Upgrading to phpBB3
Forum rules
Please read the Forum rules and policies before posting.
Please read the Forum rules and policies before posting.
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
I was about to go to bed, but since this came up, I just headed over to phpBB site and v3 finally went gold this week after 5 years of development. Jeez... that makes me nervous indeed. I know it's an open source project and these things take time, but after seeing the mess they made with the permissions panel last year, I'm not confident in their ability to deliver a stable product anymore.
BUT.... it would be easy to upgrade (more or less) and it's free. More stable solutions cost money.
Who's up for an upgrade over the hols?
BUT.... it would be easy to upgrade (more or less) and it's free. More stable solutions cost money.
Who's up for an upgrade over the hols?
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Also, on another note, I now run a server that could handle the forums -- I would be happy to take ownership of hosting. It wouldn't cost anything extra and as I'm now going to be computer based for at least the next 2-3 years through my new business, it's probably more convenient for me than ever to take over. Cows?
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Nope, I can do it all. I downloaded the forum database last night (220MB) and left it importing to my local SQL overnight -- 12 hours later, it still isn't done! Anyway, when it is, I'm gonna try out a local upgrade to phpBB3 to see how it goes and see if they've improved things since the last time I looked at it.
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Well, we need buy in from Cows and if I do this, I'd really like to take ownership of the domain and have it trasnferred to me. It's gonna be a pain in the ass trying to upgrad eon a server in Czech or wherever the hell it is, and if there are problems, support might take ages to sort out.
So we'll have to wait for a bit until Cows sees this and gets in on the disccssion, which means more things will be posted and the database will be well out of synch, so I'll have to go through it all again anyway. It's not so bad, especially if I do the conversion directly online as I won't have to spend a day downloading and importing the newest data to my machine.
On another note, I've just logged in. Checking the board stats:
Total posts 66691 • Total topics 6081 • Total members 954 • Our newest member: slickrcbd
It seems to have missed some stuff and added others. Oh well, I ain't going through it to work out what changed!
So we'll have to wait for a bit until Cows sees this and gets in on the disccssion, which means more things will be posted and the database will be well out of synch, so I'll have to go through it all again anyway. It's not so bad, especially if I do the conversion directly online as I won't have to spend a day downloading and importing the newest data to my machine.
On another note, I've just logged in. Checking the board stats:
Total posts 66691 • Total topics 6081 • Total members 954 • Our newest member: slickrcbd
It seems to have missed some stuff and added others. Oh well, I ain't going through it to work out what changed!
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Not impressed with the default skin and we'd be looking at this for quite some time until either a) I get the time to create a new one or b) people start creating new skins.
http://resonantedge.com/misc/phpbb3skin.png
EDIT: They included SubSilver too which is a bit easier on the eye.
http://resonantedge.com/misc/phpbb3skin.png
EDIT: They included SubSilver too which is a bit easier on the eye.
We could live with it a while, I am sure if needs be....
More interested in the security side - can we ban whole domains *like *ru or *cn)?
Can we ban partial e-mail addressed in using name not domain (like bradpitt@* or *google@*)?
These are useful catchalls, and not having them still lets alot of bots register with impunity even though i started doing banning like this until I realsied it wasnt' working!
Also, what's the cachpa like? (however you spell it)
More interested in the security side - can we ban whole domains *like *ru or *cn)?
Can we ban partial e-mail addressed in using name not domain (like bradpitt@* or *google@*)?
These are useful catchalls, and not having them still lets alot of bots register with impunity even though i started doing banning like this until I realsied it wasnt' working!
Also, what's the cachpa like? (however you spell it)
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Yeah, should have. We have that here too though -- "View Posts since last visit" works for me. It's where I go when I login, in fact I bookmark the link as it's the easiest way to see what's new.
http://www.dungeon-master.com/forum/sea ... d=newposts
http://www.dungeon-master.com/forum/sea ... d=newposts
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
OK, for the sake of Cowsmonaut and anyone else who has an interest in these things, here's a summary of what I'd like to do around here to improve things.
Short term (next few days):
Move the forums from /dungeon-master.com/forum/ to /dungeon-master.com/something-else-not-in-search-listings/.
The rationale for this is that it should reduce registrations by spam-bots which are becoming a huge nightmare to manage around here. I've deleted and blocked 40 or so just in the last few days. Beo must have done hundreds over the last year. It's a complete waste of time and we'd all much rather be using our valuable time for fun stuff instead of combatting mindless spam-jerks.
The downside is that all search results that have indexed the /forums/ link won't work and anyone using a bookmark will no longer reach the forums. I would put an interim page here stating what the corect URL is (but without a link as this is what spam-bots will follow). We'd also need to change the home-page to remove actual forum links. Note: This may only be useful for a matter of weeks -- it's unknown how quickly spam-bots will harvest the new URL
Medium Term (next few weeks)
1) Upgrade to phpBB3 which has improved security
2) Use phpBB3 to setup better moderator groups, security profiles and train the forum moderators on how to use their powers effectively.
Long term (next few months)
1) Transfer ownership of the dungeon-master.com domain to me. Reasoning: I can much more easily manage things from an English hosting package rather than dealing with unreadable Czech websites or being twice removed from our point of contact (ZPC)
2) Then transfer the actual website and forum to the new hosting package.
Note: A yearly cost will be involved in the hosting. Currently Cow's pays this. Moving to a new host, depending on cost, either I would be willing to pay for this myself or maybe we can consider contributions from the community to keep it running.
The bottom line is that we need to make some serious improvements to stop the admins going insane and reduce spammers as much as possible.
Please add your thoughts.
Short term (next few days):
Move the forums from /dungeon-master.com/forum/ to /dungeon-master.com/something-else-not-in-search-listings/.
