I come Informatica - I como Informática - I for Information Technology

PORTALE PORTAL PORTAL	FORUM FORO FORUM	Informatica Informática Information Technology	Stefano Pederzani Consulente informatico	ARTE	Homepages	Curricula Curricula Resumes	Pubblicità Publicidad Advertisement

INFORMATICA - INFORMÁTICA - INFORMATION TECHNOLOGY

INFORMATICA - INFORMÁTICA - INFORMATION TECHNOLOGY
April 9, 2013 - PHPBB BUGS AND PATCHES by Stefano Pederzani That strange sensation of something going wrong. The untouchable feel of bug shimmering in the air around you... And the confirm! PhpBB failed! I have just seen it! Version: 3.0.7-PL1-5 (Debian) When you administer a forum, like in PhpBB, you often ban an IP address. Yes, you must first consider that many people around the world have dynamic addresses, but when the same kind of spam comes from the same IP you just ban that IP. I use to keep a text file where I write down the IP ascending. I separate the networks with a horizontal line of dashes, and I specify the IP range taken from the whois, well provided near the IP by the PhpBB user administration in ACP. I take note of the IPs, and then I delete the user. The second time an IP spams, I ban the IP. In order to punish the spammer, I go through the MySQL database searching for other users from the same IP, subscribed before I did the IP ban, to delete them. When you search for users in ACP, a pop-up windows appears, with a form on top to fill in, and one of the fields is the IP. This method works with asterisks in place of numbers when you are specifying a subnet. For example the subnet 46.118.158.0, written in technical correct form, in the whois is referred to as "46.118.158.0 - 46.118.158.255", not in the classic 46.118.158.0/24 way. This is for newbies, maybe, but is a very simple and immediate representation. In the pop-up form, instead, you have to write it as 46.118.158.* I do not suggest to ban subnets, because it is not justice for the other users of that net. Sometimes it seems a pirate bay, where all are spammers, but you are cutting out potential clients that nothing of it deserve. Specified this, you can just try out to enter a single IP and see which users are registered from it... And strange results you will obtain! Doing this work everyday, happens to remember at-the-fly some IPs, and I realized that something was going wrong. It is very disappointing, when some of the result users have just a different IP! So I connected to MySQL database from command line, I choosed the DB "phpbb" and then queried to the table "phpbb_users". I immediately realized that all my checks done until that moment were nothing useful. My DB was FULL of users subscribed from IP I then banned! Horrible. So I wrote a script. Below you can read the SQL statement inside a shell-script if you want to estract it. In the same days, I was trying to unban some subnets, for the reason explained above. And again the ACP fails to unban anything! I am pretty sure the first times I did it, it worked. But since a day and on, I noticed that almost every IP, with asterisks or not, appears doubled in the list. Lately I was not able to unban anyone from the ban list. Damn. I wrote a second statement to do it from mysql command line interface (CLI). My lazyness told me to implement it in the same shell-script, and I create a little menu. Again you can extract the statement or copy the entire script if you like it, but I signal the must to be SQL skilled to do what I did, a skill you should not be requested to, to administer PhpBB. The script askes you for the MySQL root password (it is not suggested to store it on the server, anywhere). But in this was you must enter it ONCE, while the script access the DB every time. ############################ MAIN ######################################### echo "Insert password for root:" read ROOTPWD while true ; do echo "1 - Select an IP range from users" echo "2 - Unban an IP from banlist" read CHOICE case ${CHOICE} in 1) echo "Enter an IP range to select:" read IPRANGE #mysql -u root -p phpbb3 <<EOS mysql -u root --password=${ROOTPWD} phpbb3 <<EOS select username, user_ip from phpbb_users where user_ip like '${IPRANGE}%' order by user_ip ; select count() from phpbb_users where user_ip like '${IPRANGE}%' ; EOS ;; 2) echo "Enter an IP to UNban:" read IPRANGE #mysql -u root -p phpbb3 <<EOS mysql -u root --password=${ROOTPWD} phpbb3 <<EOS delete from phpbb_banlist where ban_ip='${IPRANGE}'; EOS ;; ) echo "------------------------------------>Enter 1 or 2" ;; esac echo "Ctrl-C to exit" done When you select "1 - Select an IP range from users", you will enter an IP range or an IP and you will obtain a list of username. You must delete them from the ACP because the related tables must be managed by PhpBB. Copy and paste the names from your terminal windows to the user management. Check everytime that the IP corresponds, and check the other characteristics (sometimes they own messages). When finished, repeat the query in the script by retyping 1 (one) and verify no users remain. When you select "2 - Unban an IP from banlist" the IP or IP range with asterisks will be deleted directly - no messaged will be displayed. If you failed the choice, just re-ban it using the ACP, and go on. I will take track of eventual bugs coming out more. And make a patch. But now... Enjoy! Forum topic IT INDEX SITE INDEX

