Help! Board Issues

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
gprimr1
Registered User
Posts: 41
Joined: Mon Jun 17, 2019 3:43 am

Help! Board Issues

Post by gprimr1 »

Hello

I recently took over managing a large PHPBB board. The board had been poorly maintained and was running 3.0.10 and the server was running PHP so old that Wordpress refused to even run.

I took over and migrated the PHP to 7.2 and the forum to 3.2.7. We then discovered the server is woofully underpowered and produced 503 errors daily due to overload.

I moved the forum to InMotionHosting and we have got rid of the 503 errors but we have a whole group of new errors.

Users are reporting that when they open the forum, they are signed in as someone else.

Users are reporting that they get "too many logins" after 1 failed login. Everyone is getting challenged with captcha on almost every failed login. I find it hard to believe every single user is being brute forced to the point it's triggering capatcha.

We are losing business as a result of this and I don't know what to do. I'm going to go back to the host tomorrow and complain but is there anything we can change on the forum. We are actually at the point some members are asking why we bothered moving servers and they would have tolerated the 503 errors.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Help! Board Issues

Post by KevC »

gprimr1 wrote: Mon Jun 17, 2019 3:50 am Users are reporting that when they open the forum, they are signed in as someone else.
This is very common when the host is using session caching. If they have Varnish or Cloudflare installed it is currently set up incorrectly. The other issues are probably a knock on effect of that too.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
gprimr1
Registered User
Posts: 41
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 »

Here is my support log:


Support Request Template
What version of phpBB are you using? phpBB 3.2.7
What is your board's URL? https://www.railroad.net/forums
Who do you host your board with? InMotionHosting.com
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Update from a previous version of phpBB3
Is registration required to reproduce this issue? No
Do you have any MODs installed? Yes
Do you have any extensions installed? Yes
What version of phpBB3 did you update from? phpBB 3.0.11
What MODs do you have installed? Old Version of AutoMod No longer functional
What extensions do you have installed? Google Adsense Manager
What styles do you currently have installed? Prosilver, Else
What language(s) is your board currently using? English
Which database type/version are you using? MariaDB
What is your level of experience? New to PHP and phpBB
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? Migrated forum from one server to another.
Please describe your problem. Users opening the page see themselves logged in as random users.

Users are challenged for capatcha and locked out after 1 failed login.
Generated by SRT Generator
gprimr1
Registered User
Posts: 41
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 »

They don't use Varnish or Cloudflare but use Nginx.

I asked them to disable Nginx for the folder holding the forums.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52768
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Help! Board Issues

Post by stevemaury »

Take a look at https://www.railroad.net/forums/docs/nginx.sample.conf and see if anything in there helps you or your host with nginx.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Help! Board Issues

Post by Lumpy Burgertushie »

and you have to remove all traces of the MODs from your files and the database. that was supposed to be part of the upgrade.

that includes automod changes to the database and all the files.

also, disable all extensions while you are testing things.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
gprimr1
Registered User
Posts: 41
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 »

I'll pass this to them.

I asked them to disable Nginx. So far I haven't seen the issue of showing as logged in as someone else, but the captcha issues continue.

I'm also looking at the DB that runs the forum. It has over 100 tables, of which have names that begin phpbb2_ and cpg135_ and phpbb3_

Then there are also phpbb_

I'm wondering if those phpbb2 and cpg135 tables can be deleted.

I guess I should reinstall and then try to remove the automod since it's half uninstalled now.
User avatar
janus_zonstraal
Registered User
Posts: 6418
Joined: Sat Aug 30, 2014 1:30 pm

Re: Help! Board Issues

Post by janus_zonstraal »

I'm wondering if those phpbb2 and cpg135 tables can be deleted.
To what tables is the config.php pointing?
You can delete the others.
Sorry! My English is bat ;) !!!
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Help! Board Issues

Post by Lumpy Burgertushie »

I would not delete them until you are sure what you are doing.

the phpbb2 ones are from an old phpBB2 install
the cpg135 are most likely to a coppermine gallery install that you may or may not need.

the others may or may not be needed
before you delete them, make a complete backup of the whole database.

you may need to reinstall the old phpbb 3.0.x board so you can do a complete upgrade which would include running the STK on the the 3.0.x database to get rid of all the old MOD/automod database entries.

then you should be able to upgrade to 3.2 with no problems.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
gprimr1
Registered User
Posts: 41
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 »

Well disabling the caching seems to have fixed the issue with people opening the forum and showing up as logged in as someone else.

