Page 1 of 2 12 LastLast
Results 1 to 25 of 36
  1. #1
    IC Weiner Lightly_Toasted's Avatar

    Join Date
    Dec 2010
    Posts
    3,694
    Thumbs Up/Down
    Received: 542/2
    Given: 358/1
    Rep Power
    17


    2 Not allowed! Not allowed!

    Default New secure site is up and running

    As the title states, you can use https on the forum now. The new secure TY addy is https://www.treatingyourself.org/vbulletin/

    Be sure to update your bookmarks! I will soon setup the .com to redirect to the .org automatically.

    Another great upgrade to the forums! Enjoy

    Sidenote, don't forget to clear your browser cache if you are having issues...

    LT
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	TY Secure.jpg 
Views:	34 
Size:	271.1 KB 
ID:	55877  
    Last edited by Lightly_Toasted; 10-10-2013 at 12:07 PM.

  2. #2
    Seedling Collie Doctor Mon's Avatar

    Join Date
    Sep 2012
    Location
    A concrete jungle in Canada - turn left at the lights
    Posts
    397
    Thumbs Up/Down
    Received: 72/1
    Given: 374/2
    Rep Power
    10

    0 Not allowed! Not allowed!

    Cool

    LT,

    Thanks for making this forum more secure for posting messages, images, etc.!
    Get up, stand up, stand up for your rights
    Get up, stand up, don't give up the fight


  3. #3
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Good show lightly_toasted, but that's only good for protecting the usernames and passwords of members who sign in (or log in).

    Nevertheless, some experienced hackers already hacked (and still hack) the usernames and passwords of members who log in sites using https - as it happened on some social groups and other places before.

    As for a more secure board, I see that you actually have 229 users online and 10 members.

    Are most of your guests human or automated search and bot engines?...like some copying and doing snapshots of your posts.

    Under your Spam-O-Matic Statistics, I can actually read that there are 385 Spammers Denied Registration and 59 Spammy Posts Automatically Moderated.

    These issues are common to ALL others who use vBulletin board versions that I visited, but if you could get rid of ALL those pesky privacy invading bots, it would be a big plus for the TY Forums and it's members.

    I also noticed that your board has a Google Analytics tracking cookie, and that's bad news for the privacy of your members.

    So if you could get rid of the Google Analytics cookie on TY, it would be an other big plus!

    Bravo for ALL your efforts in trying to make the TY Forums a better place to be.

    Marc





  4. #4
    IC Weiner Lightly_Toasted's Avatar

    Join Date
    Dec 2010
    Posts
    3,694
    Thumbs Up/Down
    Received: 542/2
    Given: 358/1
    Rep Power
    17


    1 Not allowed! Not allowed!

    Default

    Quote Originally Posted by medpot View Post
    Good show lightly_toasted, but that's only good for protecting the usernames and passwords of members who sign in (or log in).

    Nevertheless, some experienced hackers already hacked (and still hack) the usernames and passwords of members who log in sites using https - as it happened on some social groups and other places before.

    As for a more secure board, I see that you actually have 229 users online and 10 members.

    Are most of your guests human or automated search and bot engines?...like some copying and doing snapshots of your posts.

    Under your Spam-O-Matic Statistics, I can actually read that there are 385 Spammers Denied Registration and 59 Spammy Posts Automatically Moderated.

    These issues are common to ALL others who use vBulletin board versions that I visited, but if you could get rid of ALL those pesky privacy invading bots, it would be a big plus for the TY Forums and it's members.

    I also noticed that your board has a Google Analytics tracking cookie, and that's bad news for the privacy of your members.

    So if you could get rid of the Google Analytics cookie on TY, it would be an other big plus!

    Bravo for ALL your efforts in trying to make the TY Forums a better place to be.

    Marc
    The bots are a difficult one to tackle. Many don't follow the robots .txt file. There are only a handful of them that are for search engines. The rest is bots and humans.

    The spam o matic plugin seems to be very effective in weeding out a lot of the spammer signups.

    As far as the google analytics, I was using it to see how much visits the site was getting. I can do away with it anytime.

