reasonably be, and that means giving permission to outside domains to use our forum as they choose.

in all regards and respect yabb's Referral Security Checking is more like (XSS) cross site scripting prevention for yabb forms and inputs and not having Referral Security Checking on for some items will leave you open for malicious ends not just spammers this is why i recommend that it is on for some items just the same way that you don't have a open ftp access on your website.
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: Stupid question regarding referrer security
Reply #8 - May 24th, 2013 at 1:49am
Post Tools
xnoddyx wrote on May 23rd, 2013 at 5:42pm:
... i hope this better explains Referral Security Checking on yabb for you.
Yes it does. Smiley

My preference is to have as much open access into our forum that there can reasonably be, and that means giving permission to outside domains to use our forum as they choose. With the exception of spam-bots, I'm all about choice. This is particularly true for open access through search engines.

Happily, I don't need to concern myself about what should be allowed, and what shouldn't. So deactivating Referral Security Checking makes sense for our forum. What's great about this is that YaBB's anti-spam tools are still able to effectively stop spam-bots cold without any of those restrictions.

Will I ever use Referral Security Checking again? If it's needed, sure. But again, it simply isn't needed any longer.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,584
Location: UK:Scotland/livingston

None
Re: Stupid question regarding referrer security
Reply #7 - May 23rd, 2013 at 5:42pm
Post Tools
Bill Myers wrote on May 23rd, 2013 at 3:41pm:
The fact is, you're one of the best experts I've ever seen when it comes to operating YaBB. I've been seriously impressed when you've helped others with their problems. So for me personally, when you give advice about YaBB, I take it without question because I'm confident your advice will be solid, which simply means it should be followed.

thank you but i don't see myself as a expert as there are times I am still left like Huh

Bill Myers wrote on May 23rd, 2013 at 3:41pm:
That means, regarding the use of Referral Security Checking, what you mention about it is of course correct ... in a general sense. But think about it. If you block login2 and register2 as you mention you do, and as you mention you always will, then of course that has an effect. Otherwise, why block them?

ok from this I can see that you don't really understand what Referral Security Checking is doing in yabb so will try to explain it a bit some one may even explain it better than I can.

ok when you tell yabb to do something like goto the User CP this translates into you telling yabb to goto YaBB.pl?action=mycenter now if you have Referral Security Checking on but you have a check in the checkbox for mycenter in admin > Referrer Security then this tells yabb not to check the Referrer for mycenter
but if you don't have a check in the checkbox for mycenter then yabb will check the referral request so if you have your forum at abc123.com and the referral is from abc123.com then yabb will let it work but say yabb gets a referral request from 123abc.com then yabb will stop the request as it don't match the forums domain name of abc123.com and yabb will give you the error of
Quote:
This action is not allowed from an outside domain!!
Action is: mycenter
Your Domain: abc123.com
Referer Domain: 123abc.com

so as to
Bill Myers wrote on May 23rd, 2013 at 3:41pm:
then of course that has an effect. Otherwise, why block them?

so yes this has an effect, and the effect is that i want people that are registering or logging into my forum to be on my forum and not on website xyz or on a program on their computer like "link-post" < that one is that old I don't even think it works any more and also xrumer so that is why I have Referral Security Checking on and why it is also checking login2, register2.

i hope this better explains Referral Security Checking on yabb for you.
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: Stupid question regarding referrer security
Reply #6 - May 23rd, 2013 at 3:41pm
Post Tools
xnoddyx wrote on May 23rd, 2013 at 10:47am:
... i will always have Proxy Blocking and Referral Security Checking for login2, register2 on but it is up to you if you take my advice or not.
I'm very glad you mentioned this because it illustrates my point quite nicely. Smiley

The fact is, you're one of the best experts I've ever seen when it comes to operating YaBB. I've been seriously impressed when you've helped others with their problems. So for me personally, when you give advice about YaBB, I take it without question because I'm confident your advice will be solid, which simply means it should be followed.

That means, regarding the use of Referral Security Checking, what you mention about it is of course correct ... in a general sense. But think about it. If you block login2 and register2 as you mention you do, and as you mention you always will, then of course that has an effect. Otherwise, why block them?

At the same time, using ggn's anti-spam CAPTCHA hack makes the use of Referral Security Checking unnecessary.

So, instead of always blocking login2 and register2, an expert like you can surely give ggn's anti-spam CAPTCHA hack a try to see if it works for you. After all, you can always switch back to what you were doing.

In the meantime, you can at least see how effective ggn's anti-spam CAPTCHA hack really is when it comes to stopping spam-bots cold.

Other "experts" whom I generally admire, and whose advise I pretty much otherwise always follow, including the admin of this forum, they refuse to consider other options to stop spam-bots. It's not uncommon for otherwise brilliant people to get stuck in their own intelligence, which means they'll often only see things their way.

As Dandello wisely reminds us, "If you have only one solution to a problem - you're not trying!"

*************************************

xnoddyx wrote on May 23rd, 2013 at 10:47am:
... I will call the spam level we was getting 100% and after Proxy Blocking and Referral Security Checking for login2, register2 the spam level when down to 5 - 10% and that was a big improvement ...

Our spam-bot level has been at 0% since using ggn's anti-spam CAPTCHA hack, and that's without using Referral Security Checking at all.

« Last Edit: May 23rd, 2013 at 3:49pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,584
Location: UK:Scotland/livingston

None
Re: Stupid question regarding referrer security
Reply #5 - May 23rd, 2013 at 10:47am
Post Tools
Bill Myers wrote on May 23rd, 2013 at 7:21am:
Have you ever tried deactivating Referral Security Checking? You'll never know until you try.

believe it or not yes I do from time to time to do some tracking and check out the malicious attempts on some of my forums I have been using yabb for many years as a user but when yabb 2.3.1 come out on its first day that is when i started using yabb as a YaBB forum owner as i had taken ownership of a gaming clan and there game server and website that was running YaBB 2.2 but it was a closed forum and i wanted to open it up to try and increase the players and with in two to three months of the update to yabb 2.3.1 and it being open the spam started big time and making edits to the CAPTCHA to stop the spam also made the CAPTCHA unreadable but with trial and error in the yabb setting I found that turning on Proxy Blocking and Referral Security Checking for login2, register2, print stopped almost all of the spam I also found out that blocking print in Referral Security Checking stopped visitors from google clicking on link to a print page from google you can see that here with this forum https://www.google.co.uk/#sclient=psy-ab&q=site:yabbforum.com%2Fcommunity%2FYaBB...

so I don't have print blocked on any of my forums now but back to the spam I will call the spam level we was getting 100% and after Proxy Blocking and Referral Security Checking for login2, register2 the spam level when down to 5 - 10% and that was a big improvement also at the same time there where no complaints of anyone not able to login or use the forum at any time so out of that i will always have Proxy Blocking and Referral Security Checking for login2, register2 on but it is up to you if you take my advice or not.

Edited:
also to add the gaming clan closed down at the end of 2011 as the cost of running the game server was just too much
« Last Edit: May 23rd, 2013 at 10:53am by xnoddyx »  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Page Index Toggle Pages: [1] 2 
Topic Tools
 
  « Board Index ‹ Board  ^Top