Difference between revisions of "PhpBB"
(z) |
|||
Line 152: | Line 152: | ||
=== Download installation file === | === Download installation file === | ||
https://download.phpbb.com/pub/release/ | |||
https://download.phpbb.com/pub/release/3.1/ | |||
https://download.phpbb.com/pub/release/3.2/ | |||
https://download.phpbb.com/pub/release/3.3/ | |||
Download phpBB-3.3.0.zip file from https://www.phpbb.com/downloads/ website. | Download phpBB-3.3.0.zip file from https://www.phpbb.com/downloads/ website. | ||
Line 184: | Line 194: | ||
PHP 7.4 and phpBB 3.3.0 b2 works on [[Daniel's Hosting]]. Download phpBB-3.3.0-b2.zip file from https://download.phpbb.com/pub/release/3.3/unstable/3.3.0-b2/ website. | PHP 7.4 and phpBB 3.3.0 b2 works on [[Daniel's Hosting]]. Download phpBB-3.3.0-b2.zip file from https://download.phpbb.com/pub/release/3.3/unstable/3.3.0-b2/ website. | ||
=== PHP blank page error === | === PHP blank page error === |
Revision as of 13:34, 27 April 2020
Unix | Assembly language | Mathematics | Web development | I2P |
---|---|---|---|---|
GhostBSD | Assembly Programming Tutorial | Statistics | Django for Beginners | MuWire |
GUI | Artificial intelligence | Artificial neural network | Machine learning | Messenger |
Tkinter | Artificial intelligence | Artificial neural network | Machine Learning Mastery with Python | Session |
phpBB is an Internet forum package in the PHP scripting language. The name "phpBB" is an abbreviation of PHP Bulletin Board. Available under the GNU General Public License, phpBB is free and open-source.[1]
Features of phpBB include support for multiple database engines (PostgreSQL, SQLite, MySQL, Oracle Database, Microsoft SQL Server), flat message structure (as opposed to threaded), hierarchical subforums, topic split/merge/lock, user groups, multiple attachments per post, full-text search, plugins and various notification options (e-mail, Jabber instant messaging, ATOM feeds).[2]
How to use phpBB?
Registration
You have to enter your email address. A fake address such as wkej@jlkwr.onion or fjwel@fjwl.com is okay.
The username (ID) length must be between 3 characters and 20 characters. But if you want to use your gpg4usb public key as your signature, your user name should be at least five characters since gpg4usb's "Name" field can be entered at least 5 characters.
Hide your online status
User Control Panel -> Board preferences -> Edit global settings -> Hide my online status
Inserting external images
You can insert external images in your post or reply like below examples.
[img]http://twlba5j7oo5g4kj5.onion/?img=211583652905.jpeg[/img]
[img]http://teenxxxbtl7wsllp.onion/image.php?di=V9U2R[/img]
Change password or email address
User Control Panel -> Profile -> Edit account settings
You can change your password or e-mail address.
Upload avatar image
User Control Panel -> Profile -> Edit avatar
Maximum dimensions; width: 90 pixels, height: 90 pixels, file size: 6.00 KiB.
If you want to use a bigger image or high resolution image as your avatar image, you have to ask the admin to enlarge the website's limit of avatar image.
Insert signature
User Control Panel -> Profile -> Edit signature
This is a block of text that can be added to posts you make. There is a 255 character limit.
If you want to insert your PGP or GPG public key as a signature, the admin has to enlarge the signature size limit. Since the 2,048 bit key usually has 1,700 - 1,800 characters. If you want to use 4,096 bit key, there are more characters than 2,048 bit key. You can make your GPG public key and private key pair by using gpg4usb.
You can insert your GPG public key inside [code] and [/code] like the below 2,048-bit key example.
[code] -----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF5lanYBCAC1mRVAsjiWVXpHViEDUmSw527hoYFS98DMUKgU8feuOz2IpIlq
cVe4BMD/ZvvjrAru3G3tjDFssCRCs7dnUu4j3I7JBLqdrN6HE1BA7pkHrEF2YC21
5l5Z2HDUb3yLRgE8pjCcDggosaIxA0RnxXJ+XpclTohiKveTpE9nST0/VUEW1+vb
GhGqJOVCIpXSzCcebwFGqmOxZvk4FbEa8FZ3kyHwCVapM6yvY0WpxbF9Zp4AfP42
nq11HndKHjx4WB03lh18/Okskdn+AG1yvTOpcLi1Ke8U0+65IQgEcK0N65qihXr0
iAiWQ0ZQeDA3ih7VBN4skFtyZ3GUhCKs1/YnABEBAAG0M25vbmFtZSB1c2VyIChy
YXBlIHlvdXIgZGFkZHkpIDxpb2dqd3dAc2lyZWV3Lm9uaW9uPokBNgQTAQoAIAUC
XmVqdgIbAwULCQgHAwUVCgkICwQWAgEAAh4BAheAAAoJEJ5scrABGCgj/e8H/0Wz
yPQOkMU7jpeeq3NaXWU18S9VwPIMk9JFtCBlPfYpv5YrjLzjzYpYyR8PrX07TzUs
X4AOnsG9Pd8vuKw1D+KiroRNOO+bhur7LRk8K4vFOs5lo8EVkeTauRULR9FnmjTN
iuBVs+svs3yN4iztU1wKMgYSG+aWWWmdls3occbtnkFxEsg6GvGfVIsICuCLTSPo
XAM/P2nIUzZCdqO+12Ke8MQypPEGBKBORuYdrKsa02TSfRQfTakXMbQqUmx4mtdo
f7hRehje8N5KuDb5y3PcaSSF6YaKjobH0o7A/GgOSL0TrKUarByGKc/5N27n8h1f
iQ2MzjpXKt2bmDm8Eam5AQ0EXmVqdgEIALf+/r2p7zVgKK/WHMLgnEz4vF24CQYR
tDQJCwIxogRMd5RpoK225aSIRi/syeyWXCEfKS1S7rLBMBs3iTrVxKBssHAAPo8t
eCJBDwPCnPpe/AfSbk/iBGBOYO6jV3tmLksd1ZscdK1x+L3cWtyBHb8VCLgHW7UX
3pNP9OZ6dVrHwx4gEcWETiT8xrdA5FdsS99fRIejJ5Vz3K3+lY6XH3c1SlS8vK6D
aOuZ8EGSEtYAqtSFcgYb1W/9M24cz0S3ypVOWNa5703rgpyeUTC3cllWQkSO55de
541fJ98p/5BD2kzX6EYSa5ytys5OUrBoJqQYAPxxidaa6nO20ozmGkEAEQEAAYkB
HwQYAQoACQUCXmVqdgIbDAAKCRCebHKwARgoI4s2B/0eOqmYA/2sO3hiG6Hy7c/7
qg94NJLcDX9UB9zBlT4jv/LA+/lk+sa7/yPJNsbf7I5xSp6Y8AmDOSJt0iAhN0cx
q1sBEWngArk7XzzgGJNtAQPPVUlZ0SW9tq/6rt5m8z41gl2PFkvQwd+Lh6ACodsH
FY9AvaizbCmIBRCssEcIFgqHxjYeK4J//4usZTR5DRmdMR+EhcVV50HxUEdY+RL4
DP560nfqZFNamxLiUqy+Tsxpm1QWkaIi3eZHTKx5J2C5z2wblhr8yPE9idgvhsCM
ivY37THHe13JbvMUEDBLeupu3AhvXepruf8RSf6rTM+SfcKJgSp/EBE2Ug+9nD7w
=7DtC
-----END PGP PUBLIC KEY BLOCK----- [/code]
4,096-bit public key example
[code] -----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF5myB0BEAD1+FXr8WdO48BaDowlDYZo5W2IzCUyWh/TN6CukydiKtFeYKR6
XyCjSfv+9szYarT6S1xZB192bexEaQWbdD+sLbgVAhbz98FE0kZB7rVi1OVXY1bs
psB4P3ClSSqmgcEc4n1cyVje0VdhtU//wpxIDgfYdmFOAjxFst3D+6xHJilE61Bd
t1nzLCai39QYgrIfoZtz3oYyOAlC/KtYwbu8fO5iwf13+05z2EcoByl/eKVmXNt4
Mf8Xdk1rIdpLW20Skxpvt5WF5+egnpaeI8HStkvcJ0tXtZ7r4Ggx28v640YdxYU/
iMYgwfMLJWQEYpUA+UhUsLEIDGaYOALZCKHsUZgT/1wbGCC2JfXybwspImqFhjb7
kwWTauCpgdLowU7rLaYWoVRMSJ2uJMtPvdVYn72+OJBphQUE146ipe8F5nlrqEvA
KMVzzVnozNUQkvcGJIDAitBhvexDvNF5EVIUqDzQ0sEGI+pU+F/Aj9nyTa2bLVz4
VcsZjxFU/oWl9IubMjYXXsJ1kVX+w/3VIoX2OMyBwQr7scwoGCj+H0G3fjhbKkmm
SnD437khZIpYaMyBZQFLC0Ulw7NFp/hGMZOTnyb28kBlxhF724IomF020GgfUydS
EAg4AxDTh36FQsb25iA6tR3V0X7NHl485drCUCZyXDl2JeAjcbEPwaLHsQARAQAB
tC1jdXRlIGRvbGwgKHNleCBzbGF2ZSkgPGN1dGVkb2xsQHdmandlbC5vbmlvbj6J
AjwEEwEKACYFAl5myB0CGwMFCZZ31VMFCwkIBwMFFQoJCAsEFgIBAAIeAQIXgAAK
CRDAAbSnnBXupGtbD/9cjs1DcudwssuX7lUE3nLRfSKkDsUlOkrt9TCa9rKpK3h8
znLv93wCYNz0og676VrBh43WO07zg/6cuPAbuQEwyxRQWbQ9/U6UVA85TONSd9Ko
pnqBQJMViv89ombKup+ROym9emm+V6xRwB+E023ihxvalaefHNrUffvxqpoITi0s
FYGJz2MFYrBBaQmJkxNs2gB7Obu+uIykf00sroVkDD0l7ZSYDT4lxUmjaN1sgZ77
bPV9HkL/m486YOHFKQHOCxnUa7DMwzPL2JsEz7OiITkbQx3UZ0cxdnEqEa/mc1vS
VBKfwzezY32+NXoMopI04oLuFMlArcuq5BAbt09g1sdU4o/qjtdc9R6xuTapPIuZ
z2YCr7g+VIdciQj5Qkb5CLW61HDvDPnZzw710SLatMxLSRCjtUyImTsUeN0kfLyN
BPoSwzEgEq+D2q0nNUwAE3t+PFVg+8SiJ4oLT3aq5Of+7KLB6SIbPI+gFl1hjUi9
ueNFlXXPAYrkCrv47XxiCJ1Kl6xFPWq45oTrkfZD2vupOygex68pqVePKTp3/ScS
VrncaPvWzdZSIIqD0wapxLiPbhn6SocWQ9qwxsESVPSEtc6bILgJy7vjw7DtkVQC
qRs2nloh/UldItbFFMcY3D3lQ/wbAlKpVTn9DopRcVdfzpvWXzbhJ+ALDSRXnLkC
DQReZsgdARAA9ShKPyU7YrL/EHTsPZ6a6IBj14o6QGrk0uHLFGeGNB3SgLrE2tQe
R2/i040JWnL3TCVuSisOXq4jXGiHL/t0jAt2opsIY5n94igzJQUZ6Y6CPJHaPv1t
B4+IV9u/0rCBjwYgevRTZ9UJuPqsOkLuZ62pbTgaTGiJDsLfhpG6IjvocB/txpSP
7fKo3YQKCPhYwk3AGBns4wO3fY+bJqMtiKLuIpwDVhu8gz/mM90vFnRWe+o7jbaI