April 9, 2013 - PHPBB BUGS AND PATCHES by Stefano Pederzani

That strange sensation of something going wrong. The untouchable feel of bug shimmering in the air around you...
And the confirm! PhpBB failed! I have just seen it!
Version: 3.0.7-PL1-5 (Debian)
When you administer a forum, like in PhpBB, you often ban an IP address. Yes, you must first consider that many people around the world have dynamic addresses, but when the same kind of spam comes from the same IP you just ban that IP. I use to keep a text file where I write down the IP ascending. I separate the networks with a horizontal line of dashes, and I specify the IP range taken from the whois, well provided near the IP by the PhpBB user administration in ACP. I take note of the IPs, and then I delete the user. The second time an IP spams, I ban the IP.
In order to punish the spammer, I go through the MySQL database searching for other users from the same IP, subscribed before I did the IP ban, to delete them.
When you search for users in ACP, a pop-up windows appears, with a form on top to fill in, and one of the fields is the IP. This method works with asterisks in place of numbers when you are specifying a subnet.
For example the subnet 46.118.158.0, written in technical correct form, in the whois is referred to as "46.118.158.0 - 46.118.158.255", not in the classic 46.118.158.0/24 way. This is for newbies, maybe, but is a very simple and immediate representation.
In the pop-up form, instead, you have to write it as 46.118.158.*
I do not suggest to ban subnets, because it is not justice for the other users of that net. Sometimes it seems a pirate bay, where all are spammers, but you are cutting out potential clients that nothing of it deserve.
Specified this, you can just try out to enter a single IP and see which users are registered from it... And strange results you will obtain!
Doing this work everyday, happens to remember at-the-fly some IPs, and I realized that something was going wrong. It is very disappointing, when some of the result users have just a different IP!
So I connected to MySQL database from command line, I choosed the DB "phpbb" and then queried to the table "phpbb_users". I immediately realized that all my checks done until that moment were nothing useful. My DB was FULL of users subscribed from IP I then banned! Horrible.
So I wrote a script. Below you can read the SQL statement inside a shell-script if you want to estract it.
In the same days, I was trying to unban some subnets, for the reason explained above. And again the ACP fails to unban anything! I am pretty sure the first times I did it, it worked. But since a day and on, I noticed that almost every IP, with asterisks or not, appears doubled in the list. Lately I was not able to unban anyone from the ban list. Damn.
I wrote a second statement to do it from mysql command line interface (CLI). My lazyness told me to implement it in the same shell-script, and I create a little menu. Again you can extract the statement or copy the entire script if you like it, but I signal the must to be SQL skilled to do what I did, a skill you should not be requested to, to administer PhpBB.
The script askes you for the MySQL root password (it is not suggested to store it on the server, anywhere). But in this was you must enter it ONCE, while the script access the DB every time.

############################ MAIN #########################################
echo "Insert password for root:"
read ROOTPWD

while true ; do
        echo "1 - Select an IP range from users"
        echo "2 - Unban an IP from banlist"
        read CHOICE

        case ${CHOICE} in

        1)
        echo "Enter an IP range to select:"
        read IPRANGE

        #mysql -u root -p phpbb3 <<EOS
        mysql -u root --password=${ROOTPWD} phpbb3 <<EOS

        select username, user_ip
        from phpbb_users
        where user_ip like '${IPRANGE}%'
        order by user_ip
        ;
        select count(*)
        from phpbb_users
        where user_ip like '${IPRANGE}%'
        ;
EOS
        ;;

        2)
        echo "Enter an IP to UNban:"
        read IPRANGE

        #mysql -u root -p phpbb3 <<EOS
        mysql -u root --password=${ROOTPWD} phpbb3 <<EOS


        delete from phpbb_banlist where ban_ip='${IPRANGE}';
EOS
        ;;

        *)
        echo "------------------------------------>Enter 1 or 2"
        ;;
        esac

        echo "Ctrl-C to exit"

done

When you select "1 - Select an IP range from users", you will enter an IP range or an IP and you will obtain a list of username. You must delete them from the ACP because the related tables must be managed by PhpBB. Copy and paste the names from your terminal windows to the user management. Check everytime that the IP corresponds, and check the other characteristics (sometimes they own messages). When finished, repeat the query in the script by retyping 1 (one) and verify no users remain.

When you select "2 - Unban an IP from banlist" the IP or IP range with asterisks will be deleted directly - no messaged will be displayed.
If you failed the choice, just re-ban it using the ACP, and go on.

I will take track of eventual bugs coming out more. And make a patch. But now...
Enjoy!

Forum topic

IT INDEX
SITE INDEX

CV di Stefano Pederzani

I come Informatica - I como Informática - I for Information Technology

Vai al PORTALE - Ir a el PORTAL - Go to PORTAL	Stefano Pederzani Consulenze informatiche Bologna	Automatic barriers and access control Barriere stradali e controllo accessi	MMS IMPIANTI Cablaggio strutturato - telefonia Elettricità - climatizzazione

DISCLAIMER

Tutte le immagini del sito sono di proprietà di Stefano Pederzani o dei rispettivi proprietari quando specificato.
Ogni persona si assume la responsabilità di ciò che afferma.
Per qualsiasi problema contattare:
[email protected]
Ogni articolo o immagine che rechi offesa a qualcuno verrà rimosso.

Todas las imagenes del sitio pertenecen a Stefano Pederzani u a los respectivos propietarios cuando especificado.
Toda persona asume la responsabilidad de lo que afirma.
Por cualquier problema ponerse en contacto con:
[email protected]
Cada articulo u imagen que ofenda alguien será quitado.

Every images on this site are property of Stefano Pederzani or property of specified owners.
Each person takes responsibility of what he or she claims.
For any problems please contact:
[email protected]
Every article or image offending somebody will be removed.