Public Pastes
BitBucket - Backup your code in the cloud! Host unlimited private projects, for free. SIGN UP takes 10 seconds, and it's free!
SHARE
TWEET

Tinyboard issues

a guest Jan 31st, 2016 7 Never
  1. 10:20:15    ~copypaste  dusty: gives me an ieda for a new spam filter
  2. 10:20:22    ~copypaste  one that processes URLs only. We have a few spam filters
  3. 10:20:46    ~copypaste  I'll make one that attaches to markup_urls and rejects posts with urls whose domains contain things like "viagra", "cialias", "gucci", "vuitton"
  4. 10:20:52    ~copypaste  that will stop a lot of it.
  5. 10:21:19    dusty   hthat's a great idea!
  6. 10:21:45    dusty   is there a hidden field that, if you fill it in - the post is rejected?
  7. 10:21:50    dusty   i've heard that can catch a bit of spam
  8. 10:21:57    ~copypaste  yes there is.
  9. 10:22:13    ~copypaste  next version will have proper CSRF too. that requires an all page rebuild tho.
  10. 10:22:23    ~copypaste  currently there's tinyboard's antispam system, but that's -shit-.
  11. 10:22:31    ~copypaste  so i will be rewriting it. it's disabled right now
  12. 10:22:35    ~copypaste  that's how bad it is. it doesn't even work lol
  13. 10:22:39    ~copypaste  rejects posts randomly.
  14. 10:22:42    @linear     lmao
  15. 10:22:49    @linear     "An anti-spam system so advanced that it doens't stop spam"
  16. 10:23:05    ~copypaste  well it was made to be complicated
  17. 10:23:08    ~copypaste  "complicated"
  18. 10:23:12    ~copypaste  STI never heard of Mechanize
  19. 10:23:17    ~copypaste  so really what it is is very hard to debug
  20. 10:23:22    ~copypaste  while very easy for attackers to avoid anyway
  21. 10:23:26    __uguu__    mechanize is awesome
  22. 10:23:26    ~copypaste  Just ask Bui he knows
  23. 10:23:39    ~copypaste  So I will change to just simple CSRF.
  24. 10:23:56    ~copypaste  Like just a hash is all you need. secret_salt + thread id + board name
  25. 10:24:00    ~copypaste  That's all you need.
  26. 10:24:26    ~copypaste  if you don't believe me that it's bad, look at this file
  27. 10:24:33    ~copypaste  https://github.com/ctrlcctrlv/infinity/blob/master/inc/anti-bot.php
  28. 10:24:37    Bui     csrf? but how will you handle multiple people using one hash? like tinyboard does?
  29. 10:24:38    ~copypaste  this is unchanged from Tinyboard
  30. 10:24:43    ~copypaste  it has a function called "make_confusing"
  31. 10:24:49    dusty   doesn't CSRF block caching?
  32. 10:24:59    ~copypaste  this is my favorite
  33. 10:25:00    ~copypaste  > global $config, $purged_old_antispam;
  34. 10:25:02    @linear     lmao
  35. 10:25:04    ~copypaste  >global $purged_old_antispam;
  36. 10:25:07    ~copypaste  that's used nowhere else btw.
  37. 10:25:17    __uguu__    oh balls tinyboards "antispam"
  38. 10:25:20    __uguu__    i hate that shit
  39. 10:25:26    ~copypaste  it doesn't even work lol.
  40. 10:25:35    ~copypaste  it rejects random posts due to a bug czaks and i cannot figure out.
  41. 10:25:39    __uguu__    it's the bane of my existence back when i ran a tinyboard instance on tor
  42. 10:25:40    ~copypaste  it just sometimes rejects valid hashes.
  43. 10:25:44    __uguu__    it simply did NOT work
  44. 10:25:45    ~copypaste  yeah it sucks
  45. 10:25:47    ~copypaste  it doesn't.
  46. 10:25:52    ~copypaste  i disabled it on 8chan months ago.
  47. 10:26:05    ~copypaste  make
  48. 10:26:06    ~copypaste  confusing
  49. 10:26:07    ~copypaste  :^)
  50. 10:26:09    __uguu__    so that's why the site is so awesome
  51. 10:26:22    __uguu__    no tinyboard spam filter
  52. 10:26:25    ~copypaste  Bui: just new simple hash. like i said, the same thread will always have same hash
  53. 10:26:34    ~copypaste  it's just to stop random viagra bots.
  54. 10:26:38    Bui     oh ok
  55. 10:26:42    ~copypaste  thinking you can stop people writing scripts is stupid.
  56. 10:26:47    ~copypaste  like STI tier stupid.
  57. 10:26:53    Bui     what about board indexes though
  58. 10:27:01    Bui     /new threads
  59. 10:27:22    ~copypaste  that's a bit more challenging.
  60. 10:27:38    ~copypaste  that might have to use a DB.
  61. 10:27:44    __uguu__    you could always rebase the site on top of overchan :^3
  62. 10:27:55    ~copypaste  __uguu__: we have something called tinyboard-boardlink
  63. 10:27:57    ~copypaste  actually
  64. 10:28:00    ~copypaste  i was just thinking about it.
  65. 10:28:04    ~copypaste  we used to use it with /int/
  66. 10:28:08    ~copypaste  it syncs over HTTP though, not NNTP.
  67. 10:28:13    ~copypaste  two chan owners share passwords.
  68. 10:28:14    __uguu__    interdastin
  69. 10:28:19    ~copypaste  it's already done. i could open it right now
  70. 10:28:21    ~copypaste  lol
  71. 10:28:26    __uguu__    do eeet
  72. 10:28:34    ~copypaste  it's not as good as an NNTP solution though, but all i'd need to do is write a sync function
  73. 10:28:39    ~copypaste  because right now all it does is sync new posts
  74. 10:28:44    ~copypaste  all it needs is a "dump all posts you know"
  75. 10:28:52    ~copypaste  and boom, we have an overchan clone.
  76. 10:28:56    ~copypaste  (except not NNTP)
  77. 10:29:09    __uguu__    it'd suck because of http
  78. 10:29:13    ~copypaste  yeah.
  79. 10:29:19    __uguu__    it'd get bottlenecked really fast
  80. 10:29:33    ~copypaste  but now that i think about it
  81. 10:29:49    ~copypaste  what if we just use the existing codebase as the frontend and rework tinyboard-boardliink to interface with NNTP?
  82. 10:29:51    ~copypaste  :3
  83. 10:29:55    __uguu__    yes
  84. 10:29:57    __uguu__    YES
  85. 10:30:07    *   __uguu__ jizzes a little
  86. 10:30:12    ~copypaste  https://github.com/vichan-devel/Tinyboard-BoardLink
  87. 10:30:16    ~copypaste  you can see how it works here. it's very simple.
  88. 10:30:18    ~copypaste  i've used it before
  89. 10:30:23    ~copypaste  i helped czaks write it actually lol.
  90. 10:30:55    __uguu__    idea: use that + nntpd
  91. 10:30:57    ~copypaste  all we'd need to do is use NNTP for sync instead of HTTP.
  92. 10:30:59    ~copypaste  yup
  93. 10:31:08    ~copypaste  and you could use inifnity as an overchan frontend.
  94. 10:31:10    __uguu__    oh that's what you are saying
  95. 10:31:11    ~copypaste  with no problems.
  96. 10:31:12    ~copypaste  yes
  97. 10:31:49    __uguu__    so as long as it interfaces with vichan it's gud right?
  98. 10:31:56    ~copypaste  Yes.
  99. 10:32:02    __uguu__    oh that's easy
  100. 10:32:03    ~copypaste  vichan support is an important goal of the project.
  101. 10:32:17    ~copypaste  pm
  102. 10:32:34    __uguu__    i could implement a little shim between vichan and srnd
  103. 10:33:46    __uguu__    hmmm otr fuckery
RAW Paste Data
Top