The Captcha is still going crazy.

Now we have a new issue. Every new registration shows the server IP, not the IP of the person registering. This is driving the other guy who runs the forum crazy since he can't do any research on people joining since every IP traces back as the server.

Would I even be able to install a 3.0.11 PHPBB with the DB configured for 3.2.7?
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52768
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Help! Board Issues

Post by stevemaury »

No, and we wouldn't support it anyway. The IP issue is also a server-side issue. They are using some kind of proxy server.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
gprimr1
Registered User
Posts: 41
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 »

Could that be what's triggering the issue everyone getting capatcha'ed?

I just saw another post where someone had the same problem and they said they had the same issue where everyone was logging in from the same server.
User avatar
EA117
Registered User
Posts: 2158
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Help! Board Issues

Post by EA117 »

Sorry to hear there are so many challenges with the new hosting service. "No good deed goes unpunished" I guess, with all the improvements you were trying to deliver. 😉

I do not know nginx configuration or behavior, but it certainly sounds like there is a proxy, and a proxy can many times be configured to be transparent to the server. i.e. Even if there is a proxy between your clients and your application server, it can still be configured to pass along the actual client IP address in a way that is "invisible" to any application expecting the client IP address to be the actual source IP address.

Yes, the captcha situation is probably because every failed login attempt looks like "a login attempt coming from the same IP address as every other failed login attempt." Just an additional symptom of the same underlying root cause.

If whatever proxy is in play currently provides the X-Forwarded-For HTTP header field, its possible your captcha behavior could be mitigated by setting "Limit login attempts by X_FORWARDED_FOR header:" to "Yes" under ACP, General, Server Configuration, Security Settings. At least this seems to be the intention of this setting. If it doesn't have an effect, realize that we don't actually know that the X-Forwarded-For HTTP header field even exists in your configuration; we are just assuming or hoping it might.

There is also related configuration in that same list, "Validate X_FORWARDED_FOR header:", which intends to match new clients to existing sessions using the X-Forwarded-For HTTP header field instead of the IP address the new client request arrived from. Which again, "solves another one of the problems", but doesn't actually "switch the phpBB client IP address value to the one in the X-Forwarded-For HTTP header field."

To literally say "use the X-Forwarded-For HTTP header field value for everything", it appears to require an extension such as [BETA] Trust X-Forwarded-For. Keeping in mind, this still assumes the IP address was being passed in X-Forwarded-For, which is not something we actually know yet in your specific configuration.

If it were my server, I would continue trying to get the hosting service to update any proxy configuration, such that the proxy is transparent to the running applications; phpBB or otherwise. But while waiting for them to do that, I would test the two existing phpBB configuration settings, "Limit login attempts by X_FORWARDED_FOR header:" and "Validate X_FORWARDED_FOR header:".

If those phpBB settings address the primary issues under the current proxy configuration, and the host isn't changing the proxy configuration any time soon, then maybe you want to look into using the [BETA] Trust X-Forwarded-For. So that you could also see "the real IP address" in other situations such as logged messages, moderation IP address info, etc.
gprimr1
Registered User
Posts: 41
Joined: Mon Jun 17, 2019 3:43 am

Re: Help! Board Issues

Post by gprimr1 »

I was finally able to resolve this.

viewtopic.php?t=2133487

Noxwizard's post about modifying the startup.php did the tricck.
Post Reply

Return to “[3.2.x] Support Forum”