October 2017 work summary

October was a very profitable month for me, best of the year so far. It’s a little mysterious to me why it was so, but I did collect on a few projects I was owed so that helped. Anyhow, here’s a summary of the work I did in October. All client information has been anonymized, of course:

  • Upgraded a forum from phpBB 3.0.9 to 3.2.1. The vendor folder was corrupt in my archive, which I think was due to a bad release by the phpBB Group since corrected. I fixed my archive, installed the prosilver_se style and applied the client’s logo. I also installed my digests extension (version 3.2.4) and tested it. In programming the cron job, since HTTPS was used, I added -K option to curl so it didn’t verify the certificate.
  • Client upgraded from phpBB 3.1 to 3.2. He had the portal extension installed but the upgrade caused an error rendering the portal page. Updating the extension to 2.2.0-b1 solved the problem although it should be noted there is not an approved version of the portal for phpBB 3.2 at this time.
  • Client was having trouble getting version 3.0.7 of my digests extension to mail from a phpBB 3.1.10 instance. I figured out the issues were due to incorrect manual testing procedures. Then wanted me to create a customized version that removed certain items from the digest email. I made changes which also required a change to the mailer program. I also found a digests 3.0.7 French language translation and installed it (since the board is hosted in France) and modified that language file as well as the English version to accommodate the requested changes. I tested it on a 3.1.9 instance on my machine and since I did not have installation permissions, I placed a copy on Google Drive for the client to access and install, with instructions. Later there was additional work. Now with full permissions, I upgraded the client from phpBB 3.1.10 to 3.2.1. I installed a new version of we_universal style, but the development version has a few issues (quote icons and the like would not show). I reapplied custom code changes to my digests extensions. In addition the client wanted additional template changes with banner images in the digests. These plus communication challenges added a lot of time.
  • Client said he had managed to acquire the domain name a competitor was using, which had expired. Changed DNS to redirect to the selected domain but the action never completed. However, I later learned that the domain did not expire but GoDaddy let him buy it anyhow. Client paid me for my time.
  • Upgraded a forum from phpBB 3.0.12 (subsilver2 style, no mods) to 3.2.1. Changed the style with the upgrade to Allen Subsilver. I added the old logo. I added an extension so external links render pages in new tabs. Redirect issues were solved by removing cPanel redirects and creating an index.html file with a meta tag to redirect to forum. In addition, SuperCacher was turned on. I had to flush SuperCacher in cPanel to affect logo changes. I created a question on registration but registration is currently disabled. I suggested configuring the new reCaptcha if this is enabled.
  • Another error was reported by client I helped last month. I looked at the error log. I determined that German language pack said it was installed by the files were not there and that triggered the error. I added the German language pack for phpBB 3.1.10. Another error pointed to something wrong with the Profile Side Switcher extension. Version 0.0.1 was installed, updated to 1.0.0 and that error went away. I also removed some dead modules. I changed permissions on cache, files, images/avatars/upload and store folders. I cleared the cache. The extensions tab did not show. This may be a database issue with the modules table. Waited for feedback or additional permissions. Client paid me for the work to date.
  • I completed a month plus long project to change the website’s front end from static pages to WordPress. Originally I placed WordPress in a /wordpress folder. I moved the old files into an old_files folder, moved WordPress into the root folder, installed a plugin to change some paths and changed some database columns to get it to work from the root folder. The move to WordPress included creating a shopping cart and testing it, replicating a members only area by doing it inside of WordPress, installing a theme, installing a form generator for membership applications and creating the membership form, and the integration of a photo gallery using a plug in. So while phpBB is my specialty, I can do a lot of WordPress work too, so it doesn’t hurt to ask if you want me to do some WordPress work for you.
  • Upgraded a forum from phpBB 3.2.0 to 3.2.1. Reapplied logos. Updated American English language pack.
  • Removed malware from site using cPanel’s file manager, placed bad content in Trash for customer’s review then submitted it to Google for a check. Later, client encountered more spam issues. Web host said WordPress plugins were sending spam. They blocked access to the site so I couldn’t go in and do anything. Sent support an email. Never replied back but a couple days later I could get into WordPress. Client has both a French and an English site. Updated plugins and updated WordPress on both sites. Installed plugin that automatically updates plugins on both sites.
  • Upgraded a forum from phpBB 3.0.14 to 3.2.1. Work involved rehosting the forum too as the customer’s virtual server was underpowered, making database operations problematic. Customer eventually chose a new web host and it took about a week to move the content over along with the WordPress content. Resource limitations occurred trying to upgrade forum on old host, requiring me to move it to my machine, do the work there and upload it. However, bigdump.php would not complete loading the database, due to resource limitations on the database (first time I’ve seen this for virtual hosting). Many tables had primary keys and indexes missing. Eventually the new host got WordPress working correctly for the client. I had to reload the phpBB database to recreate the indexes and primary keys that were missing. While running bigdump.php on the new host I encountered a Javascript error but I was able to load database from the command prompt instead. Installed the Hexagon style, configured the logo, placed a special tile background image and uploaded old icons for forum and topic images. In some cases browser resized them, making them a bit fuzzy. Installed the Advertising Management Extension and added two ads in two locations. Upgraded PHP to 7.1 and tested. Installed the Advanced BBCode Box extension. Uploaded his many old images used in the headers principally to /styles/Hexagon/theme/images.
  • Troubleshooting. Email interface wasn’t working. It was set to send mail via SMTP. I turned it off and tested it and received a sample mass email.
  • Upgraded a forum from phpBB 3.0.11 to 3.2.1. Kept the prosilver style and reapplied the logo. Installed Google Analytics extension. Installed Advertising Management extension but HTTP 403 errors triggered when creating ad. Asked client to file a support request to get this addressed. Advised about placement of skyscraper ads (not a good idea for phpBB). Forum is inside a frame. Recommended this be addressed. Later, working with security rules were setup to bypass modSecurity for ad placement. Installed reCaptcha.

