I am a creature of habit. I’ve been using IE6 for many years, and my client (in real life) uses it as their corporate standard. Yes, I know there are security issues that can occur. But with the corporate firewalls and various client workstation “lockdowns” they have in place it’s probably okay. As a result, I had kept IE6 on my laptop and my desktop here at home as well.

I’ve also commented more than once at various boards (like phpbb.com) about style or template issues with IE6, and generally I get the response:

You should really upgrade for security reasons

or

Use a modern browser that supports standards

or anything along those lines. So what is the point of this post?

At Londonvasion we had a presentation by someone that showed off a bunch of really cool styles for Joomla! + phpBB3 integration sites. He even showed some sites where a user could customize the color themselves, giving them a truly unique look for the site. He happened to mention that the techniques used for those styles didn’t work in IE6 so they just didn’t support it. I think at least half of the room (on my side, anyway) turned around and looked at me.

I upgraded my laptop to IE7 on the spot. I’m still getting used to it, but it does address all of the styles quirks for phpbb.com that I was experiencing with IE6.

The talk includes a case study that regular (and long-term) blog readers are likely to be very familiar with: the Checkbox Challenge MOD for Wordpress, phpBB Registrations, and even Comment Forms. During the talk there were a few times where I took questions or had discussion from the audience but I think most of the “dead air” has been removed thanks to AdamR’s fine editing skills.

You can review all of the videos here.

I never quite realized how much I “talk” with my hands…

That’s where a service like AKismet (for Wordpress) or bbProtection (for bulletin boards) comes in. The bbProtection service started in 2006, and it showed a lot of promise. Like any new effort there were bumps along the way, including some concerns about privacy rights and poison pills and other issues. The folks behind bbProtection revised some of their methods made improvements based on public feedback, but ultimately (and unfortunately in my opinion) folded in 2007 due to time constraints.

Fast forward to Londonvasion 2008… After my anti-spam talk I had an interesting conversation with Mark Barnes (MarkTheDaemon). He was one of the principals behind the original effort, and he along with some of the other original team are determined to bring the service back. In fact, here is what the site looks like today.

bbprotection.net

I’ve had several conversations with Mark and Vic D’Elfant (another one of the original principals) over the past weeks about the service. I am encouraged by what I’ve learned, and look forward to the relaunch of the service. Based on their current site if you have any interest in this area and have some time to dedicate you should contact them at the email address provided and see what you can do to help.

Oh, right, here’s what was going on…

I was composing a blog post right at that moment. If you run a wordpress blog of your own, you might be able to recognize the standard wordpress posting screen. I sat way towards the the back of the room, as I didn’t want to disturb anyone around me with my typing. It turned out that other folks ended up sitting in the back as well, but there were enough laptops running that one more didn’t seem to matter. The hotel wireless, which had been so bad the day before, performed quite well. Maybe it has something to do with the fact that they placed a wireless access point right in the room with us.

This image was posted by a team member from phpbb.fr who shared his pictures on flickr.

As soon as the videos are posted at phpbb.com I will be sure to post a link. Until then, you’ll have to be happy with the teaser information of knowing that it’s coming soon…

There are three different elements in the fight against spam, as outlined here:

• Prevention means being able to keep spammers from getting on your board in the first place
• Detection means being able to quickly identify and react to spam if it is posted
• Elimination means being able to easily and thoroughly clean up the mess that a spammer has left behind

View the PDF

In the prevention section I talked a good bit about the Checkbox Challenge MOD that I wrote, which regular readers of this blog are probably already familiar with. The statistics are quite astonishing, and are up-to-date as of July 19, 2008. Altogether the checkbox trick has prevented over 76,000 spam comments from appearing on this very blog. I also shared statistics about registrations on my largest phpBB2 board as well as a comment form. Those are three different bot targets (Wordpress, phpBB, and a file simply named “comment.php” which apparently is quite a target) but all have been successfully defended via the simple checkbox MOD.

In the detection section I talked mostly about my opinion that most MODs in this space are not appropriate. It is extremely difficult to write code that can detect spam 100% of the time, and there are people that have been trying to do this for quite some time. That’s why you get emails with random strings of words at the bottom; they’re trying to fool the anti-spam measures you might have protecting your email inbox. There are several MODs for phpBB2 that attempt to automatically detect and react to spam, but I submit that your best defense as a board owner is an active moderator team.

To than end, I touched on a number of features for phpBB3 that I think are quite appropriate and necessary in the ongoing battle. The “Report a Post” feature turns anyone on your board into a potential moderator, and that’s a quite excellent feature. I have added this to my phpBB2 boards as well. There is a moderator ability to send all posts from a single user to the “trash” forum in phpBB3 as well (something I wrote up as the Spammer Hammer for phpBB2) which makes it very easy to clean up after a spammer. But the bottom line is these are human actions rather than anti-bot scripts, and I think that’s where we will be in this area for quite some time.