uCEM2U4OOU2yIzykJUe2MDHr91q1UHFpWW/4j2rGRtXdVy1FnoRd1EiQexUjbbPh
ORI6+erfx6k0po6cGGhxXMkhgh+S79yjlDYf7ZyTxJ3wqEN72vEqwki1/Pdo6umn
570gBBhWQultfGz+GFdGRU9TIQBtsvip9ga/LGtyjCFp2LTZS6Ta46wlAoaQsfJo
PSucaxSewSZD6xPLoadyXJA0xVOVzoP2xN1/YDSCj0uFMpMmssjHY1dG35zXnZs8
36yUJFKFlBf/vDTOuhOOvs//ebzjL8/yyXFnCKH1xdRcBtPGOwG0gHpcOv9fpkiI
YGti9xjl8gvlAR2IGqYax70ZVAZw1NrsoZq5ON+7MgrjufwjB6miEMflQoZZfW8z
X5n0Lp8hUIainfjf56vcQD05xoC5yYIv9dv2Kdk+0yvJ39N0mAPZ9JkAEQEAAYkC
JQQYAQoADwUCXmbIHQIbDAUJlnfVUwAKCRDAAbSnnBXupAYFEADph8ITEyBPqC//
1JzcBGFCXTpIxBbtc5FOfbRs8L0bSU79kc8XEfhMfbfLT4hOLNcM4YQBHxOnnp24
tg4k2FO3sUkrmWPDM+39NeKxLjr/eJEvH4mMw68RkCYNPDoFwCcJSkshuChc1MjJ
vfdi1gYlE9uS/GeE1jwEK36YnkWnwDn2V8eWZEfgRly2XE7AYUYwPbmWIzM7DU61
j7sTr0k5k7UADFod7JICV+mOmYS/q5X9RTFiywkxdpMTrbdhXWRSZReIxtLwTTXv
Evxx/ykFyY8FhECZVWbbzhrxeFGoAIsNFivKq53JZdS9gxQG6uhmxGJCT77TO4Mh
qRgL0NgUYqo8Zqq1K7ML64awiPw3poWaLprUJBOAe6Squa6snWs2yMriNM8NCHIb
yBxgVr8pLKFuzOwiAmFoOCe6q+XmD3VyS2J7IEeyaX30GuHy0LIS6gtxYVI3QTW4
tWw7WGeWMP26/LeKjZRHPyq/MtSGt9hEFVegoquEIi63rnQJH1HqNAxiMKTllJJg
dIqknM5+infsawCJzinsJXAzZutvlbaYBc94bdIEhpXFEFhPhVQoIgkaYSC0lrfe
aKBAbdIAAj1BM8OvU1fsqwJlca94FevfqPKpTAWxI/rwdtxvFlpGu6/8j9xMCmvi
DrsDAOIWTGpt5Hm6Jn2aHcGHAlulDQ==
=1+Ri
-----END PGP PUBLIC KEY BLOCK----- [/code]
Installation and management
If something doesn't work, change your Tor Browser's "Security Settings" from "Safest" to "Safer" or "Standard".
It will be safe doing with Tails or Whonix because your Security Settings changed to 'Safer'.
Download installation file
https://download.phpbb.com/pub/release/
https://download.phpbb.com/pub/release/3.1/
https://download.phpbb.com/pub/release/3.2/
https://download.phpbb.com/pub/release/3.3/
Download phpBB-3.3.0.zip file from https://www.phpbb.com/downloads/ website.
If you try to install phpBB 3.3.0 on Freedom Hosting Reloaded, you will see the below error message.
