A few weekends ago I upgraded php to the latest version. I also broke my largest remaining phpBB2 board.
My first (and largest and still active) phpBB2 board was based on the 2.0.4 codebase. Over the years I implemented some (but not all) of the suggested upgrades, because as soon as I got the code I started changing it. That made applying updates a bit more challenging. Anything that was related to security (such as the hole in the search code) was patched, but other items were not necessarily patched.
One of the bits of code that was added later along the line was to check the $_POST array for values and restore everything back into $HTTP_POST_VARS. I never bothered to do that, and until last month everything still worked fine. With the latest version of php, they finally stopped supporting those arrays altogether so I had to update my code accordingly.
The board is functional again, but the writing is on the wall. phpBB2 is probably (finally) on the way out.
Some years back I purchased a couple of NetGear Duo RAID disk enclosures. Each enclosure was loaded up with dual 1TB disk drives from Western Digital. Everything written to one drive was mirrored to the second drive. This helped protect against a single disk failure.
I also had a very old (PIII processor!) computer that was running linux. At one point I was using it as a development environment, but it had long since been retired from that duty. Why was it still around? I had created mount points for each of the RAID arrays on this linux box, and it was responsible for going to my web server (which hosts this blog, among other things) and downloading the nightly database backup files. (My web server runs a hot backup at 1AM each morning using the mysqldump command.) This linux box also had a script (running at 2AM) that would ftp to my web server, retrieve all of the database dumps, download them, add a date stamp to the file name, and then copy the resulting files out to the RAID array. The entire process was automatic, transparent, and for a long time was quite robust.
Until a few weeks ago. More…
I read this morning a topic in the MOD Authors forum at phpbb.com where the topic poster was trying to figure out a way to encrypt / decrypt private message text. The technical challenge was easily overcome, as someone posted some code that allows the board owner to do exactly that.
The problem is, it accomplishes nothing.
Private messages are often a hot topic for board owners, probably because of the privacy implications of the name “private” message. As most board owners probably know, private messages are not truly private. Anyone with database access can read the private message text. Anyone with access to a backup SQL dump can do the same. But who has this type of access, and what can be done to prevent it? More…
One of my other blogs had been hit and hit hard by spammer comments advertising headphones. This morning I noticed this one here on this blog:
That’s specifically aimed at human-powered paid-to-comment spam. I would rather already have excellent-quality comments than the next quantity of comments.tour headphones Sadly, I’m nonetheless getting an awful lot of spam comments (what’s up, Akismet?), so I think it’s time to install some additional defense layers.
The words “tour headphones” were a link, of course. Subtle, it was not. But I found it extremely ironic and ultimately amusing that the comment itself talked about spam. If you pick a few phrases from that comment you’ll find the exact same thing on other blogs / boards as well, or at least I did when I searched.
I’ve decided to contact the headphone manufacturer directly and let them know that I will never buy their products. Ever. Might not change anything, but it will make me feel better.
Oh, and I added specific code to my anti-spam process to look for this particular type of link.
I have had a couple of requests now for Tapatalk or something similar on my board. The Tapatalk application does not currently support phpBB2, but iPhone / Android support is becoming more of an interest to folks. Tapatalk is not a template or theme, it’s an application designed to interact with a discussion board (they support phpBB3 as well as several others).
I have to admit that I find this to be a far more intriguing idea than a mobile template. The folks behind Tapatalk offer a free API that would allow developers to extend the app to different forum systems. It would be interesting to see if anyone is currently working on phpBB2.
I’m registering on their “Forum owner” area and will see what things look like.
The focus for the past several years for board owners has been to prevent (or at least have some easy way to ignore) spammer registrations. When spammers thought it was useful to have an entry on a board memberlist they were often satisfied with getting through the registration process. They didn’t bother to activate their account. As a result, one of the most popular (and fortunately very easy) MODs for discussion boards was to prevent inactive members from showing up on the member list. This is the standard configuration for phpBB3, no MOD required.
Spammers reacted by altering their process so they can activate accounts. (I as well as other board owners have seen a dramatic increase in use of gmail accounts for this, so clearly Google’s registration process has been cracked and automated as well.) Like many board owners, I would like to have a “clean” database. But it wasn’t a huge imposition to get spammer registrations. If they never posted, they were not a contributing member of my board but at least they weren’t getting in the way. I had a MOD that prevented board members from entering a web site until they had a minimum number of posts on my board, so at least I didn’t get a member database sprinkled with unsavory web links. There are also MODs available that prevent zero-post users from showing up, and for pruning inactive or zero-post users after some specific period of time. All of these were okay in their day, but are not as effective anymore.
I’ve posted many times about my Checkbox Challenge code. It has served very well in protecting my blogs, several phpBB boards, and even my comment forms from spammers. However I am starting to see some issues, and that bothers me. Why? Because the new spam seems to be coming from humans rather than bots. I don’t know how we can combat that. Spammers seem to be quite creative with their posting strategies as well. More…
A few weeks ago I had an interesting conversation with a woman from England who is doing a thesis on the psychology of online communities (discussion boards). During the conversation she dropped a phrase that I immediately stopped and wrote down so I could think about it further. Here is the basic question that was invoked by her comment:
What is the difference between recognition and reputation? More…
In the past I have done a number of tricks to celebrate today. One year I posted a very official looking press release stating that the board had been bought out and would no longer be a free resource. Another year I used to tricky CSS to flip the “off topic” forum upside down.
This year I used a suggestion from my wife… it’s evil. I will post what I did after today is over.
How about you? Any fun tricks to share?
I suspect that most folks running phpBB don’t get beyond the 5,000 member mark. Even fewer get beyond the 10,000 member mark, or three years of consistent growth. What happens when you get to that point and can’t afford to run your board anymore? Then it’s entirely possible for a board with over 100,000 members to simply disappear.
I have posted a lot about the Adsense program over the past years, specifically related to advertising on phpBB boards. I currently do not use Adsense, but I did for many years. However I never relied on the revenues from that source to keep my board running. If I had, I might have ended up like this case study:
Warning to Webmasters: It can happen to you
The link contains a case study about Soccerpulse, a web site with over 100,000 members that closed up shop because their Adsense revenues declined and they could no longer afford to run the site.
I posted a question on Google’s support forums a few months ago (since they don’t seem to offer email support of any kind anymore). While waiting for a response, I have spent some time reading and at times responding to some of the questions there. One of the questions that I saw posted most frequently can be paraphrased as “How can I make more money” or something along those lines. I realize that many board owners probably aren’t using Adsense, but if you are, I thought I would post a few summary tips on this subject.
You can earn more money by:
- Generating more traffic
- Generating more clicks
- Getting higher-paying advertisements
I’ll talk about each of these at a high-level in this post.