Search found 71 matches

by Joe User
Mon Dec 01, 2014 1:02 pm
Forum: [3.1.x] Support Forum
Topic: max_allowed_packet required
Replies: 5
Views: 278

Re: max_allowed_packet required

Show your full my.cnf please.
by Joe User
Tue Nov 04, 2014 11:26 pm
Forum: phpBB Discussion
Topic: [Discuss] phpBB 3.1.1 Release - Please Update
Replies: 82
Views: 13577

Re: [Discuss] phpBB 3.1.1 Release - Please Update

It's all in the changelog . This document is also in each phpBB package. ;) Hmm, no, that's not what I'm talking about. I'm referring to a document or preferably webpage that clearly outlines all the main changes between the 3.0 version and 3.1 Looked at "About -> 3.1 New Features" in the topnav?
by Joe User
Sun Nov 02, 2014 2:16 pm
Forum: phpBB Discussion
Topic: [Discuss] phpBB 3.1.1 Release - Please Update
Replies: 82
Views: 13577

Re: [Discuss] phpBB 3.1.1 Release - Please Update

Can we please get a CVE-ID for the security issue, thanks.
by Joe User
Fri Oct 24, 2014 3:25 pm
Forum: [3.1.x] Support Forum
Topic: This forum looks different, what happened?
Replies: 2
Views: 172

Re: This forum looks different, what happened?

It's just running 3.1 now.
by Joe User
Fri Nov 16, 2012 11:15 pm
Forum: [3.0.x] Support Forum
Topic: hammered by newly registered members
Replies: 566
Views: 40488

Re: hammered by newly registered members

The spamrun is currently sloweddown to let the ahrefsbot crawl the targets to proof the efficiency of the spamrun. A little statistic for this spamrun from one of my forums from the last 24 hours (full nov 16 in germany): 679 * 'GET /forum/ucp.php?mode=register' 1754 * 'POST /forum/ucp.php?mode=regi...
by Joe User
Fri Nov 16, 2012 4:35 pm
Forum: [3.0.x] Support Forum
Topic: hammered by newly registered members
Replies: 566
Views: 40488

Re: hammered by newly registered members

I believe i found a way to identify the bots: all user-agent-strings of the bot-registration-attempts had a two-letter string in it from which at least one letter was always a capitalized Y, but that's realy not enough to filter them out without false-positives :-/ EDIT: argh, sorry, i was wrong, no...
by Joe User
Fri Nov 16, 2012 3:38 pm
Forum: [3.0.x] Support Forum
Topic: hammered by newly registered members
Replies: 566
Views: 40488

Re: hammered by newly registered members

Investigated this even more, i found references to lists with more than 5 million text-captchas for xrumer to target phpbb, so this spamrun will last a very long time and many q&a won't work anymore. Time for something new... btw: for the devs/mods meaning that guest-posting might be an answer: http...
by Joe User
Fri Nov 16, 2012 2:54 pm
Forum: [3.0.x] Support Forum
Topic: hammered by newly registered members
Replies: 566
Views: 40488

Re: hammered by newly registered members

After reading http://en.wikipedia.org/wiki/XRumer i looked at the spamposts found in my and other forums from the last hours and i'm sure that this tool is used for this spamrun, as all spamposts look exactly as described in the wp-article. So, even if it might not suggest that phpBB is vulnerable p...
by Joe User
Fri Nov 16, 2012 2:04 pm
Forum: [3.0.x] Support Forum
Topic: hammered by newly registered members
Replies: 566
Views: 40488

Re: hammered by newly registered members

The Bots are accessing the registration-form directly without rendering the registration-page (accesses to the images, javascripts or stylesheets are *not* logged for the bot-registers), so it has to be an exploit. Even changing the captchas from q&a to the other captchas in many diffrent non-defaul...
by Joe User
Mon Jul 23, 2012 5:45 pm
Forum: phpBB Discussion
Topic: Security Tracker
Replies: 42
Views: 4484

Re: Security Tracker

The sec-bug is fixed, but not the other two bugs that were discussed here.
by Joe User
Mon Jul 09, 2012 11:32 am
Forum: phpBB Discussion
Topic: Security Tracker
Replies: 42
Views: 4484

Re: Security Tracker

Ticket ID: 63108
Status: fixed
by Joe User
Sat Jul 07, 2012 4:19 pm
Forum: phpBB Discussion
Topic: Security Tracker
Replies: 42
Views: 4484

Re: Security Tracker

I had a similar solution at hand, but yours is a little bit nicer than mine, thanks for that.

vectra-mods, who is the mentioned dev, who will be responsible for my package? And don't tell me to reopen/recreate a bugreport, as that's not going to happen...
by Joe User
Sat Jul 07, 2012 11:27 am
Forum: phpBB Discussion
Topic: Security Tracker
Replies: 42
Views: 4484

Re: Security Tracker

That's not the point, the point is, that there are the pm's and private forums, which data is not public. So i would have to ask every user who wrote a pm or posted non-public to allow me to hand his/her data over to a third party. Without this i would break the law, which is by the way the same in ...
by Joe User
Sat Jul 07, 2012 10:29 am
Forum: phpBB Discussion
Topic: Security Tracker
Replies: 42
Views: 4484

Re: Security Tracker

A copy of the files is not a problem, but the database is not an option. Neither our privacy policy, nor the german data protection law will allow this.
by Joe User
Fri Jul 06, 2012 3:37 pm
Forum: phpBB Discussion
Topic: Security Tracker
Replies: 42
Views: 4484

Re: Security Tracker

Err, two steps, first move posts with quick tools, then delete user retaining posts

Go to advanced search