You are running an unsupported PHP version. Please upgrade to PHP 7.1.3 or higher before trying to install or update to phpBB 3.3
You can download phpBB-3.2.9.zip file from https://www.phpbb.com/downloads/3.2/install link.
When you make an account on Daniel's Hosting, you can choose PHP 7.3 or PHP 7.4. If you try to install phpBB 3.3.0 on Daniel's Hosting with PHP 7.4, it doesn't work anything.
If you try to install phpBB 3.2.9 on Daniel's Hosting with PHP 7.4, you will see the below error message.
You are running an unsupported PHP version. Please upgrade to PHP equal to or greater than 5.4.7 but less than 7.3-dev in order to install or update to phpBB 3.2
If you choose PHP 7.3 and phpBB 3.2.9 on Daniel's Hosting, you will see the below message.
You are running an unsupported PHP version. Please upgrade to PHP equal to or greater than 5.4.7 but less than 7.3-dev in order to install or update to phpBB 3.2
PHP 7.3 and phpBB 3.3.0 RC1 work on Daniel's Hosting. You can download phpBB-3.3.0-RC1.zip file from https://download.phpbb.com/pub/release/3.3/unstable/3.3.0-RC1/ link.
It shows 'blank page error of PHP'.
PHP 7.4 and phpBB 3.3.0 b2 works on Daniel's Hosting. Download phpBB-3.3.0-b2.zip file from https://download.phpbb.com/pub/release/3.3/unstable/3.3.0-b2/ website.
PHP blank page error
When you make or edit a category or a forum, if you write something in a "Description" field, and press "Submit" button, you can see a blank page.
Or you can a blank page after trying to post a post.
It's PHP's error. Just delete everything from your web hosting and reinstall phpBB.
Delete "install" directory
After installation and logging in as an admin, you can see the below message.
Please delete, move or rename the install directory before you use your board. If this directory is still present, only the Administration Control Panel (ACP) will be accessible.
Just delete "install" folder.
Permission
If you use Freedom Hosting Reloaded, you change some directories and file's permission.
Change the below file and folders' permission to 777. 777 means "Owner, Group, Everyone" have "Read, Write, Execute" permissions. If you can't see Chmod button of Freedom Hosting Reloaded's WebFTP, you can zoom in Tor Brower to 110% or press "Ctrl + +", then you can see the Chmod button.
If you use Daniel's Hosting, you don't have change any permission of a file or directory.
ACP, MCP, UCP
There are ACP (Administration Control Panel), MCP (Moderator Control Panel), and UCP (User Control Panel).
You can make a category or forum by using ACP. And you can do anything in ACP as an admin of the website.
MCP is for moderating threads and users. A moderator is similar to an admin, but their authority is limited.
And you can change your user settings in UCP.
Global moderators are for all forums. Each forum can has its own moderators.
Make a category and forum
You can make a category and forum in ACP.
Management of users
You can make a new user group in ACP. And you can also manage each user.
Permission of forum
Full Access: for Administrator of Moderator
Standard Access: for ordinary members
Limited Access: same to Standard Access but can't upload files such as image files
Limited Access + Polls (Standard Access + Polls): can make a poll
Favicon
Download any images from DuckDuckGo to become a favicon.
Edit the image with GIMP.
Crop the image by pressing "Shift+C".
Adjust image size as 48*48 pixels or less resolution.
Select GIMP menu "Export AS" and select ico (Microsoft Windows icon file).
The image's name should be favicon.ico and you have to upload it at the uppermost directory of your website where phpBB folder is located.
After uploading favicon.ico file, you have to visit the file's location by using your Tor Browser such as http://keidhslenciej2kd.onion/favicon.ico or something.
Notice of a forum
- Sticky: fixed at the top of topics
- Announcement: fixed at the top of forum
- Global: fixed at the top of all forums
Change avatar size
ACP -> General tab -> Avatar settings
- Avatar Size
Apr 25, 2009
https://www.phpbb.com/community/viewtopic.php?t=1569205
- Change avatar size from default
Jan 04, 2010
https://www.phpbb.com/community/viewtopic.php?t=1926255
Change signature size
On the first page in the ACP, under "BOARD CONFIGURATION", click on "Signature settings".
