chat v3 is released

Announce and discuss the progress of your various programming-related projects...programs, games, websites, tutorials, libraries...anything!

Moderators: Pete, Mods

Post Reply
User avatar
qbasicfreak
Veteran
Posts: 90
Joined: Wed Oct 22, 2008 3:27 pm
Location: canada

chat v3 is released

Post by qbasicfreak » Sun Nov 16, 2008 2:49 pm

Version 3 of my chat program is available to be downloaded at

http://www.qbasicstation.com/index.php? ... &filecat=1

User avatar
Pete
Site Admin
Posts: 882
Joined: Sun Dec 07, 2003 9:10 pm
Location: Candor, NY
Contact:

Post by Pete » Sun Nov 16, 2008 4:24 pm

Dang, I need to fix the upload system for this site. Everyone's putting all their programs on the QBasic Station. :)

User avatar
burger2227
Veteran
Posts: 2378
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Post by burger2227 » Sun Nov 16, 2008 6:00 pm

That is probably the only thing keeping the site alive. The owner, Jack, has little interest in maintaining it anymore. However he made it run on it's own pretty well.

You might want to check out how it works for uploads and their descriptions without being a burden for moderators or the site owner. I can modify an upload and update any file easily. I have many programs there.

Ted
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

User avatar
qbasicfreak
Veteran
Posts: 90
Joined: Wed Oct 22, 2008 3:27 pm
Location: canada

Post by qbasicfreak » Sun Nov 16, 2008 6:25 pm

I would definitely upload it here when you get the system working.

User avatar
Pete
Site Admin
Posts: 882
Joined: Sun Dec 07, 2003 9:10 pm
Location: Candor, NY
Contact:

Post by Pete » Sun Nov 16, 2008 11:26 pm

Thanks for the info!

The backend system here works fine -- I could just turn it back on -- but I disabled user submissions because it got completely inundated by spam. It got to the point where there would be 500 spam posts for every 1 legit one, and the spambots would crash the site at least twice a week. It was a nightmare to moderate.

I tried a few different methods of preventing spammers, but the spambots were too smart! I never came up with something that successfully blocked the spammers, but still allowed legitimate, anonymous users post content. (It's a really simple backend system that I kind of hacked together over the course of a few years, and there was never any system for creating user accounts or registering users.)

Anyway, I *do* want to redesign the site from the ground up, but it's a ridiculously huge job, and I don't have the time anymore. So if anything, I just need to make a CAPTCHA or other type of spam protection system that works.

User avatar
burger2227
Veteran
Posts: 2378
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Post by burger2227 » Mon Nov 17, 2008 12:14 am

The only files that can be uploaded are ZIP files. Somebody could try to cheat by naming it a zip. I reported it to Jack if I found one. I only have found two. ALL posters are Members only! That way they can organize and modify the descriptions and upload updates. There is a user list called My Files to do that. Nobody else can get into them. Similar to my user profile here.

I also noticed that this site strips proxy IP addresses. That helps! The downloads can be placed on another site page accessable to anybody.

Ted

tlsuess
Veteran
Posts: 64
Joined: Thu Dec 01, 2005 10:28 pm

Post by tlsuess » Mon Nov 17, 2008 10:49 am

When Marcade and I were bringing back QB45, I decided on the idea of having files uploaded but approved or denied by a moderator or admin. It's actually pretty decent for what it does.

Most spam bots put nothing in the files and just load the descriptions with links. But at least I oversee what files are uploaded at QB45.

Bots are getting trickier and smarter. They're actually people now-a-days too.

Some people like to spoof the systems by uploading some PHP shell script and naming it "sh.jpg.php" to get a "JPEG" uploaded that runs as a PHP script. What I do as a safeguard is to rename the file but store its original filename in a database then when the user downloads it, the link is to a PHP script which downloads the file but renames it in the headers (according to its original filename in the DB). That's my foolproof way of getting rid of those stupid people who think they can hack into a site with simple things like that.

User avatar
burger2227
Veteran
Posts: 2378
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

How it works at QB Station

Post by burger2227 » Mon Nov 17, 2008 3:26 pm

No way should just anybody upload files! After all, they can't post here without logging in. You could get virus or trojan uploads from idiots too. If they want to upload a file, they need to at least join. Then you can go after the idiots!

Pete could add a "My Files" link for members who are signed on. Just like it now adds "Profile". Or it could be added to your profile. Members only helps limit spammers and bots.

1) My Files has an upload box that can also find folders on your PC. Below that is a list of the member's previous uploads and an editable description and category of each for the member only. When an upload is done for a different named file, the description and category are both empty. A member must then edit it. Bots cannot do this I believe!

2) Each upload MUST be a ZIP file! Error if not. So no stuff for bots or spammers to upload.

3) When a file is uploaded, the default category is "None". A user needs to change that to a certain category. This is the one problem at QBStation. It does not tell you that, but once a file is off of the front page list of new uploads, it is LOST to everybody except the original member. This allows people to just archive stuff unless the owner or Mod deletes them. I would change that so users MUST select a category or it is removed later. Say in 30 days. It could be automated if need be.

I don't think bots can do all of this easily! If a member does it just Delete them too! IP and all..........

Ted
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

tlsuess
Veteran
Posts: 64
Joined: Thu Dec 01, 2005 10:28 pm

Re: How it works at QB Station

Post by tlsuess » Mon Nov 17, 2008 8:09 pm

burger2227 wrote:No way should just anybody upload files! After all, they can't post here without logging in. You could get virus or trojan uploads from idiots too. If they want to upload a file, they need to at least join. Then you can go after the idiots!
Anyone, even members, could upload trojans to any website. There really hasn't been much other than that but I just followed the original layout of QB45. The files won't appear and can't be downloaded unless I approve them. So nothing is ultimately bullet-proof and user-friendly at the same time.

