Store Community Support Documentation
JohnJr

I don't blame the new ownership for this because it been this way since I started using this software and many have complained over the years.  Now it may because I am old but most stuff you buy comes off in the shut-off position when you purchase it so why doesn't phpfox.

I created a new install of phpfox on a very valuable domain to test out some bugs for phpfox and YouNetCo which I posted last week.  Now I always remember to go in a click off registration, and I also change it to invite only do get double protection.  But I must have forgotten to click the save (some setting you have to click save and other you don't, which doesn't help an old man like me) because I came back a week later...

AND NOW I HAVE OVER 50,000 WITH OVER 100,000 WORTH OF SPAM BLOGS!

Now, I know I can do a reinstall and delete the database...but what makes me furious is that now Google has index several thousand pages of CRAP under my valuable domain.

What should happen is the registration is turned off for the installation, and there should be a notification telling you that registration is turned off or maybe a pop up when you first log into admincp telling you it is off.

 

Does anyone else agree this should be turned off during installation?  Even on the second install to get rid of those crap users from the first install I had three new users before I could even get to the admincp to shut off registration.

 

If you don't think this is serious then how would you like this crap on a domain you have been holding for ten years.

 

Here are some google index blogs under my domain....thanks to the old phpfox owner's lack of understanding.

Make My Penis Hard In 40 Seconds - How To Perform Like A Porn

Painless penile Enhancement - the Actual The alternatives? » Social

Skin Care Routine for People With Psoriasis

Play Poker Using Your Rock Band Guitar » Social Networking

Основные общеобразовательные программы рф. » Social

The optimum Male Enhancement Method » Social Networking

5 you'll Want To Gambling Online » Social Networking Community

Organic Male Enhancement And Can A Penis Grow » Social

 Are You Considering Male Enhancement? You Better Get The Facts

Fat Loss 4 Idiots - 5 Ways to Assist Keep The Weight Off! » Socia

Why Do Most enlargement Products Fail - The Secrets Of How To

 

Last update on March 26, 7:14 pm by JohnJr.
Paul Kellow
#1

Hi JohnJr,

We totally understand your frustration with spam. Most of popular platforms have problem with spamming. Therefore, we already support many solutions in our Script for spam protection. You may like to take a look at our blogs:

https://www.phpfox.com/blog/2019/how-to-prevent-phpfox-community-from-spam/

https://www.phpfox.com/blog/2019/how-to-stop-spamming-on-your-phpfox-community-part-2/

 

JohnJr
#2

Paul, I know you are a very smart guy, but you're not getting it.  You're talking about a 10-second fix to set the database to 0 or 1 or true or false or on or off or whatever you use in the database to shut off registration after the initial install.  No one is ready for users to register for their site 2 seconds after they installed it...let be real here.  I have the website that it has been several years, and I still can't get all the issues out before showing it to the public.  Now if you're worried about the questions about why can't people register for my site then put a notification in the admincp saying registration is currently off. 

I have complained about this several times over the years, and I don't understand why something so simple is so hard to understand.  Now with google indexing so fast and you can't get rid off these indexed pages for months or even years.  You have to help us here...spammers can find our sites in minutes of their creation....keep the registration off until we are ready to turn it on.  Is that too much to ask?

Paul Kellow
#3

Thanks for sharing us your thought. Let's wait to see more feedback from others about your suggestion.

#4

The real issue is here: https://community.phpfox.com/forum/thread/57652/the-pf-base-name-make-it-too-easy-to-locate-for-attacks-and-id-as-phpfox-si/

The old phpfox had the same issue because the phpfox file structure is very specific easily identiable and makes for easy targets via the search engines. The problem was resolved by using generic un-identifiable file name structures.

The new phpfox obviously did not learn from any of the lessons of the old phpfox and thus kept repeating the issues over and over. 

Toward the end of the old phpfox, they actually got everything just right. Used generic file structures, also when staff members logged in they also only saw generic menu staff options that doesn't allow them to see who the developers of the apps are which only the site admin can see.

Obviously the new phpfox didn't pickup up onthat, even tho it's been pointed out time and time again.  I find it interesting, that with every new phpfox updates increases the odds of site admins or businesses closing their sites. Now compare that with the  old phpfox that grow their sites. Why is that?  There are some valuable lessons to be learned there.

Last update on April 4, 2:00 am by prepperz.
cespiritual
#5

I must agree with John. I have this same experience in the past. After installing phpfox and even before I could turn off registration, there was already boot registrations.

So a solution could be making registration off by default. Show a block on admincp main page with a contrasting color saying that registration is off and add to it a "Turn On" button so we don't need to go to seetings searching for the setting.

After cliking that button make it show a pop up window alerting the administrator that before he turns on the registration he must first make sure that all anti spam mesures are enabled with links to those blogs Paul send.

We must never forget that the majority of people that are using phpfox are new ones that don't know yet how things work on phpfox.

Regards

Last update on April 3, 4:49 pm by cespiritual.
Hamada
#6

I had a slight issue with spam on my site that made me wonder how a spammer can use valid Facebook accounts to register on my site within hours of installing on a new domain. I never used phpfox in the past on any of my domains or the server. I think it may be the fact that "phpfox" is in the source code in a few places and that is not a good idea at all. First, this is sort of a whitelabel solution. If PHPFox is considered a popular target, then using ids like "js_block_border__apps_phpfox_shoutbox_block_chat" in the code is a bad idea, since spam bots will easily find it no matter if the domain is old or new. Of course if the bot had confirmed in the past that you are using phpfox, then you are an easier target. Your domain is in their cache!

Has anyone ever setup honeypot traps to understand how these bots are able to locate a new install so fast?

I agree with John here. A new installation is never ready to take on registrations from the public for a few minutes, hours, days or even months. So spam measures are no measures if they have not been setup yet.

What I would suggest for the time being for those installing and have had spam issues in the past, is use an htaccess rule to deny all traffic except from certain IPs. I do this with any new online business that is simply not ready for public release. Something along these lines... You can upload a page to the root called comingsoon.html and redirect all other traffic to it until you are ready.

With that said, I think any reference of phpfox should be removed asap from the source code and new registrations should be turned off by default.


RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^1.2.3.4
RewriteRule .* http://www.mysite.com/comingsoon.html [R=302,L]

 

Last update on April 3, 11:48 pm by Hamada.
Scheinwelt-Media
#7

set the database to 0 or 1 or true or false or on or off or whatever you use in the database to shut off registration after the initial install.

Hey JohnJr,

you can just change the setting before installing the script. go to

PF.Base/module/user/install/phpfox.xml.php (line 50)

<setting group="registration" module_id="user" is_hidden="0" type="boolean" var_name="allow_user_registration" phrase_var_name="setting_allow_user_registration" ordering="0" version_id="2.0.7">1</setting>

and change it to:

<setting group="registration" module_id="user" is_hidden="0" type="boolean" var_name="allow_user_registration" phrase_var_name="setting_allow_user_registration" ordering="0" version_id="2.0.7">0</setting>

 

 

Last update on April 4, 4:19 am by Scheinwelt-Media.
JohnJr
#8

Yeah, I knew there was a spot I just didn't look for it.  Like I mentioned before I usually immediately shut it off and set it to invite only, but I must have forgotten to save.  I am just looking out for not only for the new buyers who purchase this sometimes complicated software but for myself as well when I get even older than I currently am :)

 

I knew it was a simple 0 to 1 or in this case 1 to 0 :stuck_out_tongue_winking_eye:

#9

yea this has always been an issue for me ass well. Im to the point to where I just block all users until i approve them