Help! Board Issues

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
gprimr1
Registered User
Posts: 6
Joined: Mon Jun 17, 2019 3:43 am

Help! Board Issues

Post by gprimr1 » Mon Jun 17, 2019 3:50 am

Hello

I recently took over managing a large PHPBB board. The board had been poorly maintained and was running 3.0.10 and the server was running PHP so old that Wordpress refused to even run.

I took over and migrated the PHP to 7.2 and the forum to 3.2.7. We then discovered the server is woofully underpowered and produced 503 errors daily due to overload.

I moved the forum to InMotionHosting and we have got rid of the 503 errors but we have a whole group of new errors.

Users are reporting that when they open the forum, they are signed in as someone else.

Users are reporting that they get "too many logins" after 1 failed login. Everyone is getting challenged with captcha on almost every failed login. I find it hard to believe every single user is being brute forced to the point it's triggering capatcha.

We are losing business as a result of this and I don't know what to do. I'm going to go back to the host tomorrow and complain but is there anything we can change on the forum. We are actually at the point some members are asking why we bothered moving servers and they would have tolerated the 503 errors.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69101
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Help! Board Issues

Post by KevC » Mon Jun 17, 2019 8:00 am

gprimr1 wrote:
Mon Jun 17, 2019 3:50 am
Users are reporting that when they open the forum, they are signed in as someone else.
This is very common when the host is using session caching. If they have Varnish or Cloudflare installed it is currently set up incorrectly. The other issues are probably a knock on effect of that too.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

gprimr1
Registered User
Posts: 6
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 » Mon Jun 17, 2019 2:13 pm

Here is my support log:


Support Request Template
What version of phpBB are you using? phpBB 3.2.7
What is your board's URL? https://www.railroad.net/forums
Who do you host your board with? InMotionHosting.com
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Update from a previous version of phpBB3
Is registration required to reproduce this issue? No
Do you have any MODs installed? Yes
Do you have any extensions installed? Yes
What version of phpBB3 did you update from? phpBB 3.0.11
What MODs do you have installed? Old Version of AutoMod No longer functional
What extensions do you have installed? Google Adsense Manager
What styles do you currently have installed? Prosilver, Else
What language(s) is your board currently using? English
Which database type/version are you using? MariaDB
What is your level of experience? New to PHP and phpBB
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? Migrated forum from one server to another.
Please describe your problem. Users opening the page see themselves logged in as random users.

Users are challenged for capatcha and locked out after 1 failed login.
Generated by SRT Generator

gprimr1
Registered User
Posts: 6
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 » Mon Jun 17, 2019 2:28 pm

They don't use Varnish or Cloudflare but use Nginx.

I asked them to disable Nginx for the folder holding the forums.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50495
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Help! Board Issues

Post by stevemaury » Mon Jun 17, 2019 3:03 pm

Take a look at https://www.railroad.net/forums/docs/nginx.sample.conf and see if anything in there helps you or your host with nginx.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

User avatar
Lumpy Burgertushie
Registered User
Posts: 66324
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Help! Board Issues

Post by Lumpy Burgertushie » Mon Jun 17, 2019 3:22 pm

and you have to remove all traces of the MODs from your files and the database. that was supposed to be part of the upgrade.

that includes automod changes to the database and all the files.

also, disable all extensions while you are testing things.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

gprimr1
Registered User
Posts: 6
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 » Mon Jun 17, 2019 6:57 pm

I'll pass this to them.

I asked them to disable Nginx. So far I haven't seen the issue of showing as logged in as someone else, but the captcha issues continue.

I'm also looking at the DB that runs the forum. It has over 100 tables, of which have names that begin phpbb2_ and cpg135_ and phpbb3_

Then there are also phpbb_

I'm wondering if those phpbb2 and cpg135 tables can be deleted.

I guess I should reinstall and then try to remove the automod since it's half uninstalled now.

User avatar
janus_zonstraal
Registered User
Posts: 3262
Joined: Sat Aug 30, 2014 1:30 pm

Re: Help! Board Issues

Post by janus_zonstraal » Mon Jun 17, 2019 7:37 pm

I'm wondering if those phpbb2 and cpg135 tables can be deleted.
To what tables is the config.php pointing?
You can delete the others.
Sorry! My English is bat ;) !!!

