Bulletin Board Maintenance

Last year, I wrote about installing a bulletin board on the Engineer’s Association website. One of the advantages of the A Small Orange web hosting plan was that it supported MySQL and PHP, allowing me to install a bulletin board.

Over the last year, the board hasn’t exactly caught fire. About 5 people have signed up and nobody has posted anything substantial. It was free and it is a good tool potentially, so I think it is worth the trouble for now.

However, lately I’ve started getting Viagara and Photoshop advertising robots signing up. The sign-up process involves entering a username, password, and your e-mail address twice. Then the board sends you an e-mail with an authorization link in it and you can post messages. This was enough security for a while, but there is nothing in there that a robot couldn’t be trained to do. I deleted the four or five robot accounts, but the next day there was another one. Pesky robots.

Thinking part of the problem might be security-related, I decided I should upgrade the PunBB software to the latest version. While looking for that I found out the creator of the software had been bought out by a Russian firm and further development of PunBB was in doubt, though I was a couple of incremental versions behind and some of those upgrades were for security. Some of the people that worked on PunBB left and started another project called FluxBB which is a fork off of PunBB, essentially another open-source project based on the earlier open-source project.

Upgrading wasn’t too bad. The worst part was backing up the database and all of the files beforehand. The ASO control panel let me create a backup of the database which was really, really small (less than 50k; but then I don’t have a lot of members or posts). I manually stored all of the files in a folder on my computer.

Then I downloaded the upgrade, upoloaded it to the webserver and used the ASO control panel to expand the gz archive, overwriting a lot of old files. I had to open a .php file which I guess was where the old settings were brought over to the new installation. Anyway, I didn’t have to do a whole lot.

The next day another robot had signed up. Annoying little buggers.

The next step was to install a plug-in called AntiBot that would show you some funky looking partially obscured word that you had to enter. This is called a CAPTCHA which kind of stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Although it is designed to keep robots away, it is not a Robot Exclusion Protocol, which is one of my favorite computer phrases of all time. Besides the Robot Exclusion Protocol only works with nice robots and this is designed to keep away bad robots.

You’ve probably seen CAPTCHA’s before. This one uses a .png image with letters and numbers and somehow uses pieces of that image to test whether someone can read them. Once I installed it I tried it out and missed the answer several times because the letters were so funky looking. They included a less funky set of letters, but that looked too easy. So instead I just included the image of the alphabet on the registration page to give a big hint on what the answer was. Here’s the image:

To install AntiBot I had to follow their instructions in the readme.txt file (the file itself used some kind of markup coding that makes me think it could install automatically, but I don’t know how that works), modifying the register.php file and uploading some other files. Then to customize it to give the hint, I had to modify register.php on my own with HTML to include the image file. It wasn’t too bad except, again, I made sure I made a backup of the original register.php file so I could fall back on it if I messed up or wanted to get rid of AntiBot.

You can try it out if you want by going to the board and clicking Register in the top menu. You can go ahead and register with your real name and I will delete you later on.

GDOTEA bulletin board

One thought on “Bulletin Board Maintenance

Leave a Reply

Your email address will not be published. Required fields are marked *