- Limit signature size, not dimensions
Jan 20, 2009
https://www.phpbb.com/community/viewtopic.php?t=1418535
Disabling file upload
GENERAL -> BOARD CONFIGURATION -> Attachment settings -> Allow attachments: -> No
Then nobody can upload files including moderators and administrators.
You can use another way. Gave "Limited Access" permission to "registered users" for each forum.
Assignment a moderator for each forum
Forums -> FORUM BASED PERMISSIONS -> Forum moderators
Disabling email validity check
GENERAL -> SERVER CONFIGURATION -> Security settings -> Check email domain for valid MX record -> No
Disabling CAPTCHA when member registration
GENERAL -> BOARD CONFIGURATION -> User registration settings -> General options -> Enable spambot countermeasures for registrations
Change the option from "Yes" to "No".
Security
In December 2004, a large number of Web sites were defaced by the Santy worm, which used vulnerabilities in outdated versions of phpBB2 to overwrite PHP and HTML pages.[3] Although these were the result of outdated versions of PHP and phpBB,Template:Citation needed incidents like these have caused the security of phpBB to be disputed. There have also been a few times where new releases of phpBB have come out a few days apart, although the last occurrence of this was in early 2005.[4] However, the phpBB Team usually responds to security reports as soon as possible, and releases a new version quickly.Template:Citation needed The phpBB Group, attempting to learn from previous failures, performed a codebase security audit before the release of 2.0.18.[5] The phpBB3 codebase received an external security audit in September 2007, which was done by SektionEins.[6] The sixth release candidate of phpBB3 was published following the results of the security audit.[7]
Changes were made to phpBB2 to avoid problems in the future, such as a re-authentication system for the administration panel, backported from phpBB3. This was introduced after a cookie verification issue allowed attackers to gain administrator access.[8]
In November 2005, the phpBB Group announced a new Incident Investigation Team (IIT), a sub-team of their Support Team, which is responsible for assisting users in the cleanup and repair of an attacked phpBB installation and investigating reports of new exploits.[9] The team announced a tracker the following January where administrators of attacked bulletin boards could report an attack and receive support from the IIT.
The CAPTCHA system in phpBB2 has proven vulnerable to automated registrations, with numerous phpBB-based forums being swamped by forum spam. phpBB3 has improved its anti-spam options available to forum administrators, including a new CAPTCHA system, suspensions, user logging and other various features.[10] The phpBB team has published recommendations on protecting the boards from spam.[11] Currently the best method is to use a Q&A (question-answer) challenge, which was introduced into phpBB 3.0.6.[12] phpBB3 has a much stronger CAPTCHA system, however during the phpBB3 development/beta phase it was frequently criticised for being difficult to read.[13] The development team has been working on improving its readability prior to phpBB3's final release.Template:Citation needed
Additionally, the teams have announced that each minor release of phpBB3 (3.0.1, 3.0.2, etc.) will be preceded by individual release candidates in an effort to prevent instances where subsequent releases would be only days apart (as happened a couple of times during the 2.0.x line).[14]
phpBB 3 notifies the administrator of new releases via the Administration Control Panel.[15]
How phpBB leaked Childs Play's IP address
phpBB's avatar (profile) picture's IP address leakage
- Breaking the dark net: Why the police share abuse pics to save children
October 7th, 2017
In utmost secrecy, the world’s largest child sexual abuse forum was moved to the other side of the globe.
No one was supposed to know who was behind the website’s continued operation.
January 24th, 2017
Brisbane – Australia
VG has just told them what we’ve uncovered: that they run the world’s largest online forum for child sexual exploitation, “Childs Play”.
