Your premium source for custom modification services for phpBB

HomeForumsBlogMOD ManagerFAQSearchRegisterLogin

Comments December 5, 2011

It’s About Trust, Not Technology

Filed under: Board Management — Dave Rathbun @ 2:17 pm CommentsComments (3) 

I read this morning a topic in the MOD Authors forum at phpbb.com where the topic poster was trying to figure out a way to encrypt / decrypt private message text. The technical challenge was easily overcome, as someone posted some code that allows the board owner to do exactly that.

The problem is, it accomplishes nothing. :)

Private messages are often a hot topic for board owners, probably because of the privacy implications of the name “private” message. As most board owners probably know, private messages are not truly private. Anyone with database access can read the private message text. Anyone with access to a backup SQL dump can do the same. But who has this type of access, and what can be done to prevent it? More…

Comments November 10, 2011

phpBB3 subSilver2 Posting Form Ported to phpBB2

Filed under: MOD Writing — Dave Rathbun @ 12:53 am Comments Off 

One of the biggest complaints I’ve had with running my boards on phpBB2 is that the javascript used for BBCode and smilies insertion during the posting process offers poor (if any) support for modern browsers. Rather than reinvent the wheel, I spent some time to port parts of the subSilver2 template from phpBB3 back to phpBB2. While testing is not completely done, it seems to have been a success. I copied editor.js straight out; I don’t think I made any changes to that file but I will go back and verify that before I post a MOD. There were some minor changes made to posting_body.tpl and posting_smilies.tpl to call the new functions. For example in phpBB2 to insert a smilie we called the emoticon() function and now it’s calling insert_text() just like the BBCode insertion process.

I used the same function to update my canned messages MOD as well.

Oh, and I updated the color picker just a bit. The original color picker used values of 00, 40, 80, and two more to create an array of colors that was 5×5x5. I changed it to the old “Netscape Safe” color palette and used 00, 33, 66, 99, CC, and FF and created a 6×6x6 grid instead.

I have the new posting form activated on two different boards for the moment. As long as I don’t find too many issues I will write it up as a MOD.

Comments November 3, 2011

Another phpBB2 MOD: Cross Post / Double Post Prevention

Filed under: Anti-spam, MOD Writing — Dave Rathbun @ 11:03 am CommentsComments (2) 

As I was working through some code last night I found another “in progress” MOD that I wanted to add to the list of MODs in progress that I published yesterday. Over the years I’ve seen cases where someone from the other side of the planet has a dicey Internet connection and they end up submitting the same post twice because their browser submit times out. Or someone might post the same question in more than one forum, thinking that they’ll get more attention. Or a spammer might hit multiple forums with the same post multiple times. :mad:

I think I’ve managed to come up with something that definitely helps solve the first two scenarios and as a bonus helps the spammer problem as well. I call this my “Cross Post / Double Post” MOD, and it’s being tested on my beta board now.

The MOD design has so far turned out to be fairly simple. I tie into the flood control process and retrieve the post text for the last three posts by the user. From there I take the current post text and compare it to the prior posts. The first check is a straight equality check, meaning I check for the exact same post text. This will catch the “copy/paste” folks with very little overhead. If the post text is not identical, then next I use a function called similar_text(). (similar text reference at php.net) This function takes three arguments. The first two are the two strings to compare, and the third is a variable to store the results of the comparison, which is a number from 0 to 100. The result code should essentially be treated as a percentage. If the two posts are 95% similar then I check to see if the original post already in the database is in the same forum as the new post being attempted. If the forums are the same, then a “Double post” exception is triggered. If the forums are different, then a “Cross post” exception is triggered instead.

The number of posts (3) and percentage of similarity (95) are both controlled via the board configuration screen, so it’s quite flexible. Setting the percentage threshold to zero (0) is the same as turning the comparison process off.

This MOD is being tested on my “beta release” board right now. The first version of the MOD did not use the similar_text() function mentioned above. I attempted to use the soundex() function instead. However it seemed that the soundex() function did not look at enough text, so posts that were clearly different were still being reported as being the same. Switching functions solved that issue.

