YAFLogo

squirrel

PM
avatar

  • Joined: Thursday, 14 January 2010
  • Last Visit: a year ago
  • Forum Rank: YAF Leader
  • Birthday Thursday, 1 January 1903
  • Number of Posts: 944 [2.51% of all post / 0.18 posts per day]
  • Thanks Given: 249
  • Thanks Received: 165
  • Thanked Posts: 157
  • Community Reputation Received:
    100% (Exalted)
  • Medals:
    • Medal of Honor for the Support King: A huge help to the YAF.NET community!
    • YAF.NET Supporter: Supports the YAF.NET project with a contribution.
    • YAF.NET Purple Supporter: Purple heart for being an Asset to the YAF.NET Community.
    • YAF.NET Supporter: Loves YAF.NET!
    • YAF.NET Supporter: Supports our efforts. Thank you.
Last 10 Posts
View All Posts by User
Contributed a small patch regarding this issue, after upgrading to latest code from the bug fixes.

After testing, it seems to be behaving on our own forums for handling IPv6 output to the forum pages for admins/moderators where IPv4 addresses were previously shown even if user connected via IPv6.  Additionally, some issues were noted where IPv4 address returned from IPHelper was the server's own IP address instead of the client address.

Hope it is useful -- thank you again for your continued work on this project!

https://github.com/YAFNET/YAFNET/pull/639 

Screenshot of the YAF logged error RE: IPv6 and the guest user association and issues relating --

 image.png You have insufficient rights to see the content.

YAF has come a LONG WAY since our last upgrade on one of our oldest forums. Very thankful here for all the work that has gone into it -- and hate to have first post in some time be notations of potential issues - but I know you need the info to address:

First issue - when sending lost password request (behavior can be reproduced here with Firefox browser) - after sending email request, Back button on form showing "mail sent" links to page validation failure (this screenshot from YAF) - behavior exhibits on our own forums as well:

 image.png You have insufficient rights to see the content.

Second issue - not as important but still ODD and may require attention: A user account is for some reason associated with GoogleBot and Guest IP addresses in system - and in event log, same user account causes tons of IPv6 validation errors. User is NOT banned --

 image.png You have insufficient rights to see the content.

Other than those two quirks so far - and some theming fixes I'm going to submit, I wanted to take moment again to thank all involved in the development and furthering of YAF -- I've got a lot of time under my belt with Bootstrap 3/4 and may have some things to offer - so going to try to step back up and give back more to YAF - it has been a huge factor in our forums staying online for the last 10 years, and I'm sure we'll be relying on it for many years more!

It's been a LONG time since I've been to the YAF forums - but we're due for an upgrade, and have had an old problem rear it's head again.

In the past, this wasn't an option - but does YAF now have a feature/function where admins can enter in a list of email address top-level domains that can be blacklisted on registration?

I would hope it would be a simple feature, if it doesn't exist - and if not, am willing to put some time into it although I'm nowhere near the seasoned .NET developer that this team already has - but it's worth it to me to contribute where I can if this feature can be added. Currently, I'm being hit with almost 100 spam registrations a day. They're getting around the new-user security and have the ability to post in forums that their accounts have not been approved for. We've audited our security and logs and can't find anywhere where an admin is logging in after the account is created and approving them for "regular membership".

Currently, they register and have access to only one forum for new members - from there, we would "approve" an account that allows post access to all other forums on the site. Somehow, they're getting registered and approved for full membership without interaction from our admins or moderators, and access logs verify this. I'm not sure what analysis we can provide to find out where the weakness is. Either way, we need to find a way to stop them at the gate, and even reCaptcha isn't slowing them down at all anymore...

Any advice?

I'll zip up the one I use currently. I have to change a couple of strings back in the english language file -- we use "Likes" instead of "Thanks", and we have "Next Topic/Previous Topic" links at the bottom of the posts.ascx page -- otherwise, it's a 100% bone-stock YAF - so I'll clean those up and Zip it up for you --
So far in our testing on two sites, this issue has been resolved in the source tree in GIT. I am running two source-built YAF sites from that revision in GIT and they so far have stabilized on that issue.

I will look to see what revision I have and post it here. Additionally, if you need a built copy of that version, I can zip one up for you. It is a beta, and by all technical definitions, not for production servers, BUT - I've run beta versions of YAF for about 4 years now and when you get the right revision from GIT, they are perfect to run on --

It sounds like when you are 'logging in your user in YAF, roles are logged in with that user, but when the user has a statistics update, or logs out, those roles aren't being re-transferred back to the role-manager storage and recorded/updated with any changes?

Yes, I misunderstood -- currently, it's not implemented - such as a format like microsoft's forums use (or stackoverflow, persay) -- there is the ability to set a topic 'status' or type, but not to 'answer' questions as of yet. I believe it's on the roadmap but I could be wrong.
I am interested in this as a possible extension or plugin that could be added to the task scheduler of YAF or something along those lines --

Somewhere here in the forums, it's been documented what methods are called inside YAF's code to register a user outside of YAF -- maybe through that would lead to the procedures called, or maybe utilizing YAF's classes to accomplish what you need via parameters in your code, etc. Hope it helps 🙂 Might try the Integration forums --