Pricing changes (most clients unaffected)

I have updated my pricing. Most of my customers are not affected by the price increases. It only affects those in the corporate/moneyed sector.

Many of my professional customers have already paid me more than I have billed, some calling attention that I am dramatically underpriced in this market. So I have doubled my labor rate for this class of customer to $60/hour and doubled my fixed prices for them as well.

How do you know if you have to pay my professional rate? My services page has all the details. In general, if you need an invoice, you are billed at my professional rate. If you have staff and offices, a professional rate applies. It does not apply to hobbyists and small non-profits where pretty much everyone is a volunteer and you run your site on a shoestring. The quality of the service is the same regardless.

If there is a conflict between professional work and other work, understandably I will put those paying at the professional level first. In most cases this is not an issue.

It’s nice that my professional customers are increasing as a share of this business and the extra income is nice as well.

Hiding your phpBB forums

Introduction

Not every forum administrator wants their forum to be public. Some want to have a members-only forum. In fact, it’s not unusual to want the forum to be completely hidden or wholly inaccessible by the public. Some forum administrators realize it’s important not only to keep humans out, but search engines as well.

The good news is that phpBB can keep your forum private, although there are some steps you might want to take outside of phpBB. The bad news is that the procedures for doing so are pretty obscure. Let’s look at some common ways of limiting access.

Keeping everyone out using your web server’s security system

Pros: about as secure as you can get

Cons: shared passwords are often used, ugly interface, and it works separately from the forum

The most effective way to keep everyone out but specified users is to use a security mechanism that is built into your web server. The technique originated with the Apache web server. Not all web servers use Apache, but most do. IIS is Microsoft’s web server, if you are using Windows hosting. nginx (pronounced “Engine X”) is another web server gaining in popularity that is slowly replacing Apache.

With this approach, the first step is to determine what web server software you are running. This site makes it easy.

The idea is to use the web server to challenge the user trying to get into the forum’s folder by requiring the user to successfully provide some credentials, usually a username and password. Typically you get an ugly black and white screen with these fields and a submit button. So this approach is not pretty, but it is highly secure.

If you want to go with this approach, first look at your web host control panel. Control panels like cPanel often have a feature that lets you password protect folders, in this case your phpBB root folder. Here are cPanel’s instructions. Failing that you can do this yourself.

You can use these instructions if you are using Apache and these instructions for nginx. IIS being a Microsoft product operates quite differently. You can use these instructions for IIS.

You can make it easy and use a shared username and/or password or create one for each member of the forum. Note that this happens outside of the forum, so any usernames and passwords used with this approach will probably not be the username and password used to login to the forum. You will have to pass the username and password to use to the user, perhaps using email. This approach simply allows access to the forum so a second step is needed: you must also login to the forum.

This approach not only keeps out humans, but also search engines.

Although not covered here, there are even more secure ways to limit access if you limit access to specific IP addresses. A search engine query will provide instructions if this approach interests you. Since most IP addresses are generated dynamically, this approach usually requires allowing a range of IP addresses and is somewhat fragile.

Stopping search engines from indexing your site with a robots.txt file

Pros: Simple and probably 99% effective

Cons: Malicious search engines can choose to ignore your policy

You can instruct search engines not to search your site. While you can provide instructions, this approach doesn’t keep malicious search engine agents from indexing your site anyhow. Essentially you create a robots.txt file in a plain editor like Notepad and upload it to your forum’s root folder. Its contents should look like this:

User-agent: *
Disallow: /

Disallowing search engines using phpBB

Pros: Effectively stops search engines that phpBB knows about, which are most of them. With the permissions properly set these search engines cannot index your content because the permissions won’t allow it.