I’m now wondering if I need to deal with setting different threshold values for different forums. I hate to do that, as it drastically increases the complexity of the code. But for example there are many forum “games” that people play in an “off topic” type of forum. Some of those games look very repetitive, and would potentially trigger the CP/DP exception handling. Then again, the current logic looks across all forums, so as long as the person is active in more areas than just the off-topic games area it might be okay. I don’t want this feature to get in the way of normal use, but I do want to help out the moderator team by capturing / rejecting double post and cross post events.

Stay tuned for details as we start user testing this week. 8-)

Comments November 2, 2011

New phpBB2 Modifications

Filed under: MOD Writing, Performance Tuning, phpBB — Dave Rathbun @ 12:22 pm Comments Off 

What has Dave been working on lately? Not blog posts, obviously. :) Here are the headlines…

  1. Full-Text Search
    I created a full-text index on the post subject and text over a year ago to see if maintaining that index would cause any performance issues. I’m happy to say that I have not seen any challenges from inserts / updates with this index in place. I’m going to be altering the search screen to allow the full syntax offered by MySQL on this type of index and hope to release that in a few months. Some of the challenges I have not yet decided how to solve are things like limiting forums – either by security or user preference – and other criteria that can be entered on the standard search screen.
  2. Capture Post Revisions
    I’ve also added some code to capture post revisions. We’ve had a couple of folks that come back to our board and edit their post, removing all of the text and leaving only something like “…” instead. This destroys the continuity of the topic, and as a result we’re going to now track post revisions by capturing the post text history. If needed a moderator will be able to review and then restore a prior post, and ultimately lock that post from further editing. As with the full text search I have done fairly extensive testing on how this is implemented in order to ensure that performance does not suffer, and I’ll have a few blog posts about that process. This MOD is completed and I expect to roll it out onto the main board in a few weeks. (FWIW, I first talked about this post several years ago, and am just now finally getting it completed.)
  3. Moderator Posts
    I’ve added a new field to the post table that allows a moderator to designate whether it’s a moderator post or a user post. For example, moderators can certainly participate in a normal board conversation as a regular person. But they may also add posts in their role as a moderator. This new feature will format those posts differently so they stand out, will automatically remove the “personal” aspects of a post such as signatures, and does not increment a moderator post count for this type of post. It is intended to be a way for moderators to be able to separate out their moderator posts from their board participation posts. This MOD is also completed and expected to be released shortly.
  4. Including External Content
    I’ve added some cron jobs that parse RSS feeds from several blogs owned by board members. Their blog posts are automatically set up as part of their signature (as “Latest Blog Posts”) and updated once an hour. For bloggers that our community wants to recognize, this is a great way for them to get additional exposure without having to manually update their signature every time they publish a new blog post. This part of the MOD is already in use on our board. Only board admins can currently enter blogger information, as we want to go through a review process and certify blogs rather than allowing just anybody to link to an external site. This was done by altering the administrator user edit form and leaving the regular user profile form alone.

    As an extension to this, I’m also pulling in the content from the blog post and storing that in a hidden forum. As the blog posts are added to the forum they are obviously added to the full-text index because they’re part of the same table. I am also adding these posts to the standard phpBB2 search tables at the same time. That way if someone searches for term “X” and that’s found in an external blog post, they’ll see a link in their search results. The blog address is stored on the topic table and a different icon is used to show the user that they’re leaving our board and heading to an external site. I have all of the main work done; the last requirement is altering search.php so that it offers the ability to include / exclude external content and then react to that setting accordingly. I hope to get this completed in the next few weeks.

  5. Social Media Profile Links
    I’ve added Facebook, Twitter, and LinkedIn fields to user profiles. These are displayed along with the other profile links, using smaller 18×18 pixel logos. I’m planning on going back and redoing the other profile links to use the same form factor but that part hasn’t been done yet. Here are the images I’ve made, using logos or other material provided by each service provider.

One thing that many of these MODs have in common is my concern for performance. We’re over 750K posts now, and still running extremely well on a server that is hosting several dozen sites, although none of them as active as our big board. Every time I touch the code performance is a primary goal. Another MOD that I’ve been planning is to port the phpBB3 posting form back to phpBB2 since it does a better job of supporting modern browsers as well as proving some additional formatting features. I haven’t even started on that yet, but I think it would be good. Now that I’ve personally switched to Chrome as my standard browser I’m noticing some interesting quirks. :)

So that’s what I’ve been up to for the past few months. 8-)

Comments June 14, 2011

Oh, The Irony…

Filed under: Anti-spam, Board Management — Dave Rathbun @ 9:23 am Comments Off 

One of my other blogs had been hit and hit hard by spammer comments advertising headphones. This morning I noticed this one here on this blog:

That’s specifically aimed at human-powered paid-to-comment spam. I would rather already have excellent-quality comments than the next quantity of comments.tour headphones Sadly, I’m nonetheless getting an awful lot of spam comments (what’s up, Akismet?), so I think it’s time to install some additional defense layers.

