XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk


« 1 ... 12 13 14 (15) 16 17 18 ... 22 »


141
geekwright
Re: Antispam solutions

Quote:

goffy wrote:
hi geekwright

two additional ideas, which I have implemented on myxoops.org:
1) starting point of bots is register.php, I'm using another name (changed manually). Would it be possible to generate during installation of xoops a random file name and write this file name into xoops config?
2) normally nobody types in "http://website.com/register.php" in the Url field of browser. Everybody use the link somewhere on the website to get to registration form, therefore there must be a http referer if register.php starts.

Of course, this steps do not help against cheap human labor.

What do you think?


Have the changes made a measurable impact?

It seems like the changed name of the register.php would just be another database item for the bot logic, just like the domain and field details. A bot survey of the site could just look for the link by proximity or labels. It would invalidate the current state for bots targeting the site, but I'm wondering if it would really deter new ones.

The referer check comes with a lot of potential for collateral damage. Lots of things blank that header. I've seen corporate proxies that do that, along with a number of security and privacy services/extensions. It would stop bots coming in directly, but it also could stop legitimate traffic.

I'll definitely keep considering the possibilities. Thanks for the ideas!
Topic | Forum


142
geekwright
Re: Publisher and xoops 2.5.8, and tcpdf

Quote:

SMEDrieben wrote:
...
3. I use the makepdf.php of Publisher 1.03 and the pdf is a mess: xoops-codes are shown uninterpreted (e.g. as [b], [i] etc), lines breaks are omitted. Terrible !
...
So, the problem of the pdf-generation in Publisher 1.03 is a consequence of the module scritps themselves. It is not due to the tcpdf.

Unfortunately I am not a programmer and I cannot solve this issue.
...


At line 56 in makepdf.php you should see this:
$content .= $itemObj->plainMaintext();


Change that to:
$content .= $itemObj->getBody();


With this change the PDF should have all the xoopscode formatting.

Unfortunately, I can't explain why this is the way it is. There may be side effects I have not seen.
Topic | Forum


143
geekwright
Re: Antispam solutions

Just tossing out a couple of things I have been considering, in addition to the graduated rate limiting.

In Protector there is a spam filter, postcommon_post_need_multibyte.php, that was designed to protect CJK sites from english spam. It counted multibyte characters and rejected the post if there were too few -- an intended language heuristic.

A lot of the recent spam wave involved almost exclusively CJK and other multibyte look alike characters. A filter that rejected a post based on an opposite heuristic (too many bytes for the number of characters) would be a very easy fix suitable for many target audience languages.

On a related note, it seems a bit too cumbersome to manipulate the protector filters. It would be nice to be able to manipulate them from a web interface.

Another approach to consider is a varying pattern of response. We tend to have a fixed response, and that benefits spam automation. Sometimes delaying, sometimes denying, sometimes presenting additional captcha, anything that changes the script would present an bigger obstacle to bots and cheap human labor.

It is important to remember this is not just a one time fix situation. Spam is a ever changing problem, and it has been a while since our tools for this have been updated. I'll read these suggestions and concerns, and we'll devise a plan to incorporate the best. We'll also try to do a more continuous review of this area to keep it fresher, more up to date.
Topic | Forum


144
geekwright
Re: 2.5.8 Upgrade

Sorry, I missed this one.

This issue has been fixed on GitHub and will be in our next release.

Quote:

SMEDrieben wrote:
After upgrade to 2.5.8:

After opening admin.php in the default theme, at the right side, both the help block, and the waiting content block and the top poster block appear. Using the buttons above, they can be collapsed.

How can I start up with only one block, e.g. the help block (and not the waiting content and top poster block) ?

SMEDrieben
Topic | Forum


145
geekwright
Re: 2.5.8 Upgrade

The changes needed for these are a little more involved.

Looks like those should be fixed in the version athttps://github.com/XoopsModules25x/extcal
Topic | Forum


146
geekwright
Re: 2.5.8 Upgrade

Quote:

SMEDrieben wrote:
I upgraded from 2.5.7.2 tot 2.5.8 and get quite a lot of debug messages in teh admin section:

OnbekendOnly variables should be assigned by reference in bestand /modules/smartfaq/xoops_version.php regel 258 
...


