phpBB.com Website Feedback

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
Lumpy Burgertushie
Registered User
Posts: 67236
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: phpBB.com Website Feedback

Post by Lumpy Burgertushie »

thanks, I didn't know that. at least once I finally made my ISP understand that it was not something I could fix, they contacted spamhaus and ther removed the blacklisting immediately.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?

KYPREO
Registered User
Posts: 312
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: phpBB.com Website Feedback

Post by KYPREO »

I got blocked from posting due to Spamhaus listing 2 days ago as well! This was the SBL list which is for email based spam - not your bot-type spam. I was posting from a static ISP-based IP! I don't know how a private static IP belonging to ISP gets blacklisted for email spam unless your running a mail server from your home or your devices are infected with malware, but I definitely know my IP was clear.

Out of interest, I tried 5 other IPs that my ISP had allocated last year (they were getting renewed periodically) and the all were listed by Spamhaus as well - all in the same period of time in the past few days.

There is no way to get off Spamhaus's SBL list if you are not authoritative for the domain. I therefore had to get a new static IP and report the issue to my ISP.

I am comforted to know I am not the only one affected and I am probably not the victim of malware. However, the fact that other people have only now experienced this suggests a problem with Spamhaus and this board should drop it. Legitimate users being shut out due to false positives are far worse than having to deal with spam manually IMO.
phpBB user since 2002
www.AusRotary.com

User avatar
Lumpy Burgertushie
Registered User
Posts: 67236
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: phpBB.com Website Feedback

Post by Lumpy Burgertushie »

Mine was listed because of supposed email spam as well. it took some convincing to get my ISP to deal with it.
I have my own email servers through my domain hosting. this IP is the IP that my ISP assigned me. it has nothing to do with email at all. I don't have email with the ISP at all.
I had not even sent any email from my computer in serveral days of using that IP address.
Once I told the support person at my ISP ( several times) that I could not solve the problem that spamhaus said needed to be solved they finally agreed to deal with the issue themselves.
I found it strange that it only took them contacting spamhaus one time and they got it removed within an hour.


as you said, glad I am not alone in this craziness.

thansk,
robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?

KYPREO
Registered User
Posts: 312
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: phpBB.com Website Feedback

Post by KYPREO »

Even if you had sent email from your IP, this origin IP would not be disclosed if it was sent via a conventional mail or web client. ISP-based mail would be sent through the ISP's mail server. The end-user origin IP is only disclosed if email is generated from the device using a direct mail client like an application sending through SMTP or PHP mail.

There is a hidden quirk in phpBB that if you generate an email through the ACP - for example, you click "Remind User" in Inactive Users to remind them to activate their account - the email header will not only have the phpBB server address, but also the origin IP address of the admin user who initiated the email. :shock: IMHO this is a completely unnecessary and is a lure for a hacker to potentially target forum administrators directly. This should be removed from phpBB or at the very least there should be text warning administrators that their personal IP is included in any ACP-generated email...but that's for another day.

I racked my brains trying to figure out how my home IP could be disclosed in an email header and concluded that it was impossible other than through email generated through the phpBB ACP. I went through the logs in the ACP and all forum generated emails and I had never used this IP address in that way nor did the IP in any email headers.
phpBB user since 2002
www.AusRotary.com

User avatar
John connor
Registered User
Posts: 2462
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: phpBB.com Website Feedback

Post by John connor »

KYPREO wrote:
Fri Feb 14, 2020 3:56 am
Even if you had sent email from your IP, this origin IP would not be disclosed if it was sent via a conventional mail or web client. ISP-based mail would be sent through the ISP's mail server. The end-user origin IP is only disclosed if email is generated from the device using a direct mail client like an application sending through SMTP or PHP mail.

There is a hidden quirk in phpBB that if you generate an email through the ACP - for example, you click "Remind User" in Inactive Users to remind them to activate their account - the email header will not only have the phpBB server address, but also the origin IP address of the admin user who initiated the email. :shock: IMHO this is a completely unnecessary and is a lure for a hacker to potentially target forum administrators directly. This should be removed from phpBB or at the very least there should be text warning administrators that their personal IP is included in any ACP-generated email...but that's for another day.

I racked my brains trying to figure out how my home IP could be disclosed in an email header and concluded that it was impossible other than through email generated through the phpBB ACP. I went through the logs in the ACP and all forum generated emails and I had never used this IP address in that way nor did the IP in any email headers.
I brought this to attention some years ago and I got the run around about spam prevention horse s&*@, etc. So if I'm going to send an email I'll use my email client with the gmail email I have configured for the board in that method rather than the board. Plus, I worked damn hard to hide my origin IP behind CloudFlare to have my origin exposed like that which is ripe for a DDoS or syn flood, etc.

If you want to send a mass email look at Mail Chimp. I use the user details extension and make sure I list all users that allow emails from Admins and use that list of emails. I run two boards... the other is of an adult nature and not listed here. :lol:
Last edited by John connor on Fri Feb 14, 2020 4:58 am, edited 2 times in total.

User avatar
John connor
Registered User
Posts: 2462
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: phpBB.com Website Feedback

Post by John connor »

Lumpy Burgertushie wrote:
Thu Feb 13, 2020 8:46 pm
Hi all,

I just spent two days trying to get my IP released by spamhaus.
I made a post and then a few minutes later I get this error when trying to make another post:
Your IP 52.128.53.254 has been blocked because it is blacklisted. For details please see http://www.spamhaus.org/query/bl?ip=52.128.53.254.
If you click on the link it will tell you the problems.
finally today, I got my ISP support to contact spamhaus and get it released. at first the ISP support was telling me I had to deal with spamhaus but what they wanted were things that I don't have access to in order to make changes.

anyway, what I wonder is why in the world is phpbb.com using spamhaus to help with spam? it has a reputation for having many false positives and other problems.