    I am slowly picking away at things to make the site much better!

    LT

  5. #5
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by lightly_toasted View Post
    The bots are a difficult one to tackle. Many don't follow the robots .txt file. There are only a handful of them that are for search engines. The rest is bots and humans.

    The spam o matic plugin seems to be very effective in weeding out a lot of the spammer signups.

    As far as the google analytics, I was using it to see how much visits the site was getting. I can do away with it anytime.

    I am slowly picking away at things to make the site much better!

    LT
    I noticed that most (such as GoogleBot, MSNbot, Yahoo! Slurp, Bingbot, Facebook Bot and Baidu Spider) do follow the robots.txt protocols, but for those who don't, the first 2 or 3 parts of their dedicated IP numbers can be banned manually with some htaccess deny files installed on your server.

    This is what I have done on the MedPot.net Forums, and between 95% to 98% of our guests are humans only.

    Besides having an excellent 'challenge question' and using KeyCaptcha for new registrants, we also have a great Spam service that detects the IP numbers and email addresses of all automated bots trying to register, and none can go through.

    Our guests can also post replies by using the easy KeyCaptcha option, but just in case a human spammer tries to go through, these posts are moderated, and they remain invisible on our board until approved by myself or one of our moderators.

    By using Google Analytics to find out how many visitors your site is getting, you also share this information with Google, then they share this third party tracking cookie with some advertisers, and they also track the other web pages and websites your members visit.

    Therefore, you should get rid of Google Analytics as soon as possible, and if you don't have a 'Latest Visitors' script and option on your server, you should install one.

    But, it's also possible to transfer the TY Forums to an other board technology that is way more secure and less of a headache...if ever you get tired of the vBulletin board versions.

    Good luck my friend!

    Marc

    Edit: P.S. Thanks for getting rid of the Google Analytics tracking cookie...just noticed it!


  6. #6
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    I forgot to mention your 'User Agent' list which should be in your Admin CP.

    Some of them are good, and some of them are bad.

    The good ones are those which make different cell phone brands compatible for this board.

    The bad ones are search engines like GoogleBot and others, and you should turn these ones 'off' or delete them.

    There are more than enough TY posts which are available on Google for ever, and it represents a serious security and privacy issue for your members.

    So, you don't need GoogleBot and other search engines copying your posts anymore.

    If you also have a 'bot call' option, turn it off too.

    Peace LT

    Marc


    Last edited by medpot; 10-14-2013 at 06:29 AM.

  7. #7
    IC Weiner Lightly_Toasted's Avatar

    Join Date
    Dec 2010
    Posts
    3,694
    Thumbs Up/Down
    Received: 542/2
    Given: 358/1
    Rep Power
    17


    0 Not allowed! Not allowed!

    Default

    There are no such settings in the admincp for vbulletin. Everything has to be done at the server level to remove bots... I may also make it to where only certain sections are available without signing in. As it is now, anyone can view the whole forum without registering.

    LT

  8. #8
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by lightly_toasted View Post
    There are no such settings in the admincp for vbulletin. Everything has to be done at the server level to remove bots... I may also make it to where only certain sections are available without signing in. As it is now, anyone can view the whole forum without registering.

    LT
    Then, you may take a look at the following: Ban Spiders by User Agent - scroll at the top of the page.

    Marc

  9. #9
    IC Weiner Lightly_Toasted's Avatar

    Join Date
    Dec 2010
    Posts
    3,694
    Thumbs Up/Down
    Received: 542/2
    Given: 358/1
    Rep Power
    17


    0 Not allowed! Not allowed!

    Default

    I have seen it but have not tried it since it was originally designed for 3.8 vb.

    Sent from my LG-VM670 using Tapatalk 2

  10. #10
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    1 Not allowed! Not allowed!

    Default

    Quote Originally Posted by lightly_toasted View Post
    I have seen it but have not tried it since it was originally designed for 3.8 vb.

    Sent from my LG-VM670 using Tapatalk 2
    Under the bad bots Lists, it states the following in red:

    Tested on vb3.7.x, vB3.8.x , vB4.x.x but should work on any version.