The words “tour headphones” were a link, of course. Subtle, it was not. :lol: But I found it extremely ironic and ultimately amusing that the comment itself talked about spam. If you pick a few phrases from that comment you’ll find the exact same thing on other blogs / boards as well, or at least I did when I searched.

I’ve decided to contact the headphone manufacturer directly and let them know that I will never buy their products. Ever. Might not change anything, but it will make me feel better.

Oh, and I added specific code to my anti-spam process to look for this particular type of link. 8-)

Comments June 9, 2011

Mobile Application Versus Mobile Template

Filed under: Board Management — Dave Rathbun @ 10:58 am CommentsComments (4) 

I have had a couple of requests now for Tapatalk or something similar on my board. The Tapatalk application does not currently support phpBB2, but iPhone / Android support is becoming more of an interest to folks. Tapatalk is not a template or theme, it’s an application designed to interact with a discussion board (they support phpBB3 as well as several others).

I have to admit that I find this to be a far more intriguing idea than a mobile template. The folks behind Tapatalk offer a free API that would allow developers to extend the app to different forum systems. It would be interesting to see if anyone is currently working on phpBB2.


I’m registering on their “Forum owner” area and will see what things look like.

Comments May 2, 2011

How Time Flies…

Filed under: blog — Dave Rathbun @ 9:39 am CommentsComments (5) 

Wow. Just. Wow. It’s been so long since I’ve posted here, I’m wondering if it will echo when I publish this? :lol:

Things have been really busy in real life, which I suppose goes without saying. I have two boys that are growing up and going through cub scouts and sports and school and everything else.

Yet, here I am. I am back to reconsider whether I need to upgrade from phpBB2 to phpBB3 for my main board (which as I write this is very close to collecting it’s 700,000th post, and is running almost one million page views a week). I am back to see if I can figure out how to integrate FB “likes” into my board, and how to allow folks to add Linked-In to their profile. That last one, at least, should be easy.

Things have been humming along quite nicely, although the spam frequency has started to go up. Seems that my Checkbox Challenge is either less of a deterrent, or human spamming is on the rise. For that, I guess I need to look at my server logs and see how long those folks are taking to get through the registration process. Fortunately there is still no answer for the Spammer Hammer, which makes it easy for my moderator team to quickly and easily eradicate all traces of the spammer from the board.

And gmail? Is it still the number one source of spam attempts? It would be interesting to check. I have not looked at those statistics in months (years?).

And I missed Libertyvasion. :-( I had intended to go, but all of a sudden August was here and I had not made any plans, so I stayed home. I have watched some of the sessions posted to Youtube, and it did look fun. I will hopefully be ready for the next one. Anyone know when / where that will be? ;-)

Comments September 14, 2010

Load Balanced Proxy Configuration = Bad Session Management

Filed under: phpBB — Dave Rathbun @ 4:34 pm CommentsComments (3) 

A few weeks ago I stopped being able to log in to my phpBB2 boards from work. Ha. Did they think that would stop me from wasting time? :lol:

In all seriousness, my main board is directly related to what I do at work, so there’s no reason for them to have blocked access to the site. And they didn’t, at least not on purpose. What happened was the IP configuration for our proxy load balancers got updated in some fashion. Now I don’t work for the network team so I don’t know exactly what configuration was changed and where. But I can tell you that instead of the last octet of my IP address potentially changing as I move from page to page, now the last two octets are changing. And that’s causing a problem. More…

Comments September 13, 2010

Cobwebs: Do You Have One?

Filed under: blog — Dave Rathbun @ 2:11 pm Comments Off 

Note from author: ironically I started writing this well over a year ago. Given the amount of attention given to this web site for the past year+ it seems to be a good point to finish and release the post. 8-)

I read a great article a few years back that – at least to me – had come up with a great term to describe dead web pages. Any page – blog, board, or otherwise – that had not been updated in quite some time was called a “cobweb”. :lol: I found it funny.