I also wonder why it would all of a suddent show up with that IP as being blacklisted after a week of working just fine.

I also wonder why it would flag it when trying to make a post. I do not have any notifications set for email etc so why would making a post set it off?

anyway, My ISP contacted spamhaus and got it removed so I can post again.

sorry for the rant.

robert
That's crazy because I use a VPN and if anything would get blocked it be my VPN and I'd have very little recourse on that. I'd have to use another location.

Now what do you make a bet I can connect here with Tor and no two F's given by Spamhaus.

KYPREO
Registered User
Posts: 312
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: phpBB.com Website Feedback

Post by KYPREO »

John connor wrote:
Fri Feb 14, 2020 4:52 am
I brought this to attention some years ago and I got the run around about spam prevention horse s&*@, etc. So if I'm going to send an email I'll use my email client with the gmail email I have configured for the board in that method rather than the board. Plus, I worked damn hard to hide my origin IP behind CloudFlare to have my origin exposed like that which is ripe for a DDoS or syn flood, etc.

If you want to send a mass email look at Mail Chimp. I use the user details extension and make sure I list all users that allow emails from Admins and use that list of emails. I run two boards... the other is of an adult nature and not listed here. :lol:
I am totally with you there. I got fed up with running my own mail server on my webhost server. Quite apart from the issue you raise with origin IP exposure, having a mail server exposes you to constant brute force attacks on mail ports. I use hmail server and even with auto-IP bans etc as well as using IPBan (another service watching for brute force attacks and autobanning IPs), there are hundreds of login attempts a minute. Even with inbuilt virus scanning etc, I still get paranoid about the threat of viruses and malware. Then, if your IP is falsely blacklisted and it shares an IP with your web server, it can cause all sorts of havoc. I don't use phpBB for mass emails either - it is only for forum generated transactional emails.

Having recently migrated to Cloudflare, I just moved my email to Gmail SMTP and haven't looked back. Currently I am using gmail for outgoing mail and then ImprovMX as a forwarding service for incoming mail. Gmail still discloses origin IP in the header for phpBB generated transactional emails. I know this is an example of "security through obscurity" but it's still best to let the web server have nothing to do with email whatsoever. I have been looking into alternatives. The go to used to be Mailgun but they are no longer fee. Mailjet seems to be the best option now and they strip out origin IP for all mail going through their SMTP relay, so that's an option going forward.

Anyway back on topic: Spamhaus sucks and its lists are not to be trusted.
phpBB user since 2002
www.AusRotary.com

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25939
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: phpBB.com Website Feedback

Post by Paul »

If you think it should be removed from phpbb you should report it in the tracker, not here.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
ooi18
Registered User
Posts: 3
Joined: Tue Feb 11, 2020 5:37 am

Re: phpBB.com Website Feedback

Post by ooi18 »

Hi there,

I think the documentation for the extension database is not clear enough.

For instance, in the documentation it mentioned that I will found a button to submit the extension in the extension database page. But When I signed in, I did not found the button. If there is any additional requirement before user can submit extension, why not to share it out in documentation?

User avatar
david63
Registered User
Posts: 17247
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: phpBB.com Website Feedback

Post by david63 »

Paul wrote:
Fri Feb 14, 2020 6:07 am
If you think it should be removed from phpbb you should report it in the tracker, not here.
Well that was a waste of time - https://tracker.phpbb.com/browse/WEBSITE-1378
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25939
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: phpBB.com Website Feedback

Post by Paul »

Well, you reported it to the website tracker, and not to phpBB tracker. We will not disable it just on www, but if it can be reported to phpBB to be removed there ofcourse.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
AmigoJack
Registered User
Posts: 5697
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: phpBB.com Website Feedback

Post by AmigoJack »

That short worded refusal tells all people who rarily can fix it themselves to not help in any way. There is no thought about implementing a per-user setting of being tested against blacklists or not. Accounts like Lumpy should be trustworthy. This website uses phpBB - if the problem could be solved thru a new phpBB feature then why not automatically creating a ticket there, linking to this one?
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.

User avatar
Lumpy Burgertushie
Registered User
Posts: 67236
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: phpBB.com Website Feedback

Post by Lumpy Burgertushie »

ok, it happened again. It just got released again due to my ISP doing the spamhaus dance to get it delisted.

the silly thing is that the blacklisting is supposedly because of the IP being associated with email spam.

however, that IP is not associated with email in any way. It is not a hosting company, it is not being used for anything other than the IP my ISP gave me.

I don't seem to be able to get them to give me a different IP address.
what I would like to know is can phpbb.com whitelist a given IP address in the spamhaus settings.

IF so, I would like to request that be done for this IP address. I can post it here again if you need it.
this whole situation is apparently a false positive by spamhaus because even though they say it is spam email causing the problem, there is no email being sent or received from this IP address.

thanks,
robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?

User avatar
Scanialady
Registered User
Posts: 303
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: phpBB.com Website Feedback

Post by Scanialady »

Have you noticed this topic? viewtopic.php?f=6&t=2538521&start=15

Solidjeuh seems to have had a similiar problem (solved)
Webseite, Blog, Wiki Deutsche Übersetzungen - german language files
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.

User avatar
John connor
Registered User
Posts: 2462
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: phpBB.com Website Feedback

Post by John connor »

Thanks to whoever deleted my post. Thankfully my browser has an extension that backs up what I write so I'll just send him a PM instead.

Post Reply

Return to “phpBB Discussion”