Forum software upgrade has finished. Next is apply the various modifications…
… fixed various counters that were out of sync (post count, topic counts, etc) and removed orphaned last_post references and such. Fixed a bug in a FluxBB plugin as well during this process.
… forum registration is disabled so only existing members can login. Will take a while before new OSM users will be able to login again because I’ve decided that the post moderation should be implemented first.
… new New Member group created with restricted permissions (e.g. unable to send emails as the spammers were using the forum email system to send email spam).
… about half way through adding the post moderation modification. Will continue tomorrow when time permits. New users won’t be able to join the forum for now unfortunately.
I am using number of features in my squid - proxy server - to enhance anonymity a little bit
reply_header_access Via deny all
reply_header_access X-Forwarded-For deny all
reply_header_access From deny all
reply_header_access Server deny all
reply_header_access WWW-Authenticate deny all
reply_header_access Link deny all
reply_header_access X-Cache-Lookup deny all
reply_header_access X-Squid-Error deny all
reply_header_access X-Cache deny all
reply_header_access Referer deny all
reply_header_access User-Agent deny all
So far I have had no problems using any of these features on any of the web pages I use until upgrade of this very forum. Now using “reply_header_access Referer deny all” returns following error while posting:
Bad HTTP_REFERER. You were referred to this page from an unauthorized source. If the problem persists please make sure that ‘Base URL’ is correctly set in Admin/Options and that you are visiting the forum by navigating to that URL. More information regarding the referrer check can be found in the FluxBB documentation.
I have disabled that line in squid to post this message, but i would hate it to be the last post as I am not going to turn it of just for one forum, sorry. Besides does that enhance security of the forum anyway?
I have Refcontrol as a Firefox Plugin for years, never had a problem with it until now! Setting is “forge”, it sends the root of site (e.g. forum.openstreetmap.org). Same problem “HTTP_REFERER”. Workaround is to add an exception, but is this security feature really neccessary?
Does choosing one of the other styles (via your Profile page) help?
Yes, that’s one of the modifications I need to re-apply.
Edit: Should be fixed now
Re: Bad HTTP_REFERER
This seems to be a design flaw in FluxBB. I’m not a security expert, so I hope someone more knowledgeable can say if this modification would help? I.e changing from checking a token instead of the HTTP_REFERER?
I see that this is a quite crude security measure by FluxBB, the patch might help here if it applies cleanly. If there is no other easy solution I can life with adding an exception in Refcontrol
Post moderation is implemented now. Existing users should have no trouble posting anywhere, but there are several options at various places so it might need some tinkering to get all settings correct. Please report problems if you encounter one.
Actually I like the “new” way. While it is easy to open a link in a new window or tab (with shift+click or ctrl+click) the user cannot decide to open it in the same tab if it is forced by the software.
Thanks for the forum upgrade. Continuously deleting Spam messages and getting flooded with even more reports was pretty annoying.
The new premoderation seems to work pretty well. I don’t know whether it is intended as a feature, but I like that I can approve posts for parts of the forum that I do not have moderation rights for. It speeds up processing and as long as the mod can understand the language of the post, he can easily tell whether it is SPAM.
The modification simply doesn’t take into account the forum rights of each moderator. But as it happens, I quite like that behaviour as well.
I often check in to approve a post as I get mails from the moderation queue (if you want to get those mails too, just let me know), just to find out someone already approved/deleted it. Thanks!
how many posts do we have to approve before a user is allowed to post unmoderated?
are there any consequences if the mod decides to delete the post?
I just had a case where a user has posted twice - obviously unaware that it takes mod interaction. I approved the first but had to delete the second, obviously.
Llambertus, het Quoten gaat anders dan eerst. Nu zie je een quote met de naam van de auteur maar kun je de quote tekst niet meer in plakken tussen de haakjes en het menu lijkt gewijzigd, kan dat ?
The Quoting menu has changed. The quote gets filled with the name of the autor, but it seems not logic to stick the quote inside it, the menu seems to be changed intended ?