User avatar
burger2227
Veteran
Posts: 2378
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Post by burger2227 » Mon Nov 17, 2008 9:54 pm

If you enjoy doing that then fine. I don't think that Pete wants to constantly oversee that stuff. Especially spam!

When you get older and wiser you will probably not be so inclined.

I have to laugh at members doing it. You can prosecute easily when you have their IP and email address.

User friendly <> non-member. What is the big deal? Are they scared or what? Those are the snakes on the web! They enjoy making others suffer.
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

tlsuess
Veteran
Posts: 64
Joined: Thu Dec 01, 2005 10:28 pm

Post by tlsuess » Mon Nov 17, 2008 10:36 pm

burger2227 wrote:If you enjoy doing that then fine. I don't think that Pete wants to constantly oversee that stuff. Especially spam!

When you get older and wiser you will probably not be so inclined.

I have to laugh at members doing it. You can prosecute easily when you have their IP and email address.

User friendly <> non-member. What is the big deal? Are they scared or what? Those are the snakes on the web! They enjoy making others suffer.
There are rarely any people who upload files but I know that spammers are tricky b*tards. One QB site I ran for a while had file uploads by members but the IP ranges varied indefinitely so one day I banned "191.18.*.*" IPs then the next day it was "94.75.*.*" IPs and so on and so on.

I should probably make it so members can only upload but I didn't want to discourage any "potential" QBers.

One thing I learned is that if you have users register for something like uploading files, they won't do it since it's "too much work." People have become lazier and want things quicker and easier than the way it was before, which is quite a downside.

I'm not arguing that your idea isn't good but I'm just recalling past experiences and tribulations with large groups of members.

User avatar
burger2227
Veteran
Posts: 2378
Joined: Mon Aug 21, 2006 12:40 am
Location: Pittsburgh, PA

Post by burger2227 » Tue Nov 18, 2008 2:55 pm

How many members do you have there now?

If a person is too lazy to register, then their code is probably lazy too. I don't want to view that type of code anyhow.

I know what you are trying to say, but spammers are ruining too many open sites already. The best way to stop them is to strip any proxie IP's from the getgo. That is probably what you accomplished by blocking groups of proxy IP adresses. It is a shame that people are stupid enough to think that they can actually make money in spamming! Few do!

Here is a link to a good Proxy ID site. You can paste in a questionable IP address and view the information and a map of where they live.

http://whatismyipaddress.com/

It can also tell you if it is a proxy IP. I don't see a real need for people to use them unless they want to do bad things or access a site when they are blocked. If they were blocked, there probably was a good reason for it. To post stuff, most proxy sites charge for the services. GOOD! LOL.

The QB64 site tried open posting recently and got hit by hundreds of spam posts a day. Galleon had to go back to registered users only. The freedom to post is being taken away by a bunch of morons!

Ted
Please acknowledge and thank members who answer your questions!
QB64 is a FREE QBasic compiler for WIN, MAC(OSX) and LINUX : https://www.qb64.org/forum/index.php
Get my Q-Basics demonstrator: https://www.dropbox.com/s/fdmgp91d6h8ps ... s.zip?dl=0

tlsuess
Veteran
Posts: 64
Joined: Thu Dec 01, 2005 10:28 pm

Post by tlsuess » Wed Nov 19, 2008 7:41 am

I use a tool called IP-Atlas which does just the same as whatsmyipaddress.com but to a lesser extent. One of my forums is getting hit with spammers who try to cleverly disguise themselves as admins from other sites who say I've been placed on a ban list, but just Googling their message turns up results from EVERYWHERE.

What I'm going to do is put in code that runs their IP through StopForumSpam.com's IP checker API and allows them to register from there.

On one of my websites a couple years ago, I put in a CAPTCHA field that displayed a 6-digit number and as an added safety, I had it tell the user to add or subtract a number from 1-9 from that 6-digit number. The spammers came on thick that time. I think I just disabled registration for a couple of days and they gave up. That's what I usually do in worst-case scenarios.

User avatar
Pete
Site Admin
Posts: 882
Joined: Sun Dec 07, 2003 9:10 pm
Location: Candor, NY
Contact:

Post by Pete » Wed Nov 19, 2008 8:47 am

Yeah, I'd like to figure out a way to use the PHPBB accounts here and link it to the old Perl CGI back-end that I'm using. That way, you wouldn't be able to submit stuff unless you're logged into PHPBB.

The only problem is I need to figure out how to do that, and then find the time to do the work. :)

Dav
Coder
Posts: 14
Joined: Thu Jul 15, 2004 9:23 am
Contact:

cool

Post by Dav » Wed Nov 19, 2008 8:58 am

I downloaded your prog, will give it a whirl when I can. Nice to see people trying to use Qbasic to do something "different" than most people think Qbasic should do.

Yeah, SPAMmers are a pain. Using encoded, hidden fields, and action names which constantly change based on the date has worked well for me. As well as adding a time trap that sees if a person has been at a posting form more than 5 seconds (most people dont fill in and send a post that quickly). Those reduced spams greatly at my forums. I haven't have much long-term success at IP banning, but I haven't implemented it well as you guys seem to be doing. I'll check out those site links up there.
Visit Dav's Qbasic Site at: www.qbasicnews.com/dav

User avatar
qbasicfreak
Veteran
Posts: 90
Joined: Wed Oct 22, 2008 3:27 pm
Location: canada

prog download

Post by qbasicfreak » Thu Nov 20, 2008 5:57 pm

Thanks for downloading it Dav! 8)

Post Reply