There appears to be similarity among those messages. Will they be solved with the module upgrades or must these problems be solved manually ?

SMEDrieben


This is a growing pain.

The issue actually goes back to a PHP 4 era technique where it was common to assign things by reference to save memory. PHP has improved a lot since then, and along the way, these messages showed up. Someone helpfully suppressed those messages from showing up in the XOOPS logger for many years.

As of PHP 7, these suppressed warnings become actual errors, and will eventually cause even more serious problems.

We turned off the suppression in 2.5.8, because developers can't fix what they can't see. Production use -- without the logger enabled -- isn't changed at all, but with the logger people can see what must be fixed.

The most common situation is something like this:
$handler =& xoops_getHandler('foo');

that since PHP 5 should be (without a &):
$handler xoops_getHandler('foo');


We cleaned up core, and many modules, but there are more that still need to be fixed. Eventually module upgrades will fix these.
Topic | Forum


147
geekwright
Re: Xoops Core Translation and german characters

Thanks for the update -- great news! I can breath a little easier now
Topic | Forum


148
geekwright
Re: XOOPS 2.5.8 - Standard Ubuntu Xenial 64Bit MySQL 5.7 PHP7

Probably getting a connection error that isn't reported correctly. That issue was already reported on GitHub, fixed, and will be in the next release.https://github.com/XOOPS/XoopsCore25/pull/145

Mamba's advice is spot on. The master branch athttps://github.com/XOOPS/XoopsCore25/ contains fixes for all issues discovered so far. Sourceforge archives won't get updated until the next release.

A few other observations on your video,
- GitHub issues, in text, are much more efficient for tracking and communication.
- When we announce core release candidates, we plan on releasing the code unless issues are reported. If you want advance notice, that is it.
- The installer will show "mysql" as it is using MySQL. There is no distinction required for the extension used, as we only use the one that is still supported.
Topic | Forum


149
geekwright
Re: Xoops Core Translation and german characters

I pulled the language files and did a fresh install. Everything worked correctly.

The change you made should break it, not fix it. The ISO-8859-1 output from utf8_ecode() should cause MySQL to kick out a ERROR 1366.

Something in the chain is obviously still speaking latin1 :(

The note about it switching back to a utf8mb4_general_ci is troubling. It shouldn't come up with that when using utf8 character set ever.

Still thinking, but these symptoms are not making sense yet.

Quote:

goffy wrote:
if I change line 135 of install/include/makedata.php from
$newbid    $dbm->insert('newblocks'' VALUES (0, 1, ' $func_num ", '" addslashes($options) . "', '" addslashes($newblock['name']) . "', '" addslashes($newblock['name']) . "', '', 0, 0, " $visible ", 'S', 'H', 1, 'system', '" addslashes($newblock['file']) . "', '" addslashes($newblock['show_func']) . "', '" addslashes($edit_func) . "', '" addslashes($newblock['template']) . "', 0, " $time ')');
into
$newbid    $dbm->insert('newblocks'' VALUES (0, 1, ' $func_num ", '" addslashes($options) . "', '" utf8_decode(addslashes($newblock['name'])) . "', '" utf8_decode(addslashes($newblock['name'])) . "', '', 0, 0, " $visible ", 'S', 'H', 1, 'system', '" addslashes($newblock['file']) . "', '" addslashes($newblock['show_func']) . "', '" addslashes($edit_func) . "', '" addslashes($newblock['template']) . "', 0, " $time ')');
it works again
Topic | Forum


150
geekwright
Re: Xoops Core Translation and german characters

I've got a couple of questions.

Is this with the 2.5.8 release, or with the current master from GitHub?

There was a change made that could effect this here:https://github.com/XOOPS/XoopsCore25/pull/121

That change fixed an issue introduced in the conversion to the mysqli extension.

Also, just for reference, what is the XOOPS_DB_CHARSET definition in secure.php?
Topic | Forum



TopTop
« 1 ... 12 13 14 (15) 16 17 18 ... 22 »



[Advanced Search]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

215 user(s) are online (143 user(s) are browsing Support Forums)

Members: 0

Guests: 215

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits