phpBB 3 had a little spam hiatus whilst the spammers cracked the new captcha system, however it’s obviously been well and truly broken now

I decided to clean the forums up and get rid of the spammers. I have employed 2 techniques:

1. A phpBB3 mod called daroPL_AntiSpam
2. Some code I quickly conjured up to check with Akismet when a comment is posted

I will obviously be talking about the latter here, follows are instructions on how to implement the Akismet check on posts:

If you want to copy & paste the following code snippets, hover over them and click the ‘copy’ button

1) Download akismet-php-curl-class
2) Copy the akismet.curl.class.php from the archive to your phpBB3 forum’s ‘includes’ folder (e.g. ~/public_html/forums/includes)
3) Edit message_parser.php in the ‘includes’ folder and make the following changes:

Find:

if (!class_exists('bbcode'))
{
        include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
}

After it, insert the following

if (!class_exists('akismet')) {
        include($phpbb_root_path . 'includes/akismet.curl.class.' . $phpEx);
}

Find:

// Check number of links
if ($config['max_' . $mode . '_urls'] && $num_urls > $config['max_' . $mode . '_urls'])
{
	$this->warn_msg[] = sprintf($user->lang['TOO_MANY_URLS'], $config['max_' . $mode . '_urls']);
	return (!$update_this_message) ? $return_message : $this->warn_msg;
}

After it, insert the following:

// Akismet SPAM check
if (($user->data['user_posts']<=6) && ($user->data['user_type']==0)) {

	$akismet_comment = array(
	    'comment_type'              => 'comment',
	    'comment_author'            => $user->data['username'],
	    'comment_author_email'      => $user->data['user_email'],
	    'comment_author_url'        => $user->data['user_website'],
	    'comment_content'           => $this->message,
	);

	$akismet = new akismet('YOURAKISMETAPIKEYHERE','http://www.yourforums.com/forums');

	if(!$akismet->error) {

		if($akismet->valid_key()) {

			if($akismet->is_spam($akismet_comment)) {

				$this->warn_msg[] = $user->lang['AKISMET_SPAM'];
				$a_to = "you@youraddress.com";
				$a_subject = "Attempted SPAM Post by ".$user->data['username'];
				$a_body = $this->message;
				$a_headers = "From: admin@yourforums.com";
				mail($a_to, $a_subject, $a_body, $a_headers);

			}

		}

	}

}

4) Edit posting.php in the ‘language/en/’ folder (obviously you’ll need to add this to other languages your users use too)

Find:

        'TOO_FEW_CHARS'                         => 'Your message contains too few characters.',

After it, insert the following:

        'AKISMET_SPAM'                  => 'Your message looks like SPAM.',

5) Finished!

The website is Cold Steel UK – it’s the UK distributors website, for trade and retail. Cold Steel UK sell knives and swords of the highest quality, amongst other things.

The ecommerce system used is Actinic v9 and on the website side, technologies used include jQuery & PHP (via Actinic’s embedded PHP engine)

After numerous hours debugging, I figured out what was going wrong.. when SSL is enabled on shopping cart pages, Actinic provides Secpay with HTTPS callbacks – as you’d expect. It also sets a parameter which Secpay needs if the callbacks are HTTPS. However for some reason at this moment in time Secpay won’t use the HTTPS callbacks – the request is never sent to the server

I don’t know why this is happening, I even used the alternative method of informing Secpay that the callback is HTTPS – via the ‘options’ parameter.. no dice

The solution I’m currently using is to modify the ‘OCCSecPayScriptTemplate.pl’ file, inserting a line after the following block of code:

# to enable Diners cards, remove the ‘#’ from the start of the 2 lines below
#$sOptions .= ‘,’ if ($sOptions ne ”);
#$sOptions .= ‘diners=true’;

the line to change the callback URLs back to HTTP is:

$::sCallBackURLAuth =~ s/https/http/;

If you combine the above tweaks with Lifehacker‘s new ‘Turn Thunderbird into the Ultimate Gmail IMAP Client‘ article, then you should be rocking!

I wonder what’s caused this sudden surge in attacks

Apple up until the most recent versions of Safari did not bundle the StarfieldTech root certificate with Safari. Therefore if a Safari user visits a GoDaddy SSL secured site (GoDaddy retail StarFieldTech Certificates) then a warning dialog will pop up informing the user that ‘Safari can’t verify the identity of the website “xxx.com”‘.

The easiest solution is to upgrade Safari to the latest version.. and alternative is to install the StarfieldTech root certificate manually by visiting the following URL: StarfieldTech root certificate

Anyway, what happened after the reset had me a bit stumped until this morning when I realised what was happening. The symptoms of the problem were that basically only a few random websites were working.. Google happened to be one of them and a handful of others. The others would sit on ‘loading’ but never actually load the page. MSN messenger wouldn’t work. SSH would work until a certain number of characters had been transferred… that was what made me think of MTU..

So I managed to view a few sites about Tiscali MTU via Google Cache. They all said Tiscali’s recommened MTU was 1500, however that’s what the routers WAN interface was already set to. I Googled a bit more and found BT’s DSL recommended MTU was 1458… 10 seconds later I’d changed the Speedtouch 510v4 to use this value and everything worked!

So there you go, 15 hours of downtime because of some shitty MTU problem! Hope this solves the issue if anybody else encounters such a weird problem!

I much prefer this new interface, it looks more like bloglines now but a couple of things really impressed me..

Infinite scroll

In the screenshot I’ve selected “All Items”, Google Reader will pull approx 20 at a time, when you near the bottom of the list a further 20 are added to the bottom.. scroll forever!

Mark as read

As you scroll through stories reading them, as a story comes into your view and reaches the top, it is automatically marked as read

I’ll continue to explore the new features but it seems like a winner to me.. more later!