Store Community Support Documentation
JohnJr

I don't blame the new ownership for this because it been this way since I started using this software and many have complained over the years.  Now it may because I am old but most stuff you buy comes off in the shut-off position when you purchase it so why doesn't phpfox.

I created a new install of phpfox on a very valuable domain to test out some bugs for phpfox and YouNetCo which I posted last week.  Now I always remember to go in a click off registration, and I also change it to invite only do get double protection.  But I must have forgotten to click the save (some setting you have to click save and other you don't, which doesn't help an old man like me) because I came back a week later...

AND NOW I HAVE OVER 50,000 WITH OVER 100,000 WORTH OF SPAM BLOGS!

Now, I know I can do a reinstall and delete the database...but what makes me furious is that now Google has index several thousand pages of CRAP under my valuable domain.

What should happen is the registration is turned off for the installation, and there should be a notification telling you that registration is turned off or maybe a pop up when you first log into admincp telling you it is off.

 

Does anyone else agree this should be turned off during installation?  Even on the second install to get rid of those crap users from the first install I had three new users before I could even get to the admincp to shut off registration.

 

If you don't think this is serious then how would you like this crap on a domain you have been holding for ten years.

 

Here are some google index blogs under my domain....thanks to the old phpfox owner's lack of understanding.

Make My Penis Hard In 40 Seconds - How To Perform Like A Porn

Painless penile Enhancement - the Actual The alternatives? » Social

Skin Care Routine for People With Psoriasis

Play Poker Using Your Rock Band Guitar » Social Networking

Основные общеобразовательные программы рф. » Social

The optimum Male Enhancement Method » Social Networking

5 you'll Want To Gambling Online » Social Networking Community

Organic Male Enhancement And Can A Penis Grow » Social

 Are You Considering Male Enhancement? You Better Get The Facts

Fat Loss 4 Idiots - 5 Ways to Assist Keep The Weight Off! » Socia

Why Do Most enlargement Products Fail - The Secrets Of How To

 

Last update on March 26, 7:14 pm by JohnJr.
cespiritual
#5

I must agree with John. I have this same experience in the past. After installing phpfox and even before I could turn off registration, there was already boot registrations.

So a solution could be making registration off by default. Show a block on admincp main page with a contrasting color saying that registration is off and add to it a "Turn On" button so we don't need to go to seetings searching for the setting.

After cliking that button make it show a pop up window alerting the administrator that before he turns on the registration he must first make sure that all anti spam mesures are enabled with links to those blogs Paul send.

We must never forget that the majority of people that are using phpfox are new ones that don't know yet how things work on phpfox.

Regards

Last update on April 3, 4:49 pm by cespiritual.
Hamada
#6

I had a slight issue with spam on my site that made me wonder how a spammer can use valid Facebook accounts to register on my site within hours of installing on a new domain. I never used phpfox in the past on any of my domains or the server. I think it may be the fact that "phpfox" is in the source code in a few places and that is not a good idea at all. First, this is sort of a whitelabel solution. If PHPFox is considered a popular target, then using ids like "js_block_border__apps_phpfox_shoutbox_block_chat" in the code is a bad idea, since spam bots will easily find it no matter if the domain is old or new. Of course if the bot had confirmed in the past that you are using phpfox, then you are an easier target. Your domain is in their cache!

Has anyone ever setup honeypot traps to understand how these bots are able to locate a new install so fast?

I agree with John here. A new installation is never ready to take on registrations from the public for a few minutes, hours, days or even months. So spam measures are no measures if they have not been setup yet.

What I would suggest for the time being for those installing and have had spam issues in the past, is use an htaccess rule to deny all traffic except from certain IPs. I do this with any new online business that is simply not ready for public release. Something along these lines... You can upload a page to the root called comingsoon.html and redirect all other traffic to it until you are ready.

With that said, I think any reference of phpfox should be removed asap from the source code and new registrations should be turned off by default.


RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^1.2.3.4
RewriteRule .* http://www.mysite.com/comingsoon.html [R=302,L]

 

Last update on April 3, 11:48 pm by Hamada.
Scheinwelt-Media
#7

set the database to 0 or 1 or true or false or on or off or whatever you use in the database to shut off registration after the initial install.

Hey JohnJr,

you can just change the setting before installing the script. go to

PF.Base/module/user/install/phpfox.xml.php (line 50)

<setting group="registration" module_id="user" is_hidden="0" type="boolean" var_name="allow_user_registration" phrase_var_name="setting_allow_user_registration" ordering="0" version_id="2.0.7">1</setting>

and change it to:

<setting group="registration" module_id="user" is_hidden="0" type="boolean" var_name="allow_user_registration" phrase_var_name="setting_allow_user_registration" ordering="0" version_id="2.0.7">0</setting>

 

 

Last update on April 4, 4:19 am by Scheinwelt-Media.
JohnJr
#8

Yeah, I knew there was a spot I just didn't look for it.  Like I mentioned before I usually immediately shut it off and set it to invite only, but I must have forgotten to save.  I am just looking out for not only for the new buyers who purchase this sometimes complicated software but for myself as well when I get even older than I currently am :)

 

I knew it was a simple 0 to 1 or in this case 1 to 0 :stuck_out_tongue_winking_eye:

#9

yea this has always been an issue for me ass well. Im to the point to where I just block all users until i approve them

JohnJr
#10

Ok...phpfox you just had a new update, and you can see almost all the people who post here agree with me.  Also, it takes only a minute to change the install variable from 1 to 0...so who is going to get this done?  Lets not drag this out until 4.8.

Paris
#11

I usually throw in captcha, extra questions and stuff so i have not experienced this kind of crazy spamming you described but it sounds frightening.

I would say lets not say who's right or wrong but instead lets all make future updates come pre invite mode with an ez access button to turn on site for the new users.

I like the idea @Johnjr .

JohnJr
#12

Paris, you are correct in adding captcha, extra question, and stuff :)

The change needs to be implemented so new users who may not know that within 10 minutes of using the software.  It should default in the off position in a new install...it is just common sense.  In my case, I did a quick fresh install to check bugs for phpfox and just happened to forget to save when I turned off registration.  But I should not even have to do that and if I can forget being with phpfox since 2011 how can we expect new users who never used the software or know the spam issues.

Paris
#13

@Johnjr yup you are right. The settings should be automatically NO REG. I just got hit with a few more spams even with the questions.

These bots are relentless and getting better and better as I add weird stuff to fight it off.

 

Does anyone know of a REAL solution to bots?

Invite only sounds like a good idea atm.

Paris
#14

Come to think. I am gonna loadup a spam site. Collect all the ips and block them at my main site.👍👍👍

Spaninet
#15

Come to think. I am gonna loadup a spam site. Collect all the ips and block them at my main site.👍👍👍

I have an idea, we could create a list of all spam ips/emails and share it among us. This way we can cover more of the existing spam bots.

Last update on April 23, 3:16 pm by Spaninet.
YouNetCo
#16

 

I have an idea, we could create a list of all spam ips/emails and share it among us. This way we can cover more of the existing spam bots.

Dear Spaninet,

That is a great idea, collect a list to share and use .htaccess file to prevent from spams.

Kind Regards,

YouNetCo

Paris
#17

@spaninet I'll gather up all of mine. If anyone else has a list of theirs, we can combine.

I'll post in a few weeks.

Last update on April 24, 3:09 am by Paris.
Mohammed Alex
#18

I agree with all posts from customers, besides the spam assistance section is an enigma to decypher ...we need to dissociate spam check feature from spam types: wether its in a message, contact form, post, reply to a post and so on ....all this spam check protocle is a bag of knots which i can barely understand after over 5 months playing with phpfox.

ISimplicity and clarity go a ong way. 

#19

They mentioned that they going to remove referrences to phpfox in the coding.  Its years past and still the same problem exits.  Even the folder names has refeffrence to phpfox.  They sell the script as whitelabel still put their name everywhere in the code.