How do I control the content?

[GeorgeT]

I tried this as suggested by "emanuele"

If you don't need them, you can disable the profile fields.
admin > configuration > core features
here enable "advanced profile fields", then go to:
admin > configuration > features and options > profile fields
and disable all the ICQ, MSN, AIM, etc.

THERE IS NO FUTURE CALLED PROFILE FIELDS.Under Features and Options, there is no option to disable ICQ, MSN, etc.

GeorgeT

[Kindred]

George,

I disagree with your contention on how registration should work.  However, that being said, you can get pretty close to that by using the advanced profile settings along with post-count based membergroup permissions

1- Turn on Advanced Profile Fields in Admin > Core Features
2- Turn on Post Moderation in Admin > Core Features
3- Save

4- In admin > features and options > profile fields, you can now set various fields to be active or not.

5- in admin > Members > Permissions > Settings - turn ON Enable permissions for post count based groups and Enable the option to deny permissions

6- in admin > Members > Permissions > General Permissions  - modify the permissions for "Newbie".
down, under "Default Board Profile Permissions",
set Post new topics, without requiring approval to DENY
set Post new topics, but hide until approved to ALLOW
set Post replies to topics, but hide until approved to ALLOW
set Post replies to topics, without requiring approval to DENY

under the member profiles section above that
set Allow Forum Profile edits to DENY
set Edit additional profile settings to DENY
set Edit signature to DENY
set Edit website and location to DENY
set Edit personal text to DENY

set Upload an avatar to the server and Choose a remotely stored avatar to whatever you want... allow, disallow or deny.

[GeorgeT]

Thanks, I was my fault that I did not find the Profile FIeld. I did not sleep all night and I can not think straight.
I fixed it now, and hope it will work.

I will also try your suggestions straight away. I need all the help I can get, since yesterday (my time)  I receive one fake computer generated registration every 5-10 minutes, most come from Poland, but as I discovered 30 minutes ago, China is also involved. I did not notice the Chinese because they use gMail addresses; however, the computer generated usernames start with canvas (canvasa@, canvasb@, canvasc@; canvasd@, etc)

Thanks everybody

GeorgeT

[Kindred]

also, get some anti-spam measures in place ASAP. it is better to stop them at the door than to try and clean up or evict them after they are in.

Add several Questions
install the bad behavior+httpBL mod (and register on project honeypot)
install one of the stop spammer or stop forum spam mods. (and register on stopforumspam.com)

[GeorgeT]

Thanks,

I do not have "Newbies" only Guests, Members, Admin and Moderators. I checked but I can not find a way to add it.
Anyway, most of your suggestions already exist for "Members"

I can not find the second section:

under the member profiles section above that
set Allow Forum Profile edits to DENY
set Edit additional profile settings to DENY
set Edit signature to DENY
set Edit website and location to DENY
set Edit personal text to DENY

If I could block all traffic from 188.143.232.10 it will be great as it will stop about 10 fake registrations per hour. Because the username changes every time it is difficult to stop the traffic.

Thanks again

GeorgeT

PS: Yes, your suggestions were very helpful.

[Kindred]

did you turn on post-count based groups permissions, as I indicated in step 5?

you do not want to make those permissions changes to the members group. That will affect everyone, regardless of posts.

[GeorgeT]

Yes, I did everything you suggested except the last part I couldn't find.

under the member profiles section above that
set Allow Forum Profile edits to DENY
set Edit additional profile settings to DENY
set Edit signature to DENY
set Edit website and location to DENY
set Edit personal text to DENY

I must mentioned that my website is a very serious site, is Non Profit, and deals exclusively with Orchids. The majority of my visitors (75%) are over the age of 55. They know little about computers and do not really participate in FORUMS.  I had 5 registered users the last 7 months. I added FORUMS for the site to be "complete" and to give the opportunity for members that just started to grow orchids to ask questions.

Unfortunately at the beginning, when I installed SMF, I was given the wrong advise and because of the wrong steps I took then I face all these problems today.
Off course, because nobody uses the FORUM, I was not prepared. I never bothered to check everything. It is only the last 10 days that I feel vulnerable from all these attacks.
The attacks continue and will probably continue for days unless I find a way to stop them.
Thanks again for your help.

GeorgeT

[Kindred]

ah ha... I was just reminded that those permissions which I directed you to are added by a mod
http://custom.simplemachines.org/mods/index.php?mod=3237

[Sir Osis of Liver]

You can block IPs with .htaccess in the forum root -

Code Select Expand



order allow,deny
deny from 188.143.232.10
allow from all



You can also block ranges of IPs, and IPs from specific countries.  There are many threads explaining how (search 'htaccess', or 'block IPs').

[GeorgeT]

I did the following:
ADMIN --> MEMBERS ---> BAN LIST ---> ADD NEW BAN.

Not knowing what "Ban Name" means I added one of the User names used.
Further down, I added the IP Address.
RESTRICTION: FULL BAN; EXPIRATION: NEVER
Un ticked all other boxes and clicked ADD.

Although I have no clue what Ban Name really means, It appears the "SPAM" stopped for a little while and the person responsible changed IP address.
I added the second IP address and did not receive any other messages.
However, I received lots of SPAM from China and Russia. I did the same, added eMail addresses and/or IP addresses. Now everything stopped.

Time will tell.
The whole exercise surprised me. The program is much better and can do much more than I thought it can do.
The section that deals with the registration and the Permission may need some attention to become more user friendly. It is always beneficial to have all options under the same roof.
I also noticed that the option to ban a person does exist in the messages the Administrator receives after a registration.
When the message:

xxxxx has just signed up as a new member of your forum. Click the link below to view their profile. (example)
http://xxxx.com/smf/index.php?action=profile;u=100
The window that presents the profile of the new Member also offers a few options, one is to Ban that person.
So, the options are all there.

I am prepared for new attacks from Russia activists tonight. It appears they are Animal protection activists protesting against the slaughtering of Wildlife in Australia.

Thanks everybody and I will definitely explore Krash's suggestions (hope is not your real name).

GeorgeT

[Kindred]

As I sai dbefore, Ban name is just that... it is the name that you assign to that ban trigger so that you can look through the list and log to know what it is.

[GeorgeT]

The attacks continues over night. Some may not know what that means and the pain to be on the receiving end, so I give you a few figures.

Last night (the last 12 hours) there were 2,024 individual attempts to register from Poland, 1708 from Russia and 201 from China. ALL FAILED.

However, there is a problem with the Program (it is possible that there is a solution).

Although the ban is a FULL BAN and therefore individuals can not register, and of course if they can not register there is no need for a notification,
in some cases messages the ADMIN receives notifications like the one bellow:

mamicle has just signed up as a new member of your forum. Click the link below to view their profile.
http://orchids-world.com/smf/index.php?action=profile;u=168

If you open the link to view the profile, you see this:

mamicle
Member

Online
Username: mamicle
Posts: 0 (N/A per day)
Email: [email protected]: +0/-0Age:N/A
Account is awaiting approval for deletion (approve)
Date Registered: Today at 06:12:39
IP: 217.164.206.7
Hostname: bba95511.alshamil.net.ae
Local Time:28-11-2012, 06:29:56
Last Active: Today at 06:14:29

You will notice he is called a MEMBER although he is not. He is shown as a MEMBER ONLINE although he is not.
His registration has been rejected but he is sort of "semi-registered".
I think that is not necessary:
He is BAnned and therefore he/she should not be able to register and the admin shouldn't receive any notifications about it.
That's my opinion and you can only understand what I am saying when you receive them the one after the other as I do.

In my opinion, The admin should be directly informed of the successful registrations. The unsuccessful can be found in the LOG books.
That's just my opinion, off course there could be an option somewhere that I have missed.

regards

GeorgeT

[Chalky]

You obviously haven't yet set up any of the anti-spam measures suggested to you.  Believe me your site is no different from anybody else's.  We would all have exactly the same problem you have if we didn't take the measures people have been telling you about.

