TOR unfriendly...

This is the place to talk about our forums:
Questions about how to best use them, discussions about new features and things like that

TOR unfriendly...

Postby jiml8 » Jul 11th, '14, 17:46

You have changed something very recently on this site, and as a consequence I can no longer post in my usual browser session which uses TOR.
Every time I try, I get taken to a login screen. Login, post, go to login screen, login, post, go to login screen.

This will have the inevitable effect of reducing my posting here to effectively zero; I browse through TOR for reasons that are good and sufficient to me, and I am not willing to frequent a site that is TOR-unfriendly.

I tolerated it when you tracked via IP address and I was forced to log-in every 15 minutes or so. But I seem to be unable to post AT ALL anymore if I come to the site through TOR.
jiml8
 
Posts: 1253
Joined: Jul 7th, '13, 18:09

Re: TOR unfriendly...

Postby doktor5000 » Jul 11th, '14, 18:40

That's interesting, I don't know of any changes to the forums or the infrastructure in the last few months.

Could you have a look at 3.2.3.1. Cookie settings and 3.2.3.3. Security settings at https://www.phpbb.com/support/documenta ... eneral.php please?

Here are our current settings:
Security settings

Allow persistent logins:
Determines whether users can autologin when they visit the board.
Yes No

Persistent login key expiration length (in days):
Number of days after which persistent login keys are removed or zero to disable.

0 Days

Session IP validation:
Determines how much of the users IP is used to validate a session; All compares the complete address, A.B.C the first x.x.x, A.B the first x.x, None disables checking. On IPv6 addresses A.B.C compares the first 4 blocks and A.B the first 3 blocks.
All A.B.C A.B None

Validate browser:
Enables browser validation for each session improving security.
Yes No

Validate X_FORWARDED_FOR header:
Sessions will only be continued if the sent X_FORWARDED_FOR header equals the one sent with the previous request. Bans will be checked against IPs in X_FORWARDED_FOR too.
Yes No

Validate Referer:
If enabled, the referer of POST requests will be checked against the host/script path settings. This may cause issues with boards using several domains and or external logins.
Also validate path Only validate host None

Check IP against DNS Blackhole List:
If enabled the user’s IP address is checked against the following DNSBL services on registration and posting: spamcop.net and http://www.spamhaus.org. This lookup may take a while, depending on the server’s configuration. If slowdowns are experienced or too many false positives reported it is recommended to disable this check.
Yes No

Check e-mail domain for valid MX record:
If enabled, the e-mail domain provided on registration and profile changes is checked for a valid MX record.
Yes No

Password length:
Minimum and maximum number of characters in passwords.
6 Min 100 Max

Password complexity:
Determines how complex a password needs to be when set or altered, subsequent options include the previous ones.
No requirements

Force password change:
Require user to change their password after a set number of days. Setting this value to 0 disables this behaviour.
0 Days

Maximum number of login attempts per username:
The number of login attempts allowed for a single account before the anti-spambot task is triggered. Enter 0 to prevent the anti-spambot task from being triggered for distinct user accounts.
3

Maximum number of login attempts per IP address:
The threshold of login attempts allowed from a single IP address before an anti-spambot task is triggered. Enter 0 to prevent the anti-spambot task from being triggered by IP addresses.
50

IP address login attempt expiration time:
Login attempts expire after this period.
21600 Seconds

Limit login attempts by X_FORWARDED_FOR header:
Instead of limiting login attempts by IP address they are limited by X_FORWARDED_FOR values.
Warning: Only enable this if you are operating a proxy server that sets X_FORWARDED_FOR to trustworthy values.
Yes No

Allow php in templates:
If this option is enabled, PHP and INCLUDEPHP statements will be recognised and parsed in templates.
Yes No

Maximum time to submit forms:
The time a user has to submit a form. Use -1 to disable. Note that a form might become invalid if the session expires, regardless of this setting.
7200 Seconds

Tie forms to guest sessions:
If enabled, the form token issued to guests will be session-exclusive. This can cause problems with some ISPs.
Yes No
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17630
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: TOR unfriendly...

Postby maat » Jul 12th, '14, 23:01

Hi,

I did change nothing that could affect TOR users. And if i did not i think no other admin did something alike.

Did you add, on your side, something that blocks cookies ?

To maintain session we need to use something ether on the url or inside a cookie

I'm pretty sure the change did not occur on our side but let's investigate to understand where the problem is.
maat
 
Posts: 307
Joined: Feb 13th, '11, 00:23


Return to Discussions about forums

Who is online

Users browsing this forum: No registered users and 1 guest