In the United States, a mother weeps when she hears that VG has found that pictures of her daughter being sexually abused were shared by members, while the police operated the site.
– My daughter should not be used as a bait. If they are using her images, then she should be paid or compensated for their use. It is not right for the police to promote these images, says the mother.
September 1st, 2017
New York
On September 1st, VG makes contact with a woman in New York. Images of abuses against her daughter have been shared thousands of times – and now on Childs Play as well, under administration by Task Force Argos.
She starts to cry, then pulls herself together.
– They might argue in the long term it will be beneficial to my daughter because it will help them capture other pedophiles. But just sending her image to one offender can turn into it being in the hands of hundreds or thousands of others, hurting her more, not helping her, says the mother.
Her lawyer, James Marsh, takes a more positive view of the police using such images. He represents numerous children who feature in the most widely shared exploitation images.
– Several of my clients would have welcomed police use of their images in the battle to track down abusers. They know how skilled these men are at hiding and understand what it takes to catch them, Marsh says.
He nevertheless understands the mother’s reaction. The pictures of her daughter had been less extensively distributed than many others, so each new share carried more significance.
January 24th, 2017
Brisbane – Australia
Rouse suggests that VG must have done something illegal to uncover the operation.
– Under Australian law, what you’ve done is the same as hacking. The police are allowed to hack to reveal criminal activity, but not you. So you have to be aware that what you have done can potentially have consequences.
Later, the police officers will decide to answer questions from VG. How Stangvik exposed Childs Play
IP addresses and physical server locations are inherently difficult to find on the Tor network. So how did VG’s computer expert get the forum to disclose this information?
1. Profile picture upload
The forum allowed users to upload a profile picture. This picture could also be fetched from a user-supplied URL.
2. The leak
This is where the information leak occurs. Configured for optimal security, the forum’s software and/or server would fetch the remote profile picture via Tor. Childs Play did not – all traffic to external sites originated from the server’s real IP.
3. The IP address is exposed
By telling the forum to fetch a picture from a server Stangvik controlled, he could see in his server logs that the originating IP was with a hosting provider in Sydney – Digital Pacific. Stangvik went on to confirm that outgoing DNS requests originated from the same provider, and that the forum’s software also loaded images included in forum post previews from the same IP.
4. A proxy, VPN or Tor Exit?
The next question was whether the IP belonged to a Tor Exit Node, a VPN or a proxy server. An IP can hide just about anything. How could he confirm that this was the forum’s location, rather than just a node in a chain of redirects? Stangvik applied three improvised techniques:
5. Timing between the servers
He rented a virtual server with Digital Pacific – the same place as where the suspected IP was located. He then updated the profile picture URL to point to this server. Upon receiving an incoming profile picture request, Stangvik’s server would respond with a redirect to another URL on the same virtual server. Repeating this redirection process several time, Stangvik was able to isolate and measure the roundtrip-time between the two servers. The measurements yielded very low times, consistent with a forum server in close vicinity of his rented server.
6. Measuring intermediate nodes
Stangvik also paid attention to so-called «Time To Live» values on the incoming data packets. These provide some insight into how many intermediate parties are involved from the sender to the recipient. In this case, the values indicated that there were at most one intermediate – a typical result if the servers were located in the same room.
7. Measuring packet size
The final test started to get advanced: Measuring MTU (Maximum Transmission Unit) and packet fragmentation.
Each packet in a computer network has a maximum transmission size, based on which intermediates it passes through. Each encapsulating technology, such as VPNs, can result in the total packet size increasing beyond the maximum size, and local networks usually have larger maximum sizes than the “tubes” found on the internet. If the maximum size is surpassed, the packet will be broken into multiple fragments.
By crafting long profile picture URLs, and setting specific packet flags, in the redirects returned by his custom web server software, he could see that the MTU was consistent with that of high-speed local area network traffic, and also ruled out VPN configurations.
