PHP Session IDs "exploded" my database to 1 Gigabyte, exceeding hosters limits..

[Medizinmann99]

Hm I guess I was "quite" lucky, my hoster made a backup of the filespace at March 30, 2024. I restored the entire filespace and most attachments are here again.

I re-edited the .htaccess file to shut out the unwanted "guests" (search engine crawlers) again.

The attachments "since then" I can see in the database, I will manually add them again :-)

Is there a way to turn off the "attachment name encryption" in the forum so that I only get clear filenames like
picture1.jpg
instead of for example
1_6350c04bbbf57566a714fe8b468ede17a8e05ca0

?

Any recommended software to make a VALID backup of ALL forum files?

[Arantor]

Is there a way to turn it off? No. It was made mandatory in 2009 after a security hole was demonstrated to exploit it to the point of server takeover.

Any recommended software to make a valid backup? FileZilla with everything in 'binary' mode will do, as will any other tool that either doesn't assume or can be set to use binary transfer mode.

[Medizinmann99]

Any other files which could get corrupted by a filezilla set to "automatic" mode?

I guess it does the equivalent of what Godzilla does on automatic mode, Godzilla destroys cities, Filezilla destroys files, basically the name says it! It is easy to remember this way...

[Sesquipedalian]

CyberDuck

[Kindred]

Please learn to use CODE BBC tags

[Medizinmann99]

Please learn to use CODE BBC tags

Whom does this refer to?

I noted that my small avatar picture of my forum admin account disappeared, I downloaded it from the browser cache and manually uploaded it once again into my profile and now it shows again! But I wonder why it disappeared, does dumb Filezilla on automatic mode also destroy Avatar pictures? I ran Repair_settings.php and set it to all recommended values, this did not bring the avatar picture back, I had to manually reupload it.

The forum overall seems to work completely normal again and the bad search engine crawlers are obviously locked out.

I will make a complete backup on CD / DVD tomorrow. Then I will start the upgrade process etc..

[Kindred]

That comment was to you



I have had to modify your messages to make them more readable

[Arantor]

Any other files which could get corrupted by a filezilla set to "automatic" mode?

I guess it does the equivalent of what Godzilla does on automatic mode, Godzilla destroys cities, Filezilla destroys files, basically the name says it! It is easy to remember this way...

FileZilla's automatic mode is applied to anything without an extension and anything it thinks is text, like .txt files to convert between what Linux/Mac think is an end-of-line symbol and what Windows thinks is an end-of-line symbol.

As a rule, don't even let it guess and just force it to always use binary mode.

Personally I use WinSCP but that's also because I'm usually using SFTP servers rather than FTP or FTPS servers where the rules are a bit different for connecting.

does dumb Filezilla on automatic mode also destroy Avatar pictures?

Avatars are stored with attachments by default in 2.0 so yes.

[Medizinmann99]

I forgot to post my .htaccess file as this might be interesting for other users as well, seems like this locks out the bots effectively in my case, I just tried to copy&paste the most important bots which were mentioned by you into the list, here the content of my current .htaccess file regarding the blocking of bad bots:

Code Select Expand

RewriteCond %{HTTP_USER_AGENT} ^.*(Ahrefsbot|MauiBot|PetalBot|anthropic-ai|GPTbot|claudebot|baiduspider|Baiduspider/2.0|ahrefsbot/1.0).*$ [NC]
RewriteRule .* - [F,L]


[Arantor]

You need to put a backslash before the / in there as I said before.

[Medizinmann99]

English is not my mother tongue, backslash where exactly please? I made an error in the .htaccess file?

Thanks :-)

[Arantor]

Yes, you put a / in the file, you need to write \/ instead. You also need to add \ before the . inside the bracket because . has a special meaning that isn't just a dot.

[Medizinmann99]

Hm, like this?

RewriteCond %{HTTP_USER_AGENT} ^\.*(Ahrefsbot|MauiBot|PetalBot|anthropic-ai|GPTbot|claudebot|baiduspider|Baiduspider\/2.0|ahrefsbot\/1.0).*$ [NC]
RewriteRule .* - [F,L]

[Steve]

@Medizinmann99 - please remember this is a family-friendly forum and you have to keep from using coarse language. While yours was mild (otherwise I would have edited them), it's just better to get in the habit of not using them at all. 

CyberDuck

I'm not sure if that is needed or not (and it's not free). Like Arantor, I've been using WinScp as my ftp program for years and have had zero problems.

[Medizinmann99]

@Steve
Ok :-)

I just burned 3 high quality CDs with the database (database downloaded with MYSQLDUMPER and checked with Winrar for integrity as it is an SQL.GZ that is possible, so thats good) and added lots and lots of redundancy created by multipar / quickpar (verified burn). I also burned 3 high quality DVDs (verified burn) with all the forums basic files (redownloaded with Filezilla in binary mode, no transfer errors and I checked if pictures without extensions are still ok, everything ok), everything multipar RARed and redundancy for the multipars until the DVDs were full. Checked burn quality as well. Every copy process was done with teracopy and verified. Well, I guess this should last a few years now.

Phew! I was really lucky this time, this ridiculous chain of events almost destroyed my attachments, which are around 1.000 at the moment. 

The "guest invasion" seems to be over, despite the alleged errors in my .htaccess file.

Hm - now I can continue the upgrade process :-)

Can anyone point my to a guide how I should upgrade from 2.0.13 to perhaps even the latest version? If this is recommendable, I would be happy with a version which is known to be very stable and "finished". I mean finished for the moment, lol.

I will look into WinScp, thanks!

[Oldiesmann]

@Steve
Ok :-)

I just burned 3 high quality CDs with the database (database downloaded with MYSQLDUMPER and checked with Winrar for integrity as it is an SQL.GZ that is possible, so thats good) and added lots and lots of redundancy created by multipar / quickpar (verified burn). I also burned 3 high quality DVDs (verified burn) with all the forums basic files (redownloaded with Filezilla in binary mode, no transfer errors and I checked if pictures without extensions are still ok, everything ok), everything multipar RARed and redundancy for the multipars until the DVDs were full. Checked burn quality as well. Every copy process was done with teracopy and verified. Well, I guess this should last a few years now.

Phew! I was really lucky this time, this ridiculous chain of events almost destroyed my attachments, which are around 1.000 at the moment. 

The "guest invasion" seems to be over, despite the alleged errors in my .htaccess file.

Hm - now I can continue the upgrade process :-)

Can anyone point my to a guide how I should upgrade from 2.0.13 to perhaps even the latest version? If this is recommendable, I would be happy with a version which is known to be very stable and "finished". I mean finished for the moment, lol.

I will look into WinScp, thanks!

You can download the 2.1 upgrade package from the downloads page here, then extract the files and upload them to your server and navigate to upgrade.php. See https://wiki.simplemachines.org/smf/Upgrading for more information.

[Sesquipedalian]

CyberDuck

I'm not sure if that is needed or not (and it's not free).

Yes it is, if you download it from their website. The version they offer in app stores costs money, but there's no need to get it that way.

[Arantor]

It's quite naggy about payment though, and doesn't play nice with some servers I've seen.