The rationale for this is that it should reduce registrations by spam-bots which are becoming a huge nightmare to manage around here. I've deleted and blocked 40 or so just in the last few days. Beo must have done hundreds over the last year. It's a complete waste of time and we'd all much rather be using our valuable time for fun stuff instead of combatting mindless spam-jerks.
The downside is that all search results that have indexed the /forums/ link won't work and anyone using a bookmark will no longer reach the forums. I would put an interim page here stating what the corect URL is (but without a link as this is what spam-bots will follow). We'd also need to change the home-page to remove actual forum links. Note: This may only be useful for a matter of weeks -- it's unknown how quickly spam-bots will harvest the new URL
Medium Term (next few weeks)
1) Upgrade to phpBB3 which has improved security
2) Use phpBB3 to setup better moderator groups, security profiles and train the forum moderators on how to use their powers effectively.
Long term (next few months)
1) Transfer ownership of the dungeon-master.com domain to me. Reasoning: I can much more easily manage things from an English hosting package rather than dealing with unreadable Czech websites or being twice removed from our point of contact (ZPC)
2) Then transfer the actual website and forum to the new hosting package.
Note: A yearly cost will be involved in the hosting. Currently Cow's pays this. Moving to a new host, depending on cost, either I would be willing to pay for this myself or maybe we can consider contributions from the community to keep it running.
The bottom line is that we need to make some serious improvements to stop the admins going insane and reduce spammers as much as possible.
Please add your thoughts.
Last edited by Gambit37 on Wed Jan 02, 2008 2:19 am, edited 1 time in total.
- ChristopheF
- Encyclopedist
- Posts: 1544
- Joined: Sun Oct 24, 1999 2:36 pm
- Location: France
- Contact:
I also think it would certainly not take a long time for bots to find out the new url.
But why not try it and see how effective this really is...
Do you know if the final phpbb version 3 has an updated captcha that might resist spammers for some time?
But why not try it and see how effective this really is...
Do you know if the final phpbb version 3 has an updated captcha that might resist spammers for some time?
Christophe - Dungeon Master Encyclopaedia
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
The captcha is much better and there are also other things that can be done to make registration much harder:
http://www.phpbb.com/community/viewtopi ... 6&t=586538
However, I just found that this guy cracked the default phpBB3 captcha in an evening!
http://www.apathysketchpad.com/blog/200 ... -captchas/
I need to check my local install to see if this was improved in the final version.
http://www.phpbb.com/community/viewtopi ... 6&t=586538
However, I just found that this guy cracked the default phpBB3 captcha in an evening!
http://www.apathysketchpad.com/blog/200 ... -captchas/
I need to check my local install to see if this was improved in the final version.
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Another thought is to switch to a less popular forum software, such as SMF, that has very little spam due to it not being ubiquitous. One of the reasons phpBB forums get so much spam is that there are so many of them, the spammers target them first.
EDIT: And another alternative would be to simply upgrade to the last version of v2, forget v3 for a while and install this MOD:
http://www.phpbb.com/community/viewtopi ... 6&t=552845
EDIT: And another alternative would be to simply upgrade to the last version of v2, forget v3 for a while and install this MOD:
http://www.phpbb.com/community/viewtopi ... 6&t=552845
- Gambit37
- Should eat more pies
- Posts: 13720
- Joined: Wed May 31, 2000 1:57 pm
- Location: Location, Location
- Contact:
Some other perspectives:
http://bbspam.com/2007/12/12/w3c-has-ha ... h-captcha/
And we could add a textual captcha to either the current version of our forum or if/when we upgrade to v3:
http://bbantispam.com/atc/
http://bbspam.com/2007/12/12/w3c-has-ha ... h-captcha/
And we could add a textual captcha to either the current version of our forum or if/when we upgrade to v3:
http://bbantispam.com/atc/
A cool CAPTCHA that I've seen, is by this guy at Coding Horror (scroll to the form at the bottom). The IT wizard uses the same image/phrase 'orange' every time, rather than trying to dynamically create images with funky fonts each time. I bet some spam still gets through though, and it'd take your time to implement
Very poor example:
Very poor example:
- ChristopheF
- Encyclopedist
- Posts: 1544
- Joined: Sun Oct 24, 1999 2:36 pm
- Location: France
- Contact:
Thanks Gambit for the research and the links.
I would first stick with phpbb v2 and try one or both modules (that would mean less work on your side I think):
MOD1: 'Advanced Textual Confirmation' is very simple to integrate with the forum according to these instructions: http://bbantispam.com/forum/viewtopic.php?t=284
So it would be easy to try it for a few days and see its real effectiveness here on our DM forum.
MOD2: RAC MOD http://www.phpbb.com/community/viewtopi ... 6&t=552845
I would definitely not switch to another, less popular forum software, as the migration would certainly be a nightmare to manage, and we would certainly lose a few things during the operation. And using less popular software means more risk to see the software without future maintenance, less plug-ins available, etc.
I would first stick with phpbb v2 and try one or both modules (that would mean less work on your side I think):
MOD1: 'Advanced Textual Confirmation' is very simple to integrate with the forum according to these instructions: http://bbantispam.com/forum/viewtopic.php?t=284
So it would be easy to try it for a few days and see its real effectiveness here on our DM forum.
MOD2: RAC MOD http://www.phpbb.com/community/viewtopi ... 6&t=552845
I would definitely not switch to another, less popular forum software, as the migration would certainly be a nightmare to manage, and we would certainly lose a few things during the operation. And using less popular software means more risk to see the software without future maintenance, less plug-ins available, etc.
Christophe - Dungeon Master Encyclopaedia