It is admirable that some SMF developers they do work on solving security bugs, but the Fix never arrives at the timing that new security threads appear.
I have partial proofs that one mod module that I am using this is now manipulated due hacking attempt.
Every time which I post a message on my Forum, in less than two minutes time, specific hosting provider bot this visiting specific thread and message so to copy it.
I am unaware of which one mod (module) this is now partially hacked, or if SMF database it self this sends such invitations to a foreign IP its time that it size changes.
Therefore I am here to suggest this Mod request for a Firewall monitor for SMF code itself.
This will restrict any communications of installed mod with out the awareness of forum administrator.
Allowed communication: Newsletter and board notifications
Anything else will require Administrator approval.
All outbound communication of SMF forum engine, this will be now logged, so any Administrator to be able to evaluate quality and behavior of its new mod regarding security threads due foreign IP communication.
I am not aiming hiring a developer, I am offering free of charge my own inspiration so any one interested to use it in a productive way.
I am founder of ITTSB.eu Blog, if a software developer requiring detailed information's, I will answer any questions due nothing less than direct email communication.
There is no hack involved.
You mean you have a search engine visiting your site, like Google (that is what you describe)
Quote from: Kindred on March 19, 2019, 09:45:18 AM
There is no hack involved.
You better check
Info Center entire code, if this has security holes too.
The hackers will not ask your permission so to hack Open source software.
It's not a hack!!!!!! How it is a hack when it is working as designed and you can turn it off whenever you like.
There are no known security holes in SMF 2.0.15
additionally. as you have been told, what you describe IS NOT A HACK. It is behaving EXACTLY AS DESIGNED
I guess this site is hacked, if I go to the front page of the forum, scroll down and see all those latest posts! (That was sarcasm.)
Quote from: Kindred on March 19, 2019, 04:39:03 PM
There are no known security holes in SMF 2.0.15
additionally. as you have been told, what you describe IS NOT A HACK. It is behaving EXACTLY AS DESIGNED
According my book, anything BAD DESIGNED it must GET CORRECTED, so this to meet USERS EXPECTATIONS.
Therefore a Firewall monitor for SMF code itself, this is needed and if such a Mod come our Free or Low- Priced at 20E, it will become more popular than hamburgers.
Your book is wrong.
SMF isn't sending anything out - bots come visit and can see the topics on the front page!
I am a little surprised that you guys are still answering to Kiriakos GR 's topics after all the insult that he threw your way when you were trying to help him in his other topics.
Not to mention he is a complete and total ignorant, but acts like he knows everything with an arrogance and attitude that is laughable. You can not talk sense to a guy like that. It is like trying to get through a brick wall for crying out loud. Why bother?
This is not a hack. My website is hammered by Google the second a topic is generated. Forums are designed like maps, hence why bots find topics so easily
Quote from: Kiriakos GR on March 19, 2019, 08:34:16 AM
***things Kiriakos GR said***
(https://jojoknowseverything.files.wordpress.com/2014/04/badlywritten.jpg)
Quote from: Study Force on March 23, 2019, 10:43:06 PM
This is not a hack. My website is hammered by Google the second a topic is generated. Forums are designed like maps, hence why bots find topics so easily
I do not have a problem with Google, it does partially advertise my website due web search, when it does not receive advertising revenue from my competitors.
At that period of time, there is no search engine which will promote a single SMF forum if this does not pay the price.
They do collect info, but this is for their own statistics only.
Quote from: doug_ips on March 23, 2019, 05:55:32 PM
I am a little surprised that you guys are still answering to Kiriakos GR 's topics after all the insult that he threw your way when you were trying to help him in his other topics.
Not to mention he is a complete and total ignorant, but acts like he knows everything with an arrogance and attitude that is laughable. You can not talk sense to a guy like that. It is like trying to get through a brick wall for crying out loud. Why bother?
I told you that and before, get a dog and find love and respect as you may imagining it.
This is a topic regarding Internet security, you do fall sort, therefore leave and make space for the specialists.
It is interesting that you do not feel identically passionate finding the truth about security threads, what is the key topic in your forum ? How to Planting of coconuts ?
I am totally aware that specific request this requiring a truly qualifying software developer, him also be expert regarding IT networking.
I will return few months later to check for any progress, currently I am not receiving email notifications due a bug at my member profile, which no one cares to solve.
