4Teach wrote:This is what i was looking for a long time, i 'll just say you did a awesome work. but before using this i have some questions in my mind.
Sure, I'm a little tired now, and my memory is not at its best state, and I have a little headache, but will try to answer your questions generally and as best I can for the moment.
#1. 'll it slow down the board speed or is speed effected by this?
This MOD kicks in only once, on a per-user basis, only when their session is first created, and typically takes a few (3-6) seconds to load on a 256kbps connection. i.e. when they first open the forum, or after a revisit when their previous session timed-out (depends on session length you set in ACP). The time it actually actually takes to load varies for each user because it depends on a few factors, such as their bandwidth, the server bandwidth and server load, and ultimately whether the user visited the forum previously or not (because that determines whether the forum style is cached in the user's browser), and how many supported browser plugins they have installed and enabled when they visit the forum that has this MOD..
#2. is it compatible with v3.0.4,5 and up coming v3.0.6?
The last version has been released a while back, when 3.0.2 was the latest. Having said that, it seems quite a few people have been experiencing some very odd situation where they are unable to login to the forum after installing this MOD. Seems like an elusive bug, and not everyone has experienced it (I certainly haven't). I plan on making a fresh test install of phpBB3.0.5 and updating for that, pretty soon, so keep a close eye..
#3. can i avoid using Flash player? (not all people and browser have installed it by default)
for more info on that, see screenshots in first post of this thread.
#4. any false positive problems with this?
The components of this MOD that can generate false positives are not enabled as a blocking method by default, for realiability reasons. They still are triggered and do log info (which you can view in the ACP), but do not block by default.. An example of that would be the X_FORWARDED_HOST check, and the tracking cookie check. Also see screenshots in first post of this thread.
Other checks such as java and flash and realplayer plugin techniques, and the TORDNSEL check, simply cannot generate false positives, because they will never trigger unless the user's is going through some sort of proxy.. However, our definitions of false-positives can differ significantly... For instance, if you consider a scenario where a end-user's ISP transparently forwards the user's web traffic through a filtering/caching proxy without the end-users knowledge (by content interception and redirection, such as in many countries where internet is censored), then you might consider that a false-positive, but the MOD certainly has no way of determining that.
In which case, the MOD has alternative configuration options to account for such fallbacks, which is "deferring" detection methods. This allows the tests to only be run when the user either: 1. click register, or 2. logs in... This allows you to disallow registrations from proxied users, while allowing legitimate users who are forced to access your site through a proxy to login with their existing "trusted" account.
#5. any future release plans for this to make it more better?
see my previous post on my plans to add quite a few more (reliable) methods of detection and blocking
Shukriya & Salaam