|
Thanks for the update! Now bots cant get in again :)
|
installed v 1.2.2 and did not receive the errors when posting that I had mentioned above. Thanks for the update and good job on the mod. It was killing me to disable this since we have had zero spam registrations since installing this.
|
Thanks for the quick update. v1.2.2 now running with vB4.0.6 and no obvious problems.
However, will check and report back. ;) |
My understanding is that all the show-stopper bugs are fixed and from feedback, this should be running on all 4.x including the recently released vBulletin 4.0.6 as well as long as you are running the latest Spam-O-Matic version 1.2.2 as of this writing.
I am going to stop development on the 1.2 series unless any other show-stoppers pop up. I am adding a section in the first post below the FAQ for consideration of additional features to make life easier. For now though this mod should keep the spammers off of your boards fairly well barring those of you that find conflicts with other mods. |
Could I add the following to the additional features list:
Ability to work with renamed admincp and modcp folders Since this product is essentially a security aid, it should encourage (or at least enable) admins to add as much security to their site installations as possible and the renaming of those two folders is supported in vB as standard and is a sensible security precaution. I have always renamed those folders but I have set them back to default just so that this product will run (yes, it's that useful). I don't mind admitting that I now feel a little vulnerable. Although I'm no expert, I don't think this would be difficult to implement and it would make the product more robust i.e. it wouldn't fail to work if an admin has used the vB renaming feature. Summary statistics The log formatting in 1.2.2 is a big improvement but for those of us with busy boards it would be useful to have a summary of successful registrations and rejected registrations on a per day/week/month basis so that we can get an idea of spammer activity. Excellent mod - should be core to vB. |
I have added a bit about admin and modcp directories to the known issues (also asking for feedback in that section) since I have not tested myself if this works or not and so far, you are only the first to report it.
I will move it to suggestions list as soon as we have more feedback on it. I don't want to spend a lot of time on it if its isolated to you or others do not need it. Lets see what people think and go from there. |
Not sure if you are looking for a list of people that changed their admincp and modcp directory names, but I am one. If I am not mistaken, I think it was suggested in the installation instructions for VB, so I did it. Renaming them to the original names is probably an easy process....I am guessing just editing the lines in the config file??
On a different note, I installed the newest version of this mod last night on my 4.05 VB Forum and it fixed the problem when a user went to post a new thread and got an error. This morning I received a bunch of emails telling me of vb database errors, Here is some info and I am guessing it has something to do with this mod since it was listed in a few of the errors and all the errors have to do with addmember. I have not received these errors for the past few hours, so I am not sure if this was isolated to just this morning. ---------------- Invalid SQL: INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "hfmjgs382", "0", "username");; Followed by: Invalid SQL: SELECT DATEDIFF(NOW(), "2010-08-16 06:00:03") AS DAYS; ---------------- Invalid SQL: INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "xmjbry", "0", "username");; Followed by: Invalid SQL: SELECT DATEDIFF(NOW(), "2010-08-13 22:15:58") AS DAYS; ---------------- Invalid SQL: INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "n42k21@yahoo.com", "0", "email");; ---------------- Invalid SQL: INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "n42k21@yahoo.com", "0", "email");; ---------------- Invalid SQL: INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "csuboh", "0", "username");; ---------------- I am not trying to sharpshoot this mod, I think it is great and an asset to us and our members. I just don't know if others may be receiving this error and wanted to bring it to your attention. Thanks. |
Quote:
1) A fresh, working vBulletin 2) Have decided to change modcp and admincp directories to something other than the default. 3) DO NOT RUN, OR HAVE NOT INSTALLED ANY OTHER ADDONS 4) Have installed the latest Spam-O-Matic. 5) Only have errors when Spam-O-Matic is enabled. I am trying to confirm that as another poster has said that this mod simply does not work because of renaming these directoryies. As for your SQL errors, have they gone away on their own? Have to tried to completely uninstall and re-install this mod? Also perhaps your database is corrupt? Have you tried to repair the affected tables? In any of these cases a full uninstall and re-install should correct it, unless others have the same issue but its the first I have heard. |
Changing the names of the control panel folders is a recommended security precaution, see tip number 8 in this article for another opinion on this.
As for testing, I can confirm that only some of the functions are broken when the folders are renamed, in general the processing of registrations continues unaffected but the mod and admin functions do not work. |
I can't really comment on the security issue, other than the following:
Everyone has their own opinion of what security "should be." There is almost always a trade-off for functionality vs. security and users have to decide where that line is on their own. Keeping the scripts up to date, maintaining an adequate server-side firewall, and strong passwords are generally good enough. As a suggestion, ff you want to maintain functionality of this mod, other mods, make your upgrades easier for mods and the forum scripts themselves, and add another level of security by simply password protecting admincp and modcp using your web servers http_auth functions. Then keep modcp and admincp where they belong. Now your crackers have to first guess your web authorization and secondly they have to get past your script authorization. It's unlikely. Your bug comments are good to know cfish. In this case, hopefully you can wait until 2.x to get past these issues. Hopefully the trade off in reduced spam is worth it. In 2.x we will be removing those functions and making it one stop shopping from the postbit to delete, soft delete, ban etc so the need for admin or mod panels will be bypassed completely and productivity will be increased by just doing the dirty work on the front-end of the forum not the back. |
| All times are GMT. The time now is 12:59 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|