Tell you what. I'll build it for you - if you pay my consulting fees. I am a 16 year veteran of PHP, Zend certified, I'm also formerly a member of the SMF dev team, and if you took out a consulting contract with my firm you'd also be getting some input from sysadmins who manage very large websites (like those that cost literal thousands of dollars a month to run because they're not just a little site on a server somewhere, they require a small fleet of servers to cope with)
I'd get this done for you in 40 hours; which would be £3400 (around €4200) including VAT, with full warranty for two months. Naturally terms & conditions would apply but if you were interested I could get our accounts team to write you up the formal statement of work with our terms and conditions in it.
I'd still write a caveat in it that it won't solve your problem, but it would deliver what you asked for.
If you don't want bots visiting like you're getting, disable guest access - it's literally the only way.
I'm confused, why would anybody NOT want bots visiting their site? It's how they get indexed?
SMF has a built in RSS feed, which any and all users/bots/search engines can follow freely.
SMF also has a list of recent posts on the index, to make new content readily availble and accessible to users/bots/search engines.
Almost all social media sharing/liking addons (mods or otherwise) will also ping back to their publisher on first load of any url, for them to scrape the basics of the page and make sure they follow their respective TOSs.
Search engines and web scrapers are plenty, and some of those just hammer you at times, and immediately follow any new links they find. That is how they work.
In all that - nothing is actually inherently dangerous, or in any way harmful to your forum. Some specific bots do however scrape forums exactly for the purpose of stealing contents - and that is a problem with those bots, not SMF.
Quote from: njtweb on March 31, 2019, 10:01:23 AM
I'm confused, why would anybody NOT want bots visiting their site? It's how they get indexed?
You feel confused because, although Kiriakos GR believes his request makes sense, in fact it is nonsensical. He is fundamentally asking for public data to somehow not be public and yet still be public.
Quote from: njtweb on March 31, 2019, 10:01:23 AM
I'm confused, why would anybody NOT want bots visiting their site? It's how they get indexed?
Certain parties would like to keep their site a secret (I know a few), in which case they can just use htaccess to block anyone without an adequate username and password from accessing their site.
Quote from: GigaWatt on March 31, 2019, 05:46:49 PM
Certain parties would like to keep their site a secret (I know a few), in which case they can just use htaccess to block anyone without an adequate username and password from accessing their site.
Or more simply...
Quote from: Arantor on March 30, 2019, 04:03:11 PM
disable guest access
Quote from: Sesquipedalian on March 31, 2019, 03:44:07 PM
Quote from: njtweb on March 31, 2019, 10:01:23 AM
I'm confused, why would anybody NOT want bots visiting their site? It's how they get indexed?
You feel confused because, although Kiriakos GR believes his request makes sense, in fact it is nonsensical. He is fundamentally asking for public data to somehow not be public and yet still be public.
LOL, that was great!
(https://media3.giphy.com/media/tu54GM19sqJOw/giphy.gif?cid=790b76115ca34fc04238654d731c39c0)
:laugh:
Nothing Kiriakos GR has said so far makes any sense lol :D
He just doesn't want it hard enough, otherwise he could pay a professional services company to implement it.
Quote from: Arantor on April 02, 2019, 10:44:34 AM
He just doesn't want it hard enough, otherwise he could pay a professional services company to implement it.
I have a hunch that he needs it, but wants it for free.
Quote from: Sesquipedalian on March 31, 2019, 07:39:40 PM
Or more simply...
Quote from: Arantor on March 30, 2019, 04:03:11 PM
disable guest access
Most of the parties I mentioned in my previous post wouldn't like anyone to know that that site exists. Only people with the link and credentials can access the site. And they also don't like the site/sites showing up on search engines. That is why using htaccess in those cases is actually a better solution ;).
If you're going down that road, don't use a domain name and just make everyone use IP addresses.
Sounds more like an intranet kind of interest. I wonder, what is the point of running a website if you don't want anybody knowing about it?
Quote from: njtweb on April 08, 2019, 07:55:08 AM
Sounds more like an intranet kind of interest. I wonder, what is the point of running a website if you don't want anybody knowing about it?
This is a very good question. The only thing that comes to mind to me, is a website that is up to no good... .
Sounds like the sort of website that wants to be on the "dark web" but does not have anyone in charge of it who has any actual knowledge (and therefore does not belong on the dark web to begin with)
Nah, I don't think it's that creative, just someone who assumes that bots come to steal content without realising that the content is otherwise publicly visible because if it wasn't, bots wouldn't know about it or get it from the board index or RSS feeds.
