Message |
|
udittmer wrote:As an admin you can see the IP address of where people posted from - maybe check a few of the IP addresses that user posted from, to see if one or more of those are listed in the Banning list.
It does not appear that they've posted anything yet. In fact, I suspect that they were logging into to the forum for the first time. (I recently transitioned to a new server and JForum installation, but I only kept the accounts of users who had posted something in the past. This was because I previously had a home-rolled SSO solution that automatically created a forum account for every user account on my product website, but that just resulted in tens of thousands of spam accounts being created.)
udittmer wrote:
If I go to the "users" section and try to look up their account, I can't find it.
That is really odd. Note that you can search the user list by email, so you should find it that way. Or maybe the user misremembered under which email address they registered?
I agree, and I wouldn't be at all surprised if they're trying to use a different email address. Especially because the email addy they gave me isn't in my product account database either.
Latest update: They wrote me with their IP address and it was, indeed, in the list of "banning" IP addressed. They also noted that their ISP occasionally reassigns IP addresses, so it's possibly they just got one with an abuse history. Anyway, I removed the IP address from the "banning" list and am waiting to hear more.
|
|
|
Greetings,
I've got a user writing me that when they log into the forum they get a "you have been banned" message.
However, I can't find their email address in the "Banning" list. If I go to the "users" section and try to look up their account, I can't find it. (tried both "top level" and "blocked" filters).
I suppose that the IP address they're connected from might be in the list, but I don't know what that is (I wrote back and asked if they knew their public IP address, I could look for that).
Otherwise, I'm at a loss.
Any suggestions?
|
|
|
Many years ago, I remember a discussion about disabling private messaging (it is still an unfortunate source of spam for my users). I vaguely remember that a switch was going to be added to a future version, but I was still running an older version.
Now that I'm up-to-date, I went cruising through the settings and group configurations and I couldn't find any such switch. Am I missing something, or is there still no way to turn private messaging off?
(I suppose I could edit the templates and just comment out any "send private message" buttons...)
|
|
|
Follow up:
You mentioned that you didn't trust the user_posts field to be accurate, but in the end it was.
All of the deleted accounts had a 0 value in that field, and all of the remaining accounts have non-zero values. So, in retrospect, I probably could have used that as my sole criteria. YMMV
|
|
|
udittmer wrote:#3: https://sourceforge.net/p/jforum2/wiki2/Documentation/ links to a few pages about SSO. But I've never used that, and the code hasn't touched in a long time, so I'm not sure how well that still works. If you want to abandon SSO, I think any value in there is OK - nothing but the login process touches the password.
I tested a few accounts and the PW reset seems to work just fine, so I'll leave them where they're at.
#4: ...
delete from jforum_users where id in (select u.user_id from jforum_users u left join jforum_posts p on p.user_id = u.user_id having count(p.user_id) = 0)
small correction: ... jforum_users where user_id in ...
So after letting that query run for 22 hours, I stopped it and took a different tact. (I suspect that MySQL was re-executing the select left join statement for every row in jforum_users, which means it was going to get executed 450,000 times.)
I ran the earlier join once to generate the list of accounts with no posts, exported it, and just massaged that into a list of 9,000 separate DELETE statements, that each deleted 50 rows. It still took 15 minutes to run, but it got there.
I've since spent some time digging around the forums, old posts, etc. and I don't see anything obviously wrong, so it looks like it worked (and I'm back down to a very manageable 839 user accounts)
Thank you again for all the help and a great program.
|
|
|
Greetings,
It's great to get back into the JForum community!
I have an ancient (2.1.8) version of JForum that I've been running since the dark ages. I have finally gotten around to migrating it to a new Red Had server, running Tomcat 10 and Java 11.
It was a bit rough, and I had to start over three times, but I finally made it through all of the upgrades and configurations.
The forum is now hosted on its own domain (forums.dawntodusksoftware.com) using an Apache ProxyPass to redirect it to the webapp on Tomcat (localhost:8081/jforum).
So far, things are looking pretty good.
Question #1:
The forums, topics, messages, etc. all look OK, but I did see a lot of mysterious warnings from MySQL during the initial DB import. There were hundreds of messages like this:
Query OK, 267 rows affected, 11 warnings (0.022 sec)
Records: 267 Duplicates: 0 Warnings: 11
Query OK, 281 rows affected, 11 warnings (0.018 sec)
Records: 281 Duplicates: 0 Warnings: 11
Query OK, 430 rows affected, 17 warnings (0.023 sec)
Records: 430 Duplicates: 0 Warnings: 17
...
Is this something I should be worried about?
Question #2:
I'm getting ready to customize the look of the forum to match my main site. I was a little confused reading the Templates and Styles section. Do I just start editing jforum/templates/default/header.htm, et. al.?
Question #3:
I used to have a custom SSO that allowed all of my registered users to use the forum with the same account. I think I'm going to abandon that and let users create separate accounts for the forum.
It appears that JForum stores a hash of the password in the jforum_uesrs.users_password field. My SSO hack stored the value "#shadow#" in that field. Is is OK if I leave it that way and just add a note that previously registered users will need to reset their password? Or should I store some other value?
