Apostrophes are double encoded as entities and at least
dozens of my posts are affected, but surely others, too:
AmigoJack wrote: Mon Feb 06, 2023 11:02 amit's
Most likely the earlier phpBB version incorrectly saved that. This could be "easily" solved by testing these queries to see the potential outcome, and then actually commit them onto the database (assuming you run MariaDB or MySQL):
Code: Select all
UPDATE phpbb_posts SET post_text= replace( post_text, ''', ''' ) WHERE post_text LIKE '%'%';
UPDATE phpbb_posts SET post_subject= replace( post_subject, ''', ''' ) WHERE post_subject LIKE '%'%';
UPDATE phpbb_privmsgs SET message_text= replace( message_text, ''', ''' ) WHERE message_text LIKE '%'%';
UPDATE phpbb_privmsgs SET message_subject= replace( message_subject, ''', ''' ) WHERE message_subject LIKE '%'%';
UPDATE phpbb_topics SET topic_title= replace( topic_title, ''', ''' ) WHERE topic_title LIKE '%'%';
UPDATE phpbb_users SET username= replace( username, ''', ''' ) WHERE username LIKE '%'%';
UPDATE phpbb_users SET user_sig= replace( user_sig, ''', ''' ) WHERE user_sig LIKE '%'%';
UPDATE phpbb_users SET user_from= replace( user_from, ''', ''' ) WHERE user_from LIKE '%'%';
Maybe other entities are double encoded, too.
The user profile's location is improperly encoded - I've tried to find the most common mistakes that should be corrected. Make sure you copy/paste these queries, since the search text for the replacement
í has an invisible character after
à (and replacing
à alone would be fatal - in doubt, don't run that one last query):
Code: Select all
UPDATE phpbb_users SET user_from= replace( user_from, 'ü', 'ü' ) WHERE user_from LIKE '%ü%';
UPDATE phpbb_users SET user_from= replace( user_from, 'ê', 'ê' ) WHERE user_from LIKE '%ê%';
UPDATE phpbb_users SET user_from= replace( user_from, 'é', 'é' ) WHERE user_from LIKE '%é%';
UPDATE phpbb_users SET user_from= replace( user_from, 'è', 'è' ) WHERE user_from LIKE '%è%';
UPDATE phpbb_users SET user_from= replace( user_from, 'ú', 'ú' ) WHERE user_from LIKE '%ú%';
UPDATE phpbb_users SET user_from= replace( user_from, 'ã', 'ã' ) WHERE user_from LIKE '%ã%';
UPDATE phpbb_users SET user_from= replace( user_from, 'Ã', 'í' ) WHERE user_from LIKE '%í%';
Furthermore since you're now able to
list all members with its details you want to delete a couple of accounts that solely registered to have a link here. They should be easily spotted as per:
Code: Select all
SELECT user_type, username, user_website, from_unixtime( user_regdate ) AS joined, from_unixtime( user_lastvisit ) AS lastvisit
FROM phpbb_users
WHERE user_website LIKE 'http%'
AND user_posts= 0
AND user_type<> 2;
Make sure to activate the "Q&A registration challenge" to prevent bots from auto-registering. Sadly the informative post on that issue is buried in the official board:
https://www.phpbb.com/community/viewtopic.php?p=14423631#p14423631 wrote:
Recent updates to common spamming software have led to severe shortcomings in the stock, image-based CAPTCHAs.
This topic discusses common methods for spam prevention. For a brief overview of what spam is, see our
spam FAQ.
Stopping Spam - Techniques and Strategies
- Effective Solutions
At this time, the below solutions seem to be most effective when fighting spambots.
- Q&A CAPTCHA
At this time, the Q&A CAPTCHA plugin seems to be the most effective single solution against spambots (and some human spammers). For this technique to be effective, you must use simple but non-obvious question and answer combinations. For instance, "Who do you see in the mirror?" is an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace.
One type of question that appears effective is of the type"
What are the first three letters in the name (or URL) of this Board?
Also very effective are questions of the type:
Q: What are the first three and last three characters of this board's URL ?
A: phpity
Q: Grass is to lawn as __________ is to forest.
A: tree
Or:
Q:Forest is to lawn as grass is to ______________.
A: trees
To enable the Q&A CAPTCHA, browse to Spambot countermeasures on the General tab of the Administration Control Panel (ACP), then select "Q&A" under "Installed Plugins". Select "Configure", setup your question and answer pairs, then submit the forum. Notice you may need separate Q&As for each language you use.
- Newly Registered Users Group - phpBB 3 also sees the introduction of the "Newly Registered Users" group. This feature, which may be enabled via the User Registration Settings page of the Administration Control Panel (ACP), allows the administrator to define a minimum post count; if a user is below this limit they will be a member of the Newly Registered Users group. Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums. The user is automatically removed from the group when they reach the defined post amount. Be aware that this feature is not retroactive -- users who registered prior to a board's upgrade to phpBB 3.0.6 will not be placed in the Newly Registered Users group, regardless of their post count.
- Other Solutions
- Custom Profile Fields - There is an article in the Knowledge Base detailing utilising Custom Profile Fields as a spam deterrent. This seems to be effective against most bots.
- Admin Activation - This is not practical on most boards, but is an excellent option on smaller, less-trafficked boards. Many spam registrations utilise Gmail addresses or .cn domains, and use a seemingly random combination of letters and numbers for their username.
- Broken Visual CAPTCHA Plugins
These CAPTCHAs are included in the stock install but have been broken by spambots. They are ineffective and should not be used.
- CAPTCHA Without GD
- GD 3D CAPTCHA
- reCAPTCHA
- GD CAPTCHA
Rule of thumb for choosing a question is: if Google doesn't have the answer to it, it's a good one. And only use one, not multiple question/answer pairs.