Quote from: Arantor on April 08, 2019, 01:59:40 PM
Nah, I don't think it's that creative, just someone who assumes that bots come to steal content without realising that the content is otherwise publicly visible because if it wasn't, bots wouldn't know about it or get it from the board index or RSS feeds.
In other words a moron then :D
That is the only other possible explanation that makes sense.
See Hanlon's Razor.
Also note that this was initially pitched as an idea that can be used for free. Problem is, ideas are bountiful, finding the good ones is hard, making them real harder still.
Quote from: Arantor on April 08, 2019, 02:20:07 AM
If you're going down that road, don't use a domain name and just make everyone use IP addresses.
But... you can't do that on a shared hosting account.
In any case, that is an option if the site was hosted at home, but I don't think most of those sites are... or even if they are, maybe they've got other sites hosted on the same IP, so... once again, a problem.
Quote from: njtweb on April 08, 2019, 07:55:08 AM
Sounds more like an intranet kind of interest. I wonder, what is the point of running a website if you don't want anybody knowing about it?
Doing something you wouldn't want anyone, except a certain handpicked crowd, knowing about. There are certain types of info and/or data that is considered precious... not to mention that gaining that info or data involves certain activities that are, at the very least, frowned upon.
And yes... basically these are kind of like intratnet sites... except they're available worldwide and are accessible with the right credentials.
Quote from: doug_ips on April 08, 2019, 10:20:06 AM
This is a very good question. The only thing that comes to mind to me, is a website that is up to no good... .
I believe I answered that in the previous part of this post ;).
Quote from: Arantor on April 08, 2019, 01:59:40 PM
Nah, I don't think it's that creative, just someone who assumes that bots come to steal content without realising that the content is otherwise publicly visible because if it wasn't, bots wouldn't know about it or get it from the board index or RSS feeds.
Well, I could name a few things that, as far as I know of and as far as I've searched online, aren't available anywhere else on the web... but I'd rather I didn't, at least not in public.
And no, it's not about bots stealing content, it's about anyone without the address knowing about the site, including bots and search engines. And if somehow, someone found out about it, they'll need htaccess credentials to access the site. And if they somehow found them out, guess what, there's another loging screen after that... no signup, no background image, nothing, just a plain login screen saying "Username and Password".
in other words, it's a bunch of people who want to think they have something worth protecting but don't actually have any knowledge...
Seriously -- if you're hosting that sort of thing on a share server, then you're not doing it right to begin with... :P
but fine.... add an htpassword, protect the directory level from the server. The turn off the forum for guests.
done.
nothing else needed.
Still a complete waste, IMO.
Quote from: Kindred on April 08, 2019, 05:46:56 PM
in other words, it's a bunch of people who want to think they have something worth protecting but don't actually have any knowledge...
Ummm... depends how you look on things... and for the record, I wouldn't call the people running these sites "having no knowledge". Most of them are well established in certain circles... and as I said, I have no idea if they're doing this from their home, a paid server, a shared hosting account, cloud hosting, etc. It was just a guess, I haven't actually tried to find this info out.
Quote from: Kindred on April 08, 2019, 05:46:56 PM
Seriously -- if you're hosting that sort of thing on a share server, then you're not doing it right to begin with... :P
Well, maybe they just like to hide in the forest, who knows :).
As I said, I have no idea where they're hosted, and even if I did, I wouldn't share that here.
Quote from: Kindred on April 08, 2019, 05:46:56 PM
Still a complete waste, IMO.
Each with his own opinion ;).
Quote from: GigaWatt on April 08, 2019, 05:54:43 PM
Quote from: Kindred on April 08, 2019, 05:46:56 PM
in other words, it's a bunch of people who want to think they have something worth protecting but don't actually have any knowledge...
Ummm... depends how you look on things... and for the record, I wouldn't call the people running these sites "having no knowledge".
While that may be true in theory, based on the posts of the OP in this topic, and elsewhere in this forum for that matter, "having no knowledge" can be safely said and it is nicely put imo.
The last posts in this thread are completely unrelated to what the OP asked for. They're related to "why would anyone have a website and not want it indexed or accessible for everyone".
Quote from: GigaWatt on April 08, 2019, 06:06:20 PM
The last posts in this thread are completely unrelated to what the OP asked for. They're related to "why would anyone have a website and not want it indexed or accessible for everyone".
It is kind of related imho. The thing is that the last posts are a result of the OP 's strange/weird request.
One can imagine almost any scenario, and some human out there will have tried it. Either way, I don't see anything else constructive happening in this topic at this point.