Advertisement:

Author Topic: Looking for 10 people to use a MOD on their site for a 6 months  (Read 13887 times)

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Looking for 10 people to use a MOD on their site for a 6 months
« on: October 04, 2017, 04:32:33 PM »
Aloha,

We have just finished BotBanish 2.0 and want a few select people to use the SMF version on their site (free of charge of course). We want to get feedback on what you see that it actually does for your site.

If interested post your request here and also the results of using it.

Mahalo!
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself

Online vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 19,344
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #1 on: October 04, 2017, 04:34:37 PM »
Can't see the details on since you submitted to mod site/not approved. Also your site link in your sig isn't complete
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline @rjen

  • Jr. Member
  • **
  • Posts: 171
  • Gender: Male
    • FJR-club Nederland
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #2 on: October 04, 2017, 04:35:11 PM »
Perhaps You can explain what the mod is supposed to do? It is not approved yet so your link is not functioning...
Running SMF 2.0 with Tinyportal 1.3R at www.fjr-club.nl
Testing SMF 2.1 beta 3 with Tinyportal 2.0 at http://test2.fjr-club.nl/

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #3 on: October 04, 2017, 04:41:33 PM »
ah Ok, BotBanish will monitor your site for bot / spiders / bad users and automatically banish them without user intervention. BotBanish learns the behavior of these things to help stop spamming, fake accounts and brute force login attempts. It will get rid of these bots and stop the resources that they use from being wasted.
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself

Offline efk

  • Semi-Newbie
  • *
  • Posts: 91
  • Gender: Male
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #4 on: October 04, 2017, 05:32:56 PM »
Interesting :)

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #5 on: October 05, 2017, 01:54:12 AM »
More information on the BotBanish MOD:

What is BotBanishClient:


   BotBanishClient will monitor and lockout  the BOTs / Spiders /Users that are possibly attempting to do harm to the system by performing brute force attacks in an attempt to create an account on the system or attempting to find vulnerabilities on your system.
   
How BotBanish Works:

   BotBanishClient will check each user for certain URL phrases that used to find a way to thwart the system in order to create an account
   so that they or it can SPAM the system. If BotBanishClient detects that a "user" is guilty of searching for vulnerabilities,
   BotBanishClient will modify the .htaccess file with a "deny from" entry so that the "user" cannot attack the system from that IP Address again.
   Because some IP Addresses are dynamic; this dynamic approach which can lead to legitimate users being blocked from the system,
   so it is wise to make known a way of contacting your administrator to unblock an IP Address if a bad BOT/USER changes their IP address
   and a legitimate users gets the blocked IP Address. In this case the administrator of the hosted site will need to remove the IP address
   from the .htaccess file and it should also be deleted from the BotBanishClient database table (BotBanishClient_ip). To keep an IP Address
   from being blocked in the future the IP should be added to the BotBanishClient_ip_dnb table.  Unique URL parts can be added to the
   BotBanishClient database table (BotBanishClient_url) to allow for brute force attack checking in other areas where you want BotBanishClient to guard against intrusion.
   
Uses:

   BotBanishClient will automatically log and terminate BOTs that are determined fake users.
   BotBanishClient will track them until BotBanishClient determines that they should not have access to your system.
   The termination process makes it easier for SMF; so that SMF will not have to use up resources to monitor frequent BOT attacks.


Installation Instructions:

   Installs via the Package Manager that is included with the SMF software.
   

More information on this MOD can be found at https://randemsystems.com/support/
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,035
    • Arantor on GitHub
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #6 on: October 05, 2017, 03:34:11 AM »
I can tell you now, if the version you have on your website is the version you've submitted to the team for approval, it will not be approved. There are too many issues compared to SMF's coding standards - and while they're probably OK (I don't have time to sit and review in depth), the failure to use $smcFunc is fairly big. It also guarantees your mod won't work on PostgreSQL, something that a lot of time and energy has been put into for 2.1.