    Marc

  11. #11
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Seems like you did something LT, as there are about 3 times less automated guests than usual!

    The rest of unwanted automated guests can always be blocked with an htaccess deny file.

    If you don't have one, I can help you out and PM you a sample.

    Peace,

    Marc




  12. #12
    IC Weiner Lightly_Toasted's Avatar

    Join Date
    Dec 2010
    Posts
    3,694
    Thumbs Up/Down
    Received: 542/2
    Given: 358/1
    Rep Power
    17


    0 Not allowed! Not allowed!

    Default

    I have already reworked the .htaccess, I will add another rule and we will see.

    LT

  13. #13
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by lightly_toasted View Post
    I have already reworked the .htaccess, I will add another rule and we will see.

    LT
    Great to know LT!

    Have you downloaded the 'Ban Spiders by User Agent' program too?

    It's suppose to be compatible with your vBulletin board version.

    It would also be a good thing to download the most updated robots.txt script as well.

    As for your htaccess.deny file, I could give you a copy of mine if you wish so.

    Have a good day LT!

    Marc



  14. #14
    Shadinated groo's Avatar

    Join Date
    Apr 2013
    Location
    Saskatchewan
    Posts
    5,819
    Thumbs Up/Down
    Received: 538/2
    Given: 315/0
    Rep Power
    17

    0 Not allowed! Not allowed!

    Default

    Apparently you need to remove a vBulletin install folder to protect yourself from hackers as well -- if you haven't been hacked already.

    http://it.slashdot.org/story/13/10/1...-week-old-hole
    I do not fail -- I succeed at finding out what does not work.

  15. #15
    IC Weiner Lightly_Toasted's Avatar

    Join Date
    Dec 2010
    Posts
    3,694
    Thumbs Up/Down
    Received: 542/2
    Given: 358/1
    Rep Power
    17


    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by medpot View Post


    Great to know LT!

    Have you downloaded the 'Ban Spiders by User Agent' program too?

    It's suppose to be compatible with your vBulletin board version.

    It would also be a good thing to download the most updated robots.txt script as well.

    As for your htaccess.deny file, I could give you a copy of mine if you wish so.

    Have a good day LT!

    Marc
    I have, only after I read that it had been tested on vb 4.2.1. Seems to make little difference over the rules I set in .htaccess.

    Quote Originally Posted by groo View Post
    Apparently you need to remove a vBulletin install folder to protect yourself from hackers as well -- if you haven't been hacked already.

    http://it.slashdot.org/story/13/10/1...-week-old-hole
    That is always removed post install/upgrade, you cannot access the admincp without removing it.

    LT

  16. #16
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by lightly_toasted View Post
    I have, only after I read that it had been tested on vb 4.2.1. Seems to make little difference over the rules I set in .htaccess.

    LT
    Are your .htaccess rules starting and finishing similar to these ones?...except for medpot.net:

    <files "*.*">



    </files>
    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^/?$ http://www.medpot.net/forums/index.php [R=301,L]

    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^index.html$ http://www.medpot.net/forums/index.php [R=301,L]

    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^forums/?$ http://www.medpot.net/forums/index.php [R=301,L]

    -----------------------------

    If your .htaccess rules start and finish like these ones above, then right under <files "*.*"> you add 'deny from' and then either the first 2 or 3 sequences of dedicated IP numbers used by these automated bots.

    As an example, this is how I .htaccess deny everything that has to do with Google and it's automated bots on the MedPot.net Forums:

    <files "*.*">

    deny from 66.249.64
    deny from 66.249.66
    deny from 66.249.67
    deny from 66.249.71
    deny from 66.249.72
    deny from 66.249.73
    deny from 66.249.74
    deny from 66.249.75
    deny from 66.249.76
    deny from 66.249.82
    deny from 66.249.85

    </files>
    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^/?$ http://www.medpot.net/forums/index.php [R=301,L]

    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^index.html$ http://www.medpot.net/forums/index.php [R=301,L]

    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^forums/?$ http://www.medpot.net/forums/index.php [R=301,L]

    ----------------------------

    The following above totally blocks anything that has to do with Google and it's bots on our board, but I also have a list of many more IP's to block most other search engines and bad bots (hundreds of them) - especially those who don't respect the robots.txt protocols or are not part of the most recent list yet.