October 2016
The forum is moved
In October 2016, WarHead’s abuse website was moved to the server in Sydney. That was six months after he set it up.
https://www.vg.no/spesial/2017/undercover-darkweb/?lang=en
MODs
MODs are code modifications created by the phpBB community, often used to extend the functionality of or change the display of phpBB. The term is capitalised to distinguish code modifications from forum moderators, the latter of which is often abbreviated as "mods". Modifications referred to in this manner are not authored by the phpBB developers, and do not enjoy the same level of support as unmodified official code. The phpBB Extensions Team (formerly known as the phpBB MOD Team), headed by David Colón (known as DavidIQ in the community), accepts modifications from community sources for validation, and modifications which meet the Extensions Team's standards are made available for download from the phpBB Customisations Database. Other sites also provide phpBB2 and phpBB3 modifications for download. Some of the sites have their own standards which they validate to, and other sites do not do any validation, however the phpBB teams do not offer support for boards using MODs downloaded from sites other than phpBB.com. Documentation for phpBB3 MODding is provided by the Extensions Team. MODs are not accepted for the 3.1.x line of phpBB since Extensions have taken their place from that version forward.
MODX
MODX is an XML-based document format developed by the phpBB Extensions Team that is used to describe the steps required to modify the source code of a web application in order to install a modification.[16] Although it can theoretically be utilised for any web application, it was developed for and is primarily used by MODs for phpBB. The phpBB Extensions Team requires that MODs submitted to its database conform to the MODX specifications and other policies.[17] The primary purpose of using an XML-based format is to better allow automatic installation tools, such as AutoMOD, to read and complete the installation instructions. MODX files can be viewed in a web browser using an included XSL file. The latest revision of the MODX spec is 1.2.6, released on December 15, 2012.[18]
AutoMOD
AutoMOD is a tool developed by the phpBB Extensions Team that parses and automatically installs phpBB3 MODs distributed in the MODX format. Users simply have to upload the contents of a MOD download to their phpBB source directory and run AutoMOD, which will parse the MOD instructions and make the necessary file changes. Depending on the server configurations, it will either automatically merge the changes into place using FTP, or will create a compressed archive of the changed files for the user to copy into place. AutoMOD is also used by the MOD Team members during validation to ensure that the MODX files are valid and the MOD can be successfully installed on a vanilla phpBB installation.[19]
The current version of AutoMOD is 1.0.2.[20] AutoMOD can be downloaded from the AutoMOD information page[21] and support can be obtained in the AutoMOD support forum.[22]
AutoMOD is the successor to EasyMOD, a tool for phpBB2 which was also developed by the phpBB Extensions Team and performed essentially the same task. The last version of EasyMOD was 0.4.0, released on June 30, 2008.[23] Support for EasyMOD is no longer provided since phpBB2 is retired.[24]
Unified MOD Installation Library (UMIL)
The Unified MOD Installation Library is a library designed to simplify the installation and uninstallation of the database side of MODs.[25] It is designed to be useful for configuring the forum for the new MOD, performing database actions such as adding and removing tables and columns, and purging the forum's cache. UMIL is GPL licensed[25] and the latest version is 1.0.5.[26] It can be downloaded from the UMIL page.[27] To create a UMI-file automatically, a MOD author can use the Unified MOD Installation File creation tool.[28]
See also
- Comparison of Internet forum software
- Tails
- Whonix
- TinyIB
- MediaWiki
- Darknet
- Freedom Hosting Reloaded
- Daniel's Hosting
- Tribler
- Template:Computer engineering
- Web development
- Darknet web development
References
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Cite error: Invalid
<ref>
tag; no text was provided for refs namedautogenerated1
- ↑ Template:Cite web
- ↑ Announcing the Incident Investigation Team from the phpBB.com community forums
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Checking for updates phpBB 3.0 Olympus Documentation, phpBB.com
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ 25.0 25.1 phpbb.com
- ↑ Template:Cite web
- ↑ Template:Cite web
- ↑ Template:Cite web