Tonight I was browsing my way around the blogosphere and happened upon a blog that I have not visited in over a year. Guess what? No updates, not one, in that entire time. But it gets better… in this particular bloggers blogroll (a list of blogs that this blogger, at least in theory, has some interest in) not a single one of them had been updated in over a year. :shock:

I currently maintain five blogs. This one has been running for several years. My first blog is just for family members and has been running since December of 2004. I have a blog related to my professional work which has been very active and in fact has been quoted in industry magazines. I have a photography blog that seems to be last on the list for updates, and I have a “manly” blog which is where all of the “cool gadget” posts have moved to rather than being posted here. Do I update all of them all of the time? No, unfortunately I don’t have the time. But I do try to update those that seem to have an audience (as made evident by the fact that there are comments on posts).

Why is this important? A blog, like a discussion board or any web community, needs to have a pulse. The pulse can be slow as long as it’s regular. A blog that does not have regular updates, or a discussion board without community involvement will soon die.

Not long ago I was chastised for not logging in to the phpBB2 Refugees site for quite some time. As a member of the community it should not be important that any single person logs in every day. At least that’s my opinion. However, as the administrator / owner of the community, it was a problem. There were a number of spam posts that had built up and I had not taken the proper steps to select a team of moderators. That, certainly, was a problem. I felt like the board activity was low enough that I didn’t have to check in every day. Every day became every other day, which became once a week, which became one a month, which became… well, not much. I had created a contact form, but the contact form went into the moderator private forum on the board and to an email address that I forgot to set up when I moved to a new server. So that didn’t do much good.

Long story short, there were (quite understandably) some upset members on the board. I get that. As such, I have taken the following steps. First, I promoted a regular member of the board (who I have known via this blog and the phpbb.com community for a long time) to a moderator. Second, I set it up so the email notification of spam works again. Third, (actually I did this first) I logged in and cleaned up all of the spam using the Spammer Hammer. And fourth, I have logged in more regularly on that board and have tried to start writing on this blog once again. We’ll see if it lasts, or if it’s a momentary disturbance in a cobweb.

Comments August 7, 2010

Delayed Spamming

Filed under: Anti-spam, phpBB — Dave Rathbun @ 1:58 pm CommentsComments (4) 

I’m sure I’m not alone in seeing this new spammer tactic… I called it delayed spam. How does it work?

A spammer registers on a board. They might not do anything for a while. Then they try to post something that looks legitimate, using generic language that could be appropriate anywhere. Stuff like:

You make some good points, please keep posting

I find your arguments compelling, can you link your sources?

Thanks, it helped me

None of those add anything to the discussion, but they’re not really spam. What happens next? The spammer goes quiet for a few weeks, hoping that the topics they have posted in will fade from the front page. Then they carefully go back in and edit their post. They might change the text of the post itself, or they might add a signature that wasn’t there before. They are relying on the fact that phpBB (and other boards as well) do not bump a post back to the front page if something is edited, only if new content is added.

Very frustrating.

So far I have not come up with a programmatic solution to the problem. I am working on code that will capture the edit history of a post and allow board moderators to revert to an original version, so that at least would let me prove how the spammer added their content after the fact. That doesn’t solve the problem, it just provides an audit trail should I decide to try to take action against the spammer.

A frequent suggestion at this point might be something along the lines of preventing someone from posting URLs or links until they reach a certain level of post. That doesn’t help either, as the spammers often have five or ten posts under their belt before they come back and edit. Plus it impacts the legitimate new users that come on board with questions that require links. It’s not my favorite concept.

So today what my moderator team does is a manual process. When we get a suspected spammer, they will do a web search for either their username, their email address, or both. If they find the same username on hundreds of different boards that’s a good indication they’re a spammer, especially if the user is recently registered on all of them. They can also pull up posts from the user on these other boards. If they look similar to what they’re posting on our board, that’s another indication. All of these steps are used to decide whether to preemptively ban the spammer before they spam, or decide to wait.

It’s all a manual process for now. So while I’ve been away from phpBB2 for a while because of other demands on my time, this has never really been far from my mind. I just haven’t come up with an idea that can be implemented in code versus a manual process.

Guess I should check in with the BB Protection folks, and see what they’re up to at this point.

« Previous PageNext Page »

Powered by WordPress