Question #4:
After running for over 10 years, I've registered a lot of spam accounts. I currently have over 400,000 user accounts, I suspect that 98% of those are spam.
A few years back I set the forum to full moderation, so I've rejected all of the spam posts. But I'd really like to delete these accounts.
Is there a script or utility I can run that will safely delete all of the user accounts without any posts?
That's it for now!
|
|
|
I've got my Jforum2 site set up and running. Now I'd like to set up a SSO with my main site.
I've been poking around the documentation and the net.jforum.sso.* source, and it looks like I might be able to use the cookie sign-in scheme. But before I dive into hacking up my web site, I wanted to make sure I have a reasonable understanding of how it's supposed to work.
I gather that the net.jforum.sso.CookieUserSSO class simply looks for cookie (JforumSSO by default) that contains the user name of the currently logged in user. If it does, that user is either automagically logged in or gets spontaneously created.
My two sites are at www.mydomain.com and jforum.mydomain.com.
Therefore, and if I'm reading RFC 6265 correctly, I *should* be able to have the login page on the www.mydomain.com set a cookie (Set-Cookie: JforumSSO=johndoe@gmail.com; domain=mydomain.com) when the user logs in, and the jforum.mydomain.com request should include that cookie, allowing net.jforum.sso.CookieUserSSO to work its magic.
If that's correct, I'm ready to get started. If that's not correct, could someone explain this to me (as if I were a child). Thanks!
|
|
|
It turned out that migrating my database wasn't a big deal.
I'm no DB expert, so it's fortunate that my MySQL GUI client has a "Duplicate Database" command, which worked perfectly. I then applied all of the upgrade script from 2.2 through 2.5, which was astonishingly simple.
Finally, I copied the contents of the ./images/avatars and ./uploads from the old site to the new one and voila!
There's still some settings that didn't get moved over, but I'm confident that when the time comes to go live I won't have any problems getting 10 years of content migrated.
|
|
|
I've finally back to working on this again.
I seemed to have gotten things working. It appears that the fundamental problem is this installation of Tomcat runs behind an Apache web server. The *.jsp pages get redirected to Tomcat, but the static resources are served by Apache. (This was set up nigh on 15 years ago when, rightly or wrongly, there was performance considerations with having Tomcat serve all of the content.)
The next thing I tried was short-circuiting Apache and redirecting all requests to Tomcat. I did this with a RewriteRule:
RewriteEngine On
RewriteRule ^/(.*)$ ajp://localhost:8009/$1 [P]
That definitely helped. The initial installation page loaded correctly (including all relative links, CSS, and images). The first "Continue" button took me to the installation confirmation page, where everything looked correct.
Then it died again. When I clicked the "Install" button, I just got an "/error.html not found" error. Thinking about that later, I suspect that's an Apache configuration error. Nonetheless, something was still going wrong.
So I bypassed Apache and tried again. I enabled Tomcat's port 8080 service and ran the install at http://jforum2.test.com:8080/ and everything worked! The install pages loaded, ran, the database got created, and the forum pages appeared. Even better, I went back to the Apache site at http://jforum2.test.com/ and that seemed to be working too.
So now I have a working JForum2 installation, I need to work on two more things:
Start working on getting the user sign-in to use my customer database
Wipe this installation and try migrating my existing JForum (2.1.6) to JForum2
So how do I zap the installation I have now and start over? Can I simply drop the database and create an empty one?
Or can I do both at the same time by dropping the newly created database, copying the old database into the new one, and then running the various upgrade scripts?
|
|
|
Sorry if I didn't explain the problem clearly.
Safari isn't mangling the URL. The initial URL ( http://jforum2.test.com/) loads index.jsp, which discovers it isn't installed and redirects to install.jsp, which redirects to http://jforum2.test.com/install/install.page?module=install&action=welcome.
That works just fine. But the page generated by install.page has a link in the <form> tag—using ${JForumContext.encodeURL("/install/install")})—that results in an invalid URL:
<form action="//install/install.page" name="install" method="post" onsubmit="return validateForm();">
...
Also note there are other invalid URLs in the page, most notably the CSS reference, undoubtedly generated the same way:
<link rel="stylesheet" href="//templates/default/styles/style.css" type="text/css" />
So once I fill in all of the install parameters and click "Next Step" it goes nowhere. I seems like JForum can't figure out where it's running (URL-wise).
|
|
|
OK, I think I made some progress.
I'm not sure why the app didn't auto-deploy, but I'm sure it's due to my crusty Tomcat installation, which I've been randomly hacking at for almost 10 years.
Anyway, I set up a new virtual site in Apache and Tomcat (<Host name="jforum2.test.com" appBase="/Users/test/Sites/forum_sandbox") and deployed the web app as the root web app (<Context path="/" docBase="." ...)
