Good ol' phpBB

[Ice Cream Jonsey]

By the way, there is no way to have this template AND stop the Russians from continually spamming the board by creating new users.

Does anyone know what the IP domain for "Russia" is? Because I'd totally block this site from allowing any Russian to view it.

Good ol' phpBB!

[Ice Cream Jonsey]

Went to their site to see if there was a way to make it work with this template, and got this:

www.phpbb.com
Creating Communities


Last updated: 9th February 2005, 12:22 GMT

Hi everyone,

A further update and reminder as to the situation with this site. Our system was compromised Sunday evening by a group of hackers/crackers who (based on available information apparently corroborated by said hackers/crackers) used an exploit in awstats to gain entry. I'll repeat this very clearly since some people and worse some hosting providers are not listening to what is being said. Based on said information we do not believe, nor do we have any reason to believe, that our system was compromised due to any fault in phpBB 2.0.11.

Server update, unfortunately the datacenter where our box is located have been less than helpful. The box was supposed to have been shipped Monday, it wasn't. With further pushing we were told it would definitely ship yesterday (Tuesday), it didn't. The box is now being collected "manually". Very unimpressive service quite frankly. Because of this we are now working to an altered plan which may see the site return tomorrow (Thursday 9th) or Friday (10th). Please note that we will not be able to comment on the method used to exploit our site for at least several days.

It is actually quite fustrating at present that some hosting providers are asking or forcing their customers to remove installs of phpBB 2.0.11 due to the loss of phpbb.com. As I say above, our best available information right now is that phpBB was not to blame. If a hosting provider knows different perhaps they can inform us (along with details of how they know!).

Equally it's annoying to see some people posting the same old highlighting exploit claiming their 2.0.11 board was hacked via it. Again unless my team and indeed our other teams, heck large sections of our community, are all lying to me that vulnerability was fixed in 2.0.11. Sites running .11 and claiming (or thier hosts claiming) to have been attacked using it should take a close look at other applications they have installed. phpBB is not alone in being exploited, all the major boards can be if you don't update as new releases are made. Equally users should ensure the relevant highlighting fix is indeed present. Over the years we've dealt with thousands of users who say they've patched something (be it an exploit or bug) but upon examination we've discovered the problem code is still there. Equally hosts should look at their own systems. Are you running awstats if so have you updated? Do you regularly update your OS and particularly the kernel (if appropriate) as fixes are released? Are your users running old versions of other PHP/Perl/etc. software? Have you set appropriate permissions on key folders such as /tmp and /var/tmp? Is your webserver running with as few permissions as possible? Just because we overlooked something doesn't mean you should!

To our community, please do not ask us for further updates as to the situation, its cause, etc. Everything we have to say is said here. Our support channel (#phpbb) on IRC has at times been swamped with "What happened? Any news?" style questions which are making it extremely difficult to support users with real issues. So we appreciate the interest but please, accept that we have nothing else to add.

Users in need of support with phpBB 2.0.x can visit our development board, area51.phpbb.com where such support is being offered at this time. Of course you can also view the next version of phpBB, 3.0 "Olympus" in the process (minus the new style of course!). We are also maintaining our IRC support channel, #phpbb on the irc.freenode.net network

Again we apologise for any problems this may cause our userbase. We obviously take the huge support our community gives phpBB very seriously. And we will do our best to return to "normal operations" just as soon as we can.

psoTFX - phpBB Group

Great. Fantastic.

There's a good chance I'll be changing software soon.

[Jack Straw]

.ru?

Change it!

POS software.

[chris]

Filtering by cannonical name (ie: *.ru) isn't the greatest idea. That assumes that there's a DNS entry for the IP address being used, which isn't always the case.

Compiling an accurate list of IP ranges used by a country is tough. Some other mail admins on an admin list I'm on have done this for countries like China and Korea (that produce a LOT of spam), but I've never seen one for Russia.

In any case, here's a starting point:

http://www.ip-to-country.com/

Chris

[Ice Cream Jonsey]

Ultimately what I would like to do is have phpBB deny registration to any new member that has ".ru" in their profile.

But phpBB.com is down (and it's not their fault! Just ask them! It NEVER IS their fault!) and trudging through the stupidity on their forum is a useless venture anyway.

[Hackity Hack Hack]

If you're running 2.0.11, it is possible to hack in the visual-confirmation thing for sign-up. It may be as easy as dropping:

Code: Select all

 	<!-- Visual Confirmation -->
	<!-- BEGIN switch_confirm -->
	<tr>
		<td class="row1" colspan="2" align="center"><span class="gensmall">&#123;L_CONFIRM_CODE_IMPAIRED&#125;</span><br /><br />&#123;CONFIRM_IMG&#125;<br /><br /></td>
	</tr>
	<tr> 
	  <td class="row1"><span class="gen">&#123;L_CONFIRM_CODE&#125;&#58; * </span><br /><span class="gensmall">&#123;L_CONFIRM_CODE_EXPLAIN&#125;</span></td>
	  <td class="row2"><input type="text" class="post" style="width&#58; 200px" name="confirm_code" size="6" maxlength="6" value="" /></td>
	</tr>
	<!-- END switch_confirm -->

into the appropriate place in phpBB2/templates/KageWhatever/profile_add_body.tpl, like after the password or thereabouts, and then (but not before) turning on visual confirmation in the admin panel. Or there may be slightly more to it than that.

But back up your whole phpBB2 tree before you fiddle with it, please.

[Ice Cream Jonsey]

Thank you, Media-Friendly Neighborly Hacker!

[Lysander]

I do not like those image-verification codes.

No, sir. I do not like them one bit.

[Bella Karoly]

No, please don't ban an entire country. Besides being a hot bed for women's gymnastics, some people enjoy honeymooning in our country, the world's leader in depression and communist failure.

[Ice Cream Jonsey]

I do not like those image-verification codes.

No, sir. I do not like them one bit.

YOU wouldn't encounter it. It's just for automated Soviet registration bots. Which, frankly, has been the only topic worthy of discussion here as of late.

Sorry. I could tell everyone what classes are like, I guess.

[Lex]

Robb, make a new topic explaining what your classes are like.

[Ice Cream Jonsey]

Okay.

OO programming: I knew a...

Oh, a new topic.