>Set up verification questions.
>Install at least one of the anti-spam mods: Bad Behaviour, Stop Forum Spam etc.

Just do what has already been recommended and your problems will disappear, I promise!  If you have any problems setting the stuff up just holler and people will help you, but until you do set these things up your problem will only get worse I'm afraid.

[GeorgeT]

Thanks for your reply,
However, as I mentioned before, I did not download SMF directly but using a third party called "Softaculous" or something like that. Softaculous maintains SMF for me, when there is an upgrade I am informed and all I have to do is click "ACCEPT".

Sure, I can download a program, any program; however, I wouldn't know where to install it without breaking the chain Me - Softaculous - Service provider.
The SMF program is not stored in my computer, my site is linked to the program which is kept elsewhere.
Many hundreds of SMF users use Softaculous like I do and are in my position.

In addition to the above, I found the SMF defences work fine. The program itself is much better than I originally thought. The "Bans" work OK.
The only thing needed is to bring all these Membership related issues from Registration to Presentation to Permissions to Bans to Logs, in one place.

What is annoying is the number of messages I receive (Admin) related to failed registrations, failed registrations from banned individuals.
I am very grateful for all replies and I couldn't find everything without the help I received.

Perhaps, if these "Spam" software suggested are so vital to the survival of the spaces (SMF), the administrators of these site may like to include/incorporate the best one of them in the main program.

[Kindred]

George,

I think you have missed the point of mods.
Mods will not (or at least should not) affect your softalicous installation/communication.
Mods are add-ons that enhance your installation.

Go to the mod site.
get the bad behavior + httpBL mod. download it to your computer
go to your site log into the admin section and go to the package manager
select upload new package
select the location and file you just downloaded form the mod site
click upload, then click install.

then configure.

[GeorgeT]

OK.
The SMF folder contains: attachments, avatars, cache, packages, smileys, sources and themes.

If I understood you well, I upload the file into the packages folder and install it there on the spot.

Another silly question: It was suggested to add into the htaccess file something like this:

order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all

That is also very interesting but in which htaccess file it is added?
It must be inside SMF otherwise it will block people from visiting the website.
Inside SMF
attachments, cache, and packages have htaccess files
Which one is the right one? Perhaps I need to create a new one under SMF?

I will investigate in a minute the file you and others suggested.
I assume the content will be accessible from the SMF Admin section.

regards

GeorgeT

[mashby]

Which one is the right one? Perhaps I need to create a new one under SMF?

That is correct. Same place where the index.php file is (the root of your forum).

Regarding mods, I find it easier to download the mod file somewhere on my computer and then head straight to Package Manager and upload the file from my computer and install it from there. I think the other way works, it's just not as logical/straightforward as using Package Manager for everything. Kindred's directions do just that.

[Kindred]

actually, you'll need to revise that.

Code (.htaccess) Select Expand


order allow,deny
allow from all
deny from 123.45.6.7
deny from 12.34.5


if you do it the way you originally listed, it will deny, deny and then allow from all will bypass the deny statements.
The inclusive comes first the exclusions come last.


And no, you don;t need to upload the package manually...   the package manager deals with the uploading directly inside smf admin

[emanuele]

* emanuele wonders if it is wise to suggest using htaccess to a person that doesn't know anything about it and can block himself out of his own forum without warning...

The last IP in the "demo" htaccess is wrong.

[Sir Osis of Liver]

* emanuele wonders if it is wise to suggest using htaccess to a person that doesn't know anything about it and can block himself out of his own forum without warning...

That's how you learn new stuff.

A simple thing to try, if the forum only has a handful of legit members, is delete it entirely, reinstall it in a new subdirectory, link it to the existing database, change the website Forum link, and hope the spammers are too busy/dumb/lazy to find the new url.