So now the index.jsp loads and asks for the JForum2 installation details. I filled out everything, but the Next Step button link fails with the error "Safari can't open the page 'install/install.page' because Safari can't find the server 'install'"
I looked that the install.jsp page source, and the link is, indeed, "//install/install.page", which make me think that this expects to run in a subdirectory?
Maybe the manual installation is the way to go?
Update: I'll also note that to get JForum 2.1 to run in Apache I had to add a rewrite (RewriteRule ^/(.+\.page)$ ajp://localhost:8009/$1) so that *.page requests get shuttled directly to Tomcat. I'm wondering now if that could be a problem too.
Update 2: I'm pretty sure the *.page requests are working. I tried loading <http://jforum2.test.com/install/install.page> and got a NullPointer error, probably because none of the parameters were included. I took a peek at templates/default/install.htm and it appears the culprit (and by "culprit" I mean it's not returning a usable value) is
${JForumContext.encodeURL("/install/install")}
|
|
|
Thanks, the catalina.out file helped. I don't see any startup errors (still looking), but I did found this in the log just before this error:
SEVERE: Servlet.service() for servlet [jsp_recall] in context with path [/] threw exception [Unable to compile class for JSP:
The servlet should be "jforums" and the context should be "/forums" not "/"; the JForums2 JSP page is loading in the context of my root servlet. So I do have a deployment problem. I'll follow that lead and see where it gets me.
|
|
|
udittmer wrote:Check that inside the WEB-INF/lib directory is a file called "jforum-2.5.jar", and that it is readable by executing "jar -tf jforum-2.5.jar" from the command line.
There's a file named "jforum-2.5.0.jar" in the WEB-INF/lib directory, it's readable (by everyone), and the command
jar -tf jforum-2.5.0.jar
lists all of the classes, including net/jforum/util/preferences/SystemGlobals.class.
It is possible I've messed up something in the Tomcat configuration that's preventing it from seeing these classes?
|
|
|
Greetings,
I've been running JForumj 2.1.8 for quite some time now without any difficulty. I'm in the process of revamping my websites and wanted to upgrade to 2.5.0 (mostly because of problems dealing with spammers).
My current forum runs in its own domain, but the new one I plan to run in a subdirectory of a secure (SSL) site. Here's what I've done so far:
Set the autoDeploy="true" of the top-level context of my Tomcat site
Created a subdirectory "forums"
Copied and unpacked the jforums-2.5.0.war file into the subdirectory (delete the .war file after unpacking)
Verified that all of the required subdirectories (upload, tmp, ...) are writable by the web server.
Verified that my Java is (relatively) up-to-date: Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Loaded the URL https:secure.test.com/forums/
But here's what I got:
type Exception report
message Unable to compile class for JSP:
description The server encountered an internal error that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 4 in the jsp file: /forums/index.jsp
SystemGlobals cannot be resolved
1: <%@page import="net.jforum.util.preferences.*" %>
2: <%@page import="java.io.File" %>
3: <%
4: String cfg = SystemGlobals.getValue(ConfigKeys.INSTALLATION_CONFIG);
5: String redirect = "forums/list.page";
6:
7: if (cfg == null || !(new File(cfg).exists()) || !SystemGlobals.getBoolValue(ConfigKeys.INSTALLED)) {
An error occurred at line: 4 in the jsp file: /forums/index.jsp
ConfigKeys.INSTALLATION_CONFIG cannot be resolved to a type
1: <%@page import="net.jforum.util.preferences.*" %>
2: <%@page import="java.io.File" %>
3: <%
4: String cfg = SystemGlobals.getValue(ConfigKeys.INSTALLATION_CONFIG);
5: String redirect = "forums/list.page";
6:
7: if (cfg == null || !(new File(cfg).exists()) || !SystemGlobals.getBoolValue(ConfigKeys.INSTALLED)) {
An error occurred at line: 7 in the jsp file: /forums/index.jsp
SystemGlobals cannot be resolved
4: String cfg = SystemGlobals.getValue(ConfigKeys.INSTALLATION_CONFIG);
5: String redirect = "forums/list.page";
6:
7: if (cfg == null || !(new File(cfg).exists()) || !SystemGlobals.getBoolValue(ConfigKeys.INSTALLED)) {
8: redirect = "install.jsp";
9: }
10: response.setStatus(301);
An error occurred at line: 7 in the jsp file: /forums/index.jsp
ConfigKeys.INSTALLED cannot be resolved to a type
4: String cfg = SystemGlobals.getValue(ConfigKeys.INSTALLATION_CONFIG);
5: String redirect = "forums/list.page";
6:
7: if (cfg == null || !(new File(cfg).exists()) || !SystemGlobals.getBoolValue(ConfigKeys.INSTALLED)) {
8: redirect = "install.jsp";
9: }
10: response.setStatus(301);
Stacktrace:
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:103)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:366)
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:468)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:378)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
So it looks like the JSP page doesn't understand the SystemGlobals class. Does this mean my web app wasn't deployed, or is this a Java/Tomcat/Apache problem? (I vaguely remember having problems with 2.1.8 finding classes ... and I can't remember what I did to fix it.)
Any suggestions?
|
|
|
|
|