Also, a large amount of the changes you made don't need to be made in files at all; most of them can be carried out by hooks including loading files.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline efk

  • Semi-Newbie
  • *
  • Posts: 91
  • Gender: Male
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #7 on: October 05, 2017, 03:37:18 AM »
So your system is based on IP addresses. I think how that can be bad and you already mentioned the reason related with dynamic IPs. Also I noticed how can pass more than a year before regular member gets the same IP as banned member and he can easily become a target as result of coincidence.
This is offtopic, but my suggestion is to place target on unique pc keys as well (and that must not be bios) and to collect information from users like that - if this is allowed to be done. Creating something like that will have real power and will be a problem for 99% of problematic users/bots.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,035
    • Arantor on GitHub
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #8 on: October 05, 2017, 03:42:06 AM »
I'm also curious about something: if it's set to deny them at webserver level, how can you possibly determine that they're staying gone? If the htaccess says deny to the IP address, it's blocked even before it gets to PHP - and if you're using your own honeypot to determine that this is now a safe thing, there's a disparity between directly observable information on the site and whatever ends up hitting your honeypot.

Quote
This is offtopic, but my suggestion is to place target on unique pc keys as well (and that must not be bios) and to collect information from users like that - if this is allowed to be done.

It's technically difficult to do reliably and runs into all kinds of data protection laws. See all the EU Cookie Law stuff, that's exactly the same situation to deal with.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #9 on: October 05, 2017, 04:07:20 AM »
Quote
Also, a large amount of the changes you made don't need to be made in files at all; most of them can be carried out by hooks including loading files.

If one just wants to knock something... that is fine too but be truthful. You call 7 changes a large amount??? 6 of the modifications are additions to the code and only 1 an actual code change...

Quote
I can tell you now, if the version you have on your website is the version you've submitted to the team for approval, it will not be approved. There are too many issues compared to SMF's coding standards - and while they're probably OK (I don't have time to sit and review in depth), the failure to use $smcFunc is fairly big.

Many other approved MODs adhere to the very same methods that I have used. So if it is not approved for some other reason, Oh well...

BTW: I just asked for people to use it and give feedback not to bash it without ever using it. That is so easy to do about everything because the bashing requires no proof of anything. It would be different if points were made after using it.

Quote
I'm also curious about something: if it's set to deny them at webserver level, how can you possibly determine that they're staying gone? If the htaccess says deny to the IP address, it's blocked even before it gets to PHP - and if you're using your own honeypot to determine that this is now a safe thing, there's a disparity between directly observable information on the site and whatever ends up hitting your honeypot.

That is what the MOD is all about. Why would I give away the trade secrets... Not for accolades...

Quote
So your system is based on IP addresses. I think how that can be bad and you already mentioned the reason related with dynamic IPs. Also I noticed how can pass more than a year before regular member gets the same IP as banned member and he can easily become a target as result of coincidence.

Not true at all. How can you make assumptions without even the slightest proof?
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,035
    • Arantor on GitHub
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #10 on: October 05, 2017, 04:17:48 AM »
I call any change to files a support issue waiting to happen. Because I've been a mod author and know that mods have a habit of breaking because you can't predict all the other things people have.

Legacy mods for 1.1 don't use $smcFunc because they predate its introduction. But there is no reason not to use it in a 2.0 mod and last I checked it would be reason enough to prevent it being approved. As would the lack of using hooks.

You asked people to use it. I won't install anything on a site of mine without vetting its code first. Doubly so for anything security related.

It's not a "trade secret", it's a question of simple enough logic: if the bot can't get in, there's no way to know it's actually gone away because nothing that gets to your script would tell it that the bot is still there.

As for the other point, it's a support issue roughly once a week around here that people ban spammers and then other people are locked out. I'd say that's enough proof for it to be a valid question.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #11 on: October 05, 2017, 04:33:00 AM »
Ok, but you have not seen all the code so you may not have any idea of how it works and frankly that is the whole point. How can the assumption you stated be made without seeing ALL the code?

All the reasons you stated for legacy MODs and SMF are fine but it still does not answer the question how other approved MODs that don't use $smcFunc are approved... Yes, I used the MODs downloaded from the SMF MOD site and the $smcFunc code is clearly not there. I understand your reasoning but the proof states different. I tend to like to rely on proof not speculation and fear.

And yes, there are 3 whole database calls in the code. Not a monumental task to change. But the whole idea of this was not to be SMF dependent for there are other system that it can be used on.