Cons: Limited to the 46 search engines that phpBB handles by default

Procedures:

  1. ACP > Permissions > Permission roles > Forum roles
  2. Click on the green wheel on the Bot Access row
  3. Go to the bottom of the page and select the Actions tab
  4. Click on the No column header link which easily makes all these permissions no. Then Submit.

By changing the properties of the Bots role it will affect all existing bots plus any additional bots you create manually later on.

If you want to add bots manually, you can do it this way: ACP > System > General tasks > Spiders/Robots. Where would you discover new robots that might be hitting your site? You would need to periodically review your web server access log.

The phpBB group periodically adds new robots so when you update or upgrade these new robots will appear and will inherit privileges for the bots role.

You can certainly add a robots.txt file disallowing access to your forum root folder and use these procedures too.

Disallowing guest access to forums

Pros: Removes guest read privileges

Cons: A little complex to set up and message to guests is misleading

Procedures:

  1. ACP > Forums > Forum based permissions > Group forum permissions
  2. Select the Guests usergroup and press Submit
  3. Select the forums that you don’t want guests to read or access. For all, check All Forums. Then press Submit.
  4. If you want guests to neither read the forum nor see its name, for each forum change Read Only Access to No Access then the press the Apply All Permission button at the bottom of the page. Note: if all forums were changed then at this point guests accessing the index will see a “No forums” message. This is misleading because the forums are there, you just have to be registered, logged in and have appropriate permissions to see them.
  5. If you want guests to see the forum name but not be able to see or read any topics, first complete step 4. Then for each forum click on Advanced permissions, select the Actions tab and select Yes to Can see forum. When applied to all applicable forums, press the Apply All Permission button at the bottom of the page.

Bonus tip

If security is a concern, consider also using HTTPS to encrypt all traffic going to and from your forum. More is on this post.

September 2017 work summary

September was a very slow month, probably the slowest so far this year. In a way it was good because I was kept hopping preparing for and teaching a website development class, and I needed to focus on that. Here is some of the work I accomplished in September for various clients:

  • A forum’s users were experienced HTTP 500 errors when accessing forum. I downloaded the error log and noticed numerous TWIG errors complaining about a link missing to Viglink in overall_footer.html. I’ve seen this issue before and I’m not sure what’s causing it, but I think it may be due to enabling Viglink, then disabling it without purging the cache, which should not be necessary. I used the web host’s file manager to manually remove files from the /cache/production folder. The forum came up but there was a HTTP 500 error on initial login, which did not recur. Also, I noticed that a folder was missing where the main site images were kept. The client was able to restore these pictures. I suggested and installed the latest Cleantalk extension (not yet on phpbb.com) and enabled its SpamFirewall feature because the client was getting hammered by spambots. This solution is working well.
  • Some users reported a white screen after making a post. It seemed to mainly affect Firefox users and seemed to be somehow related to the cookies. I examined error log and found a TWIG error referencing a missing link for Viglink, similar to the last problem. I manually refreshed the cache. No further problems were noted.
  • Troubleshooting. User had installed a security certificate so the forum would use https without changing phpBB’s server settings. I fixed the server settings to use https and to NOT use port 80. I suggested changes to force all links to use HTTPS with a .htaccess hack and to fix WordPress links using a WordPress plugin.
  • Performed a simple upgrade from phpBB 3.0.13-PL1 to phpBB 3.2.1. Used the default prosilver style. Logo is wide at 900×150, suggested that it would flow better if it were smaller. I hid the site title and site description in header so it would look similar to what they had before the upgrade.
  • Troubleshooting trying to figure out why mass emails were not going out to about 80 users. It turned out the new web host has email quotas and that was part of the problem. I tried to connect the forum using SMTP to old mail server where this wasn’t an issue, but discovered that the new web host does not allow outgoing SMTP connections. Based on what the new host said it’s outgoing email policy was, I suggested an email package size of under 25 and setting up a system cron to run every five minutes.
  • The web host siteground.com complained to the client that her site was getting hit by too many spambots. Similar to the first client, I solved the problem by installing the latest version of the Cleantalk extension and enabling its SpamFirewall feature. I also updated the forum from phpBB 3.2.0 to phpBB 3.2.1.
  • I updated a forum from phpBB 3.1.3 to phpBB 3.1.11 and installed Cleantalk extension 4.7 (a higher version would not work with 3.1) to solve a persistent spam registration problem. Client did not want to upgrade to phpBB 3.2 since a couple of extensions would not work.