Oranjoose

Send private message

You must be logged in to send a private message.

Friends

No friends yet.

Group membership

Activity

  • Oranjoose replied on the discussion topic Relentless spammers
    Thank you all. It seems that the spamming has tapered off since I installed the textcaptcha. Won't count my chickens before they've hatched, but this is a good sign! view reply
  • Oranjoose replied on the discussion topic Relentless spammers
    Does 1.9 have better spam rejecting features? view reply
  • Oranjoose added a new discussion topic Relentless spammers in the group Elgg Technical Support
    I made an elgg site (version 1.8) a couple months ago, and it didn't have a problem with spammers until just the last couple of weeks. I proceeded to install the following plugins: gutwacaptcha...
    • This is effective: https://community.elgg.org/plugins/1612728/0.1/registration-randomizer

      This prevents bots from signing-up since your register page is never the default url, always random and it's the default URL they are heading to, to try and sign up.

    • I am sorry to hear how the spammers are frustrating you and your site. The hardest thing to stop is human spammers. Most companies will pay spam sweat-shops to solve most captchas available even at the moment including the, gutwacaptcha :
      https://community.elgg.org/plugins/1172111/1.8.15C/elgg-captcha


      At the moment, gutwacaptcha works faithfully but needs a few tweeks to make it work to it's optimum.

      For example, the next versions will include a limit a user can mess around with the site or solve gutwacaptcha. This way the bots can not just brute force the gutwacaptcha.

      Try sitecode plugin. The site code will help you shut down the registration of your site to new members and including the bots or spammers while dealing or deleting the registered spammer.

      Comment posted from a cellphone~~~

    • Thank you all. It seems that the spamming has tapered off since I installed the textcaptcha. Won't count my chickens before they've hatched, but this is a good sign!

  • Oranjoose replied on the discussion topic Make HTML editor only available for Admin users
    @steve_clay Wow, that worked splendidly. However, I noticed that messing with the tinymce extended_valid_elements doesn't really do anything whether or not I put in iframe. It looks like the htmlawed safe option is the only thing that... view reply
  • Oranjoose replied on the discussion topic Make HTML editor only available for Admin users
    @webgalli Thank you for the lead; it is helpful. If anyone would like to give me a lead on how to show/hide the html editor, then I'd be grateful.   view reply
  • Oranjoose added a new discussion topic Make HTML editor only available for Admin users in the group Elgg Technical Support
    I've got HTML5 games I'd like to embed into posts, which calls for iframe elements. I got that part working, thanks to this thread: https://community.elgg.org/discussion/view/556914/adding-iframe-support-for-admins-only The problem is...
    • @webgalli Thank you for the lead; it is helpful. If anyone would like to give me a lead on how to show/hide the html editor, then I'd be grateful.

       

    • Watch out!! Anyone can type/paste/inject dangerous HTML regardless of the editor being present.

      You only want to temporarily relax your htmlawed standards when trusted users are logged in.

      Then you can remove filter_tags() sanitization (htmlawed) from the output/longtext view so all users can see that content.

      This solution isn't perfect because if any non-admin edits that content, the unsafe markup will again be stripped out.

    • @steve_clay

      Wow, that worked splendidly. However, I noticed that messing with the tinymce extended_valid_elements doesn't really do anything whether or not I put in iframe. It looks like the htmlawed safe option is the only thing that controls that.

      I do have a question for you though. Right now, with htmlawed safe option set to true conditionally when admin is logged in, then admin can post iframes and others can see it, but non-admins cannot post working iframes. However, when a non-admin opens the HTML editor and pastes an iframe in, and hits update, then the iframe works in the editor. When the post is published, it gets stripped.

      Is this not a security risk that iframes load in the editor? Shouldn't the 'safe' option set to true in htmlawed prevent users from loading the iframe in the wyswyg editor, or that's just the domain of longtext?

  • Oranjoose replied on the discussion topic Strange page hang issue
    @Paweł I was able to find a solution, thank you! For posterity, and others who may run into this issue, this is what worked. First, per Paweł's suggestion, I checked the "maillog", which refers to a log file on your server. On... view reply
  • Oranjoose added a new discussion topic Strange page hang issue in the group Elgg Technical Support
    Let me describe the symptoms, and hopefully one of you would be able to guide me in the right direction. - Whenever I click "Add Friend", "Resend Validation Email", "Invite" [friend to group], "Send"...
    • What do you see in maillog during action processing?

    • @Paweł

      I was able to find a solution, thank you!

      For posterity, and others who may run into this issue, this is what worked.

      First, per Paweł's suggestion, I checked the "maillog", which refers to a log file on your server. On my Debian 7 server space, it was in /var/log/mail.log. I performed an action or two that would replicate the hanging behavior, and then a couple minutes later, I checked the mail.log file.

      Looking at the bottom of the page, I found "My unqualified host name (shhThisIsSecret) unknown; sleeping for retry". I got this error because the hostname I had set for Linux was not an FQDN (fully qualified domain name). This is problematic in a few ways, which I'm sure you can look up.

      To fix it, change the hostname to an FQDN. On Debian 7, I was able to change the hostname super easily with the hostname command. If you just type in hostname in the prompt, and hit enter, it should return what the hostname is currently. Then just type hostname myFQDNhostname , and hit enter, and it should have changed the hostname. You can verify it by running the hostname command by itself again.

      That should do it (it worked for me)!

      If you type in an invalid FQDN, then the page may stop hanging, but no email will send. If you check your mail.log again, you may find messages like "Domain of sender address myApacheUsername@myNotValidFQDNhostname does not exist".

      A common valid FQDN to use for your hostname would be mail.myDomainname.com

      Hopefully this helps someone else.

    • I'm glad it helped. Thanks for extensive information on actual problem. That's one of the best ways to give back to the community.