    Peace,

    Marc



    Last edited by medpot; 10-16-2013 at 08:34 PM.

  17. #17
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    1 Not allowed! Not allowed!

    Thumbs up Congrats!

    Congratulations LT, as the TreatingYourself.org Forums posts don't show up on Google and other search engines anymore, so that's a very good thing!

    I'm also recommending the following;

    For your 'Currently Active Users' list, even if your guests are not displayed, it would reduce your server load if you would set the list's refresh rate at every 5 or 10 minutes instead of 30 minutes (or more) like it always has been.

    You would also have a more accurate count for both your members and guests.

    Question:

    Is Marco Renda still the owner of this board?

    We don't hear from him anymore on this board..so I was wondering.

    Marc



  18. #18
    IC Weiner Lightly_Toasted's Avatar

    Join Date
    Dec 2010
    Posts
    3,694
    Thumbs Up/Down
    Received: 542/2
    Given: 358/1
    Rep Power
    17


    0 Not allowed! Not allowed!

    Default

    I never changed the refresh for the WOL, that was someone else. I don't see why though knowing it does affect server load as some like to let their puter idle on the page.

    Marco is still the owner, after speaking to him last time I do know his health is in decline. He has decided to eliminate some stress by shutting down a few of his businesses. As far as I know, only the Expo, TY Mag, and Glass Culture Mag are affected. He was undecided about the forums staying or not last we spoke. I did give him the option of taking over operation of the forum if he decided to shut down his server.

    LT

  19. #19
    Shadbot 4.20 Shadimar's Avatar

    Join Date
    May 2006
    Location
    Cannaba
    Posts
    7,766
    Thumbs Up/Down
    Received: 884/0
    Given: 478/1
    Rep Power
    27


    0 Not allowed! Not allowed!

    Default

    I never changed the refresh
    Oh, that was me
    Last edited by Shadimar; 10-21-2013 at 09:06 AM.
    ♪♫♪♫♪♪♫♪
    Ceci n'est pas une signature du forum.
    Thank You for using S.h.a.d.i.m.a.r.: the world's most poorly coded chatbot.
    Substantially Humanlike Application Determined Insufficient Mediocre And Relatively annoying.

  20. #20
    Flowering Member JohnnyMan's Avatar

    Join Date
    Aug 2012
    Location
    Weeding with Weed
    Posts
    2,208
    Thumbs Up/Down
    Received: 367/0
    Given: 254/0
    Rep Power
    13

    1 Not allowed! Not allowed!

    Thumbs up

    Quote Originally Posted by medpot View Post
    Congratulations LT, as the TreatingYourself.org Forums posts don't show up on Google and other search engines anymore, so that's a very good thing!

    I'm also recommending the following;

    For your 'Currently Active Users' list, even if your guests are not displayed, it would reduce your server load if you would set the list's refresh rate at every 5 or 10 minutes instead of 30 minutes (or more) like it always has been.

    You would also have a more accurate count for both your members and guests.

    Question:

    Is Marco Renda still the owner of this board?

    We don't hear from him anymore on this board..so I was wondering.

    Marc


    Thanks for all the suggestions. I'm not part of this web site's Administration but it seems your suggestions have been very helpful.
    I wish it was bong time

    I'm up to 15 strains, and lovin' it:

    1. Black Diamond OG Kush
    2. Cannatonic
    3. Purple Kush
    4
    . Hippie Headband (2 phenotypes but not sure what to label them)
    5. Skunk Berry (both Skunk and Blueberry phenotypes)
    6. LA Confidential
    7. OG Kush
    8. Rockstar
    9. OG Ghost Train x Haze #1
    10. Sunshine Daydream
    11. Temple
    12. Pure Kush X Uzbek Hash
    13. C99
    14. Purps
    15. Rockstar Kush

  21. #21
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by lightly_toasted View Post
    I never changed the refresh for the WOL, that was someone else. I don't see why though knowing it does affect server load as some like to let their puter idle on the page.