Finally, in the Elimination section I talked about several types of spam scenarios, including:

• Users that register but don’t activate
• Users that activate but don’t log in
• Users that log in and post spam
• Users that log in and post “accidental” spam

The distinction between the last two is subtle… the first situation is easily recognizable as the user has posted something with dozens of links to cheap audio or medication web sites. They’re easy targets for the Spammer Hammer. The second scenario is when a user appears to be legitimate but maybe didn’t read (or understand) all the rules. In this case, the moderator team can use the user notes feature to mark the account. This means that if the behavior is repeated, it doesn’t take the same moderator to notice… any moderator can check the user’s history and see if they have a habit of rules violations. If they do, a temporary ban can be used rather than a permanent ban.

Ultimately phpBB3 provides a number of excellent features that help protect your board from spam. I am thinking that the Checkbox Challenge MOD should be my first entry into writing MODs for phpBB3.

So that’s it. If you want to see all of the details you can check out the pdf file linked above.

Which leads me to the closing event, the panel discussion. We had just finished hearing from the Lewis Brothers (Highway of Life and Handyman) and were trying to get the furniture rearranged without completely destroying the hotel. (We managed, mainly because Bertie wasn’t allowed to help. ) Highway of Life (David) was busy getting the audio set up to stream live on the Internet. We still hadn’t figured out who was going to be on the panel, and I was asked for my opinion I simply suggested, “Just pick anyone who hasn’t done anything yet and give folks a chance to meet them too.” So that left me out, as I had done the spam presentation earlier in the day. I really wanted to be on the panel, but I have to say that we got some great comments from everyone involved. I think DavidMJ was the star of the show, but everyone else did a great job as well. So thanks to everyone that put their opinions on the line (live, no less) and answered the many interesting questions that came from the audience and the chat room.

I had some idea about spending time in London after Londonvasion closed. To this point I had only seen the airport, the inside of the bus from the airport to the hotel, the hotel, and the McDonalds next to the hotel. Hardly the things that London is known for. But to be very honest, I was much happier spending the time with the rest of the team up until after midnight that night, as I can always go back to see London at some point but getting as many team members together as we had might not happen again.

Or at least until next year.

Here’s hoping to see anyone and everyone at Unknown-Place-Vasion 2009.

Highway of Life followed with a presentation on site integration with phpBB3. Just like you can do with phpBB2 (and I have done more than once) you can utilize some minimal code from phpBB3 and use it to start a brand new page. By doing this, you can build an entire site around phpBB3 and avoid the need for a bridge. If you want a full-featured content management system or don’t have the time or inclination to write your own pages then Joomla or an equivalent system might be interesting. But if you want only a few extra pages that are integrate into your board, that’s certainly possible. Highway of Life showed the basics of that process.

Handyman wrapped up this part of the session by talking through some tips on how to plan, code, and test a MOD. There were only a few bullet points, but they were very appropriate.

We’re now going through the general panel, featuring DavidMJ, NeoThermic, cherokee red, and wGEric taking questions over IRC and from within the room. Cool stuff.

As anyone who has ever been in the same room (or country) with me knows, I love to talk. It’s part of what I do in my job (part-time trainer, full-time consultant) and it’s a very real part of why I am particpating on the board in the first place. So I was happy to create a topic.

In a nutshell, I talked about three different aspects of combatting spam:

• Prevention
• Detection
• Elimination

I believe the presentations will be posted on phpbb.com, and I will certainly post my presentation here as well. But to summarize: Prevention techniques keep unwanted content from reaching your board in the first place, and I shared some statistics from my Checkbox Challenge MOD. We also got into a discussion about some of the other MODs for phpBB2 and I talked at some length about the new features of phpBB3 that make most (if not all) of the phpBB2 MODs obsolete. Detection relates to identifying spam content that appears on your board, and Elimination techniques relate to cleaning things up once a spammer has been detected.

I won’t recreate the entire presentation here, but it did seem to be well received and I hope it will be useful once I get a copy posted.

After I was done, we had a brief talk from one member of each team about how the user community can get more involved with the phpBB project. The developer team suggested that more help testing was always welcome. The more tests that can be done in different environments, the more solid the code becomes. All developers like to deliver solid code. Most of the rest of the teams talked about being active in the respective areas (MODs, Styles, or Support) and doing a good job. Those that do a good job get noticed, and those that get noticed can get invited to the teams.

Next, we finally had a presentation from a user rather than a team member. Noth started his presentation about the user experience of updating to version 3. In a nutshell, he was quite happy with the upgrade.

Paul is now delivering a presention on how to write a MOD, which looks like some good information for those folks that are always asking, “So, how do I write a MOD?” Now we’ll have something to point them to.

I think that the rest of the afternoon belongs to the MOD team, and whatever time is left will be used for an open discussion panel. Probably one or two more posts “live”, and then probably I will do a wrap-up post when I get home.

Right now we’re taking a quiz from Kellanved about security issues that are possible in php applications, and some of the many steps that phpBB3 is taking to address the issue. It’s quite good; I hope to download the slides later and think about them in more detail.