If you are attempting to help, fine and appreciated; but simply bashing I disapprove. For as far as your question about bots not being able to be recognized (gone away), it seems like you are saying that if you don't know how it can be done then I cannot possibly know? That there states that you do not know how my script works for you only have half of it and are guessing about the rest...
« Last Edit: October 05, 2017, 04:50:11 AM by Randem »
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,035
    • Arantor on GitHub
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #12 on: October 05, 2017, 04:49:12 AM »
I can't see all the code. I only looked, briefly, at the part that would be running on my servers. And if the plan is to compare between what you see at your honey pot versus what hits my site, that approach doesn't work as well as would be hoped just on the basis that not every bot follows every honey pot site and there's no guarantee the IP would be the same.

There should be no recently approved mods that don't use $smcFunc. If you find some, I'd love to hear about it so they can be fixed. Certainly when I was part of the mod review team in 2009 it was a requirement that mods had to use it and I'm not aware that it's changed since.

I'm not setting out to bash. I'm trying to prevent you having to deal with support issues down the line. As for your approach, it's not a new one and from a glance it looks to have a few questions about effectiveness.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #13 on: October 05, 2017, 05:03:46 AM »
Even if you looked hard, all the code is not available to you... It seems you have no faith in someone else's abilities... That is OK too. But to decide that someone does not know what they are doing because you may not have seen it done before is not flattering.

As far as the MODs that are on the MOD site that do not share the thoughts of the $smcFunc coding style. I will not rat them out just because my MOD may not get approved for doing exactly the same thing... Sorry, Since they got their MOD through GREAT!!! Not being approved does not mean that it does not work properly, it just means that I am not part of a club. Not a problem.

Quote
As for your approach, it's not a new one and from a glance it looks to have a few questions about effectiveness.

This was the whole point of this exercise of getting 10 people to use it. I already know it works for it has been protecting our sites and a few clients sites for over a year. I wanted to get an outside opinion about it's working not it's theory, but that requires someone to actually be using it. I can tear holes in planes being able to fly, if I haven't seen one, but once I have seen one fly; my doubts are no longer valid no matter what I want to think...
« Last Edit: October 05, 2017, 05:22:45 AM by Randem »
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #14 on: October 05, 2017, 07:17:31 AM »
There is also one major factor about the usage of the $smcFunc function in this MOD. Since this MOD does not operate on SMF tables and it's data tables can be in a totally different database, therefore the forcing the use of the $smcFunc coding method is terribly moot.
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself

Offline Suki

  • Customizer
  • SMF Super Hero
  • *
  • Posts: 15,084
  • Kaizoku Jotei
    • MissAllSunday on GitHub
    • SMF mods
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #15 on: October 05, 2017, 02:30:46 PM »
$smcFunc usage goes beyond using it specifically for SMF tables or its database. Its usage prevents slq injections, thats reason enough to use it even if you aren't targeting an SMF DB.

As someone who also crashed a lot with Arantor for similar reaons way back then, I'm telling you, he is right and its not about bashing or taking a patronizing aproach towards your code. Its about using best, long proved practices that will really, really help you later.

- Less file edits means less support.
- Using $smcFunc means increasing security over rolling your own sql connections.
- Using MVC means more modular, structured code which directly translates into less issues for your users when upgrading and you having more control over your code.
- Abstracting your code away from SMF codebase via hooks means less headaches when upgrading, both upgrading SMF and upgrading your mod.

Look at them. They're just asking for it. Maybe the human race deserves to be wiped out.

Online Gary

  • Lead Customizer
  • SMF Super Hero
  • *
  • Posts: 17,317
  • Gender: Male
  • So this is the luck of the draw...
    • Gazmanafc on Facebook
    • garygadsdon on LinkedIn
    • @Gazmanafc on Twitter
    • The Bongo Comics Fan Forum
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #16 on: October 05, 2017, 02:34:19 PM »
^ and as such use of $smcFunc where appropriate is mandatory for approval.

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #17 on: October 05, 2017, 04:21:38 PM »
Yes, I know about $smcFunc and SQL injection; and that is fine but that was not the issue. The issue was being told that what has been done can't be done and this was without looking the code or knowing anything about the coding technique. How can one make a total assessment with only half the information? That is called an assumption which is astounding. As far as the hooks, this cannot be done using the hooks which is most likely as stated, others failed...

You all assume that no one outside of your circle knows or has experience with SDLC or anything else and make statement like:

Quote
Less file edits means less support.