    Marco is still the owner, after speaking to him last time I do know his health is in decline. He has decided to eliminate some stress by shutting down a few of his businesses. As far as I know, only the Expo, TY Mag, and Glass Culture Mag are affected. He was undecided about the forums staying or not last we spoke. I did give him the option of taking over operation of the forum if he decided to shut down his server.

    LT
    Yes, I was told by some board experts that by refreshing the 'Currently Active Users' list every 5 or 10 minutes, it's better for the server load and the board's security as well - without going into details.

    Like any other boards and lists, many members only stay logged on this board for 10 minutes or less, but if you want them to stay on your 'Currently Active Users' list for 30 minutes or more, it's your business, but the active member count isn't as accurate and honest (same for visiting guests too), and other members are lead to believe that all other members in the list are still active on this board.

    If you would set your refresh rate at 5 or 10 minutes for this 'Currently Active Users' list, idle logged in members would still be logged in, but they wouldn't appear on the list anymore - hence, less confusing for other members.

    Sorry to hear that Marco's health condition is in decline, and I hope that he will get better soon.

    Too much stress isn't good on anyone's health.

    Peace,

    Marc


  22. #22
    Vegetative Member Rockster's Avatar

    Join Date
    Jun 2009
    Posts
    586
    Thumbs Up/Down
    Received: 8/0
    Given: 0/0
    Rep Power
    13

    0 Not allowed! Not allowed!

    Default

    Sorry to hear Marco is unwell as I'd sent him a pm a while back but got no reply and wondered why?

  23. #23
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by JohnnyMan View Post
    Thanks for all the suggestions. I'm not part of this web site's Administration but it seems your suggestions have been very helpful.
    You're welcome JohnnyMan!

    I have never been an Admin on this board either, but I care.

    And YES, it's evident that my suggestions helped, as this board is now more secure than it ever was!

    THANKS to LT and Shad for caring!

    Marc


  24. #24
    Flowering Member JohnnyMan's Avatar

    Join Date
    Aug 2012
    Location
    Weeding with Weed
    Posts
    2,208
    Thumbs Up/Down
    Received: 367/0
    Given: 254/0
    Rep Power
    13

    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by medpot View Post


    You're welcome JohnnyMan!

    I have never been an Admin on this board either, but I care.

    And YES, it's evident that my suggestions helped, as this board is now more secure than it ever was!

    THANKS to LT and Shad for caring!

    Marc

    I did notice last night that while I was searching for more information on the Hippie Headband strain, my grow report thread's posts was certainly high in the Google hit list.
    I wish it was bong time

    I'm up to 15 strains, and lovin' it:

    1. Black Diamond OG Kush
    2. Cannatonic
    3. Purple Kush
    4
    . Hippie Headband (2 phenotypes but not sure what to label them)
    5. Skunk Berry (both Skunk and Blueberry phenotypes)
    6. LA Confidential
    7. OG Kush
    8. Rockstar
    9. OG Ghost Train x Haze #1
    10. Sunshine Daydream
    11. Temple
    12. Pure Kush X Uzbek Hash
    13. C99
    14. Purps
    15. Rockstar Kush

  25. #25
    Finally Resting In Peace medpot's Avatar

    Join Date
    Mar 2006
    Posts
    2,786
    Thumbs Up/Down
    Received: 28/0
    Given: 5/0
    Rep Power
    19

    0 Not allowed! Not allowed!

    Default

    Quote Originally Posted by JohnnyMan View Post
    I did notice last night that while I was searching for more information on the Hippie Headband strain, my grow report thread's posts was certainly high in the Google hit list.
    All of TY's threads and replies copied by GoogleBot before they were banned on TY will still show up on Google for ever, but new threads started after they were banned will not show up - as I noticed.

    Edit: So if you wish JohnnyMan, you could start a new relevant thread, and it will not show up on Google.

    Marc

    Last edited by medpot; 10-22-2013 at 11:56 AM.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •