100% ad-free
optrex wrote:I doubt it was spam emails. It actually co-incided wit a genuine user pm'ing the whole membership and its subsequent reply. Based on your membership that would generate a huge amount of sudden email traffic in the form of notifications and look like spam, depending on your setup.
You should never have a configuration that would allow that to happen.
optrex wrote:I doubt it was spam emails. It actually co-incided wit a genuine user pm'ing the whole membership and its subsequent reply. Based on your membership that would generate a huge amount of sudden email traffic in the form of notifications and look like spam, depending on your setup.
You should never have a configuration that would allow that to happen.
Adamski wrote:
... or are you saying that the blue line in the "To" field that says "Registered Users" should not be there?
It's not something I'd like to test - for fear of another bout of outgoing messages.
Adam.
optrex wrote:I used reply to all to see if
A) that was the issue
B) the configuration error had been closed by the site owner
It's a bit of a rookie flaw to be fair, but also phpbb isn't the best or safest form platform out there either, so I can understand the hosting companies concern.
optrex wrote:Ideally the largest "group chat" you'd want is say 4 or 5 recipients, otherwise what's the purpose of having a forum discussion?
A better system would also rate limit the notification emails by cron job so you're not pushing out 1500 or so in one go, which I guarantee is the reason the site got "suspended".
optrex wrote:I doubt it was spam emails. It actually co-incided wit a genuine user pm'ing the whole membership and its subsequent reply. Based on your membership that would generate a huge amount of sudden email traffic in the form of notifications and look like spam, depending on your setup.
You should never have a configuration that would allow that to happen.
optrex wrote:I used reply to all to see if
A) that was the issue
B) the configuration error had been closed by the site owner
It's a bit of a rookie flaw to be fair, but also phpbb isn't the best or safest form platform out there either, so I can understand the hosting companies concern.
Radar88 wrote:It would be better for the Site Administrators to do a thorough in-depth investigation of the issue over the next few days.
gojozoom wrote:Hi guys,
Thank you for the constructive feedback - I agree with most of it. I have already made changes to the PM system so that only admins can PM groups. The forum settings are fairly limited so we can either enable PMs to groups and multiple users or disable them altogether - meaning you can only PM a single user. To avoid further Reply All "incidents" I disabled it for now.
I also agree that PhPBB might not be the most modern/secure platform but there is a reason why we chose it. Here's a brief background to those of you that joined us more recently. Until about 4 years ago the forum was run on a forum software from stone-age (defunct now), using a very outdated server and database. We looked at different options for safely migrating everything (and keep all posts and attachments) to a more modern and customizable system that is at least somewhat compatible with the old database and forum software. At the time only PhPBB had migration scripts that were proven working fine so we went with that - none of us had the time on our hands to do a full manual migration. However, to address those security holes we're going to schedule in a software update from v3.0 to the current v3.3.
Another factor is that this forum (as most other forums) doesn't have a full-time admin. We're trying to fit things into our busy lives, work, kids, jobs, etc, therefore a "fully blown" IT support with continuous maintenance and updates is not achievable at this point. I'm open to discussions about options or volunteers to do certain tasks, obviously someone with some IT background and a bit of a change management (ITIL) experience.
All in all you're right, it's far from perfect, but I think a single 24-hours outage in 4 years is pretty good in terms of availability and stability. I'm not trying to use this as an excuse or brag - it's merely an objective observation.
Kind Regards
Dan
Users browsing this forum: No registered users and 1 guest