NO KIDDING!!! One makes the code changes that are needed to allow something to work properly. The mass amount of changes (7) were mainly used to call the functions in the loaded modules which is being done all over even with SMF. But when one wants to nit-pik; anything is game. I can imagine that those who chimed in did not look at the code but making assumption also. I don't mind if someone want to help but at the very least look and see where the error is and provide proof not speculation & ridicule.

To prove a point, in SMF code this is done to call a function in a loaded module
Code: [Select]
updateSettings(array(
'calendar_updated' => time(),
));

In my code this is done to call a function in a loaded module
Code: [Select]
BotBanishClient(false);

Yet, I need a hook? Be serious, These are the only calls to a loaded module which is 4 of the 7 changes (additions).
A hook to what? Please be exact in your condemnation. Show examples that can be proven not rhetoric. Anyone can make unsubstantiated statements all I ask is that you back them up with absolute proof. Something that seems to be eluded in these posts. Not one example... Don't tell me how smart you are; show me...

« Last Edit: October 05, 2017, 05:10:11 PM by Randem »
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,035
    • Arantor on GitHub
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #18 on: October 05, 2017, 05:31:39 PM »
I've been typing from mobile this whole time.

To answer your point about hooks, your first file edit is to load the core of your platform; this is achievable by adding the path to it to integrate_pre_include. The edit to the theme - which will end badly on almost every theme as the numerous support topics about 2.0.14 should attest - could be handled without potentially editing the theme file. For themes that use the 2.0 style of html and body layers, a new template layer could be defined from a hook and inserted. For themes that don't use this layering (which is a lot of the early 2.0 plus any theme ported from 1.1, both of which are surprisingly common), neither approach would work as effectively as making a hidden link literally the first content in the page, which I have to admit is the best way to handle this. For a non-edit solution I might have pushed it into $context['insert_after_template'] for a consistent behaviour across themes at the cost of putting it near the end of the content. Or I could have added something to the output buffer to target it during the last stage of pipeline before pushing the content to the user to guarantee it gets inserted as the very first thing regardless of theme without a file edit.

The secondary edit to index.php I could concede might be best handled with an edit so that you don't miss some cases that might be caught between the is_not_banned() check and the integrate_actions hook which could certainly be repurposed to take on the task being handled there.

The edit to Register.template.php is... interesting. Aside from breaking XHTML validation, there's no obvious issues with this, and I'd have to concede this is the most compelling case for an edit - but even then it's still possible to do without actually editing (though it is the most fiddly)

Interrupting the ban system the way you have, I get why you've done that. I think this one would be annoying to fix without edits but careful interruption via integrate_exit could achieve it.

And if hooks were used, you could mostly have 2.1 compatibility without any other changes because 2.1 has all the same hooks (and more) than 2.0 does.

You don't _need_ to use hooks. But they massively help by meaning you don't have to edit any files, don't have to rely on the exact code being found, don't have to rely on exact things being where you expect them - and don't have to worry nearly so much about other mods breaking them. Having written... something like 90 published mods, ranging from one liners to things in the 30k range, including helpdesks and media gallery systems, I've learned very much the hard way what support looks like - especially when you're looking to get some benefit out of this, you want to minimise the support hassle on yourself. Taking longer to build it means less time in deployment.

But what would I know? I'm only ex-customisation team (and thus mod reviewer), ex-SMF dev team and on-going analyst of spam patterns on forums (it's not surprising that there are multiple anti-spam mods from me on the mod site, for example) and I was trying to help you save some effort in the long run.

I hope it works out for you and you get everything you wish for from this endeavour.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Randem

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • Randem Systems
Re: Looking for 10 people to use a MOD on their site for a 6 months
« Reply #19 on: October 05, 2017, 05:37:46 PM »
Well, now we are getting somewhere. Just saying something is wrong does not help anyone... An explanation is something I can look into.
Thanks.
https://randemsystems.com/support/       -   Discusware to SMF Converter
https://blaxtonjames.com                         - Money, Knowledge And Power; Why You Are Missing All Three
https://joystickgangsta.com                      - An Experience You Can't Refuse
http://botbanish.com                                 - The Ultimate BOT Defender

Always ignore those who attempt to tell you what to think and believe those who will let you think for yourself