User avatar
Lumpy Burgertushie
Registered User
Posts: 66324
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Help! Board Issues

Post by Lumpy Burgertushie » Mon Jun 17, 2019 8:02 pm

I would not delete them until you are sure what you are doing.

the phpbb2 ones are from an old phpBB2 install
the cpg135 are most likely to a coppermine gallery install that you may or may not need.

the others may or may not be needed
before you delete them, make a complete backup of the whole database.

you may need to reinstall the old phpbb 3.0.x board so you can do a complete upgrade which would include running the STK on the the 3.0.x database to get rid of all the old MOD/automod database entries.

then you should be able to upgrade to 3.2 with no problems.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

gprimr1
Registered User
Posts: 6
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 » Wed Jun 19, 2019 2:03 pm

Well disabling the caching seems to have fixed the issue with people opening the forum and showing up as logged in as someone else.

The Captcha is still going crazy.

Now we have a new issue. Every new registration shows the server IP, not the IP of the person registering. This is driving the other guy who runs the forum crazy since he can't do any research on people joining since every IP traces back as the server.

Would I even be able to install a 3.0.11 PHPBB with the DB configured for 3.2.7?

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50495
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Help! Board Issues

Post by stevemaury » Wed Jun 19, 2019 2:08 pm

No, and we wouldn't support it anyway. The IP issue is also a server-side issue. They are using some kind of proxy server.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

gprimr1
Registered User
Posts: 6
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 » Wed Jun 19, 2019 3:03 pm

Could that be what's triggering the issue everyone getting capatcha'ed?

I just saw another post where someone had the same problem and they said they had the same issue where everyone was logging in from the same server.

User avatar
EA117
Registered User
Posts: 636
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Help! Board Issues

Post by EA117 » Wed Jun 19, 2019 4:31 pm

Sorry to hear there are so many challenges with the new hosting service. "No good deed goes unpunished" I guess, with all the improvements you were trying to deliver. 😉

I do not know nginx configuration or behavior, but it certainly sounds like there is a proxy, and a proxy can many times be configured to be transparent to the server. i.e. Even if there is a proxy between your clients and your application server, it can still be configured to pass along the actual client IP address in a way that is "invisible" to any application expecting the client IP address to be the actual source IP address.

Yes, the captcha situation is probably because every failed login attempt looks like "a login attempt coming from the same IP address as every other failed login attempt." Just an additional symptom of the same underlying root cause.

If whatever proxy is in play currently provides the X-Forwarded-For HTTP header field, its possible your captcha behavior could be mitigated by setting "Limit login attempts by X_FORWARDED_FOR header:" to "Yes" under ACP, General, Server Configuration, Security Settings. At least this seems to be the intention of this setting. If it doesn't have an effect, realize that we don't actually know that the X-Forwarded-For HTTP header field even exists in your configuration; we are just assuming or hoping it might.

There is also related configuration in that same list, "Validate X_FORWARDED_FOR header:", which intends to match new clients to existing sessions using the X-Forwarded-For HTTP header field instead of the IP address the new client request arrived from. Which again, "solves another one of the problems", but doesn't actually "switch the phpBB client IP address value to the one in the X-Forwarded-For HTTP header field."

To literally say "use the X-Forwarded-For HTTP header field value for everything", it appears to require an extension such as [BETA] Trust X-Forwarded-For. Keeping in mind, this still assumes the IP address was being passed in X-Forwarded-For, which is not something we actually know yet in your specific configuration.

If it were my server, I would continue trying to get the hosting service to update any proxy configuration, such that the proxy is transparent to the running applications; phpBB or otherwise. But while waiting for them to do that, I would test the two existing phpBB configuration settings, "Limit login attempts by X_FORWARDED_FOR header:" and "Validate X_FORWARDED_FOR header:".

If those phpBB settings address the primary issues under the current proxy configuration, and the host isn't changing the proxy configuration any time soon, then maybe you want to look into using the [BETA] Trust X-Forwarded-For. So that you could also see "the real IP address" in other situations such as logged messages, moderation IP address info, etc.

Post Reply

Return to “[3.2.x] Support Forum”