Re: [gentoo-user] IPv4 broken beyond repair

2021-05-20 Thread Hund 
On May 20, 2021 11:20:27 PM GMT+02:00, the...@sys-concept.com wrote:
>On 5/20/21 1:29 PM, tastytea wrote:
>> On 2021-05-20 11:20-0600 the...@sys-concept.com wrote:
>> 
>>> It seems to me IPv4 is broken beyond repair.
>>> I'm trying to block spammers but they rewrite the source IP (that is not
>>> checked) so it is impossible to block them. Example below is from a
>>> single source:
>>>
>>> 189.142.216.209 - - [20/May/2021:09:49:29 -0600] "GET /contact_us.php
>>> HTTP/1.0" 200 25552 82.79.97.137 - - [20/May/2021:09:49:31 -0600]
>>> "GET /vvc_display.php?vvc= HTTP/1.0" 200 4149 202.138.252.59 - -
>>> [20/May/2021:09:49:33 -0600] "POST /contact_us.php?action=send
>>> HTTP/1.0" 302 13 91.235.177.140 - - [20/May/2021:09:49:35 -0600] "GET
>>> /contact_us.php?action=success HTTP/1.0" 200 24031 41.82.36.214 - -
>>> [20/May/2021:09:49:37 -0600] "GET /contact_us.php HTTP/1.0" 200 25725
>> 
>> As long as the website is find-able by search engines, it doesn't
>> matter if it is IPv4 or IPv6.
>> A good measure against non-targeted spam is a hidden input field with
>> the name “url”. If the bot put anything in that field, throw it out.
>> Simple math captchas (like “what is 2 + 3?”) work well too.
>> If the spam is targeted, you'll probably need a more advanced captcha
>> solution.
>> 
>> See also:
>>   
>>   
>> 
>> 
>> Kind regards, tastytea
>> 
>
>Simple math captchas  might work, but I have to find out how to implement it 
>into current php e-mail form.
>

I use Antispam Bee[1] for my contact form on my WordPress website. It works 
very well without any annoying capcha or anything. You could have a look at how 
they do it.

1. https://antispambee.pluginkollektiv.org/documentation/

--
Hund

Re: [gentoo-user] IPv4 broken beyond repair

2021-05-20 Thread Stefan Schmiedl 
"the...@sys-concept.com" , 20.05.2021, 23:20:

> On 5/20/21 1:29 PM, tastytea wrote:
>> On 2021-05-20 11:20-0600 the...@sys-concept.com wrote:

>>> It seems to me IPv4 is broken beyond repair.
>>> I'm trying to block spammers but they rewrite the source IP (that is not
>>> checked) so it is impossible to block them. 

>> A good measure against non-targeted spam is a hidden input field with
>> the name “url”. If the bot put anything in that field, throw it out.
>> Simple math captchas (like “what is 2 + 3?”) work well too.
>> If the spam is targeted, you'll probably need a more advanced captcha
>> solution.

> Simple math captchas  might work, but I have to find out how to implement it 
> into current php e-mail form.

I have a feedback form collecting customer comments, where the customer
has to acknowledge that their data will be evaluated and published.
Motivated by the GDPR, so a meh effort on my part at best.

In the last twelve months _no_ form spambot has give me the permission
to publish their spam, so it goes straight to the great bit-composter
in my backyard.

Very satisfied :-)
s.

Re: [gentoo-user] IPv4 broken beyond repair

2021-05-20 Thread Michael Orlitzky 
On Thu, 2021-05-20 at 21:29 +0200, tastytea wrote:
> 
> A good measure against non-targeted spam is a hidden input field with
> the name “url”. If the bot put anything in that field, throw it out.

And be sure to put a paragraph of (hidden) explanatory text above it so
that blind users with screen readers don't attempt to fill it in.

Another efficient trick is to change the "Submit" button to "Preview",
and have the real submit button visible only on the following page --
while they're looking at the preview. Most bots aren't smart enough to
follow the result of the first "click." For bonus annoyance, you can
add a "Cancel" button before the "Send" button; most bots just use the
first button on the form without regard for what it does.

Re: [gentoo-user] IPv4 broken beyond repair

2021-05-20 Thread thelma 
On 5/20/21 1:29 PM, tastytea wrote:
> On 2021-05-20 11:20-0600 the...@sys-concept.com wrote:
> 
>> It seems to me IPv4 is broken beyond repair.
>> I'm trying to block spammers but they rewrite the source IP (that is not
>> checked) so it is impossible to block them. Example below is from a
>> single source:
>>
>> 189.142.216.209 - - [20/May/2021:09:49:29 -0600] "GET /contact_us.php
>> HTTP/1.0" 200 25552 82.79.97.137 - - [20/May/2021:09:49:31 -0600]
>> "GET /vvc_display.php?vvc= HTTP/1.0" 200 4149 202.138.252.59 - -
>> [20/May/2021:09:49:33 -0600] "POST /contact_us.php?action=send
>> HTTP/1.0" 302 13 91.235.177.140 - - [20/May/2021:09:49:35 -0600] "GET
>> /contact_us.php?action=success HTTP/1.0" 200 24031 41.82.36.214 - -
>> [20/May/2021:09:49:37 -0600] "GET /contact_us.php HTTP/1.0" 200 25725
> 
> As long as the website is find-able by search engines, it doesn't
> matter if it is IPv4 or IPv6.
> A good measure against non-targeted spam is a hidden input field with
> the name “url”. If the bot put anything in that field, throw it out.
> Simple math captchas (like “what is 2 + 3?”) work well too.
> If the spam is targeted, you'll probably need a more advanced captcha
> solution.
> 
> See also:
>   
>   
> 
> 
> Kind regards, tastytea
> 

Simple math captchas  might work, but I have to find out how to implement it 
into current php e-mail form.

Re: [gentoo-user] IPv4 broken beyond repair

2021-05-20 Thread tastytea 
On 2021-05-20 11:20-0600 the...@sys-concept.com wrote:

> It seems to me IPv4 is broken beyond repair.
> I'm trying to block spammers but buy rewrite source IP (that is not
> checked) so it is impossible to block them. Example below is from a
> single source:
> 
> 189.142.216.209 - - [20/May/2021:09:49:29 -0600] "GET /contact_us.php
> HTTP/1.0" 200 25552 82.79.97.137 - - [20/May/2021:09:49:31 -0600]
> "GET /vvc_display.php?vvc= HTTP/1.0" 200 4149 202.138.252.59 - -
> [20/May/2021:09:49:33 -0600] "POST /contact_us.php?action=send
> HTTP/1.0" 302 13 91.235.177.140 - - [20/May/2021:09:49:35 -0600] "GET
> /contact_us.php?action=success HTTP/1.0" 200 24031 41.82.36.214 - -
> [20/May/2021:09:49:37 -0600] "GET /contact_us.php HTTP/1.0" 200 25725

As long as the website is find-able by search engines, it doesn't
matter if it is IPv4 or IPv6.
A good measure against non-targeted spam is a hidden input field with
the name “url”. If the bot put anything in that field, throw it out.
Simple math captchas (like “what is 2 + 3?”) work well too.
If the spam is targeted, you'll probably need a more advanced captcha
solution.

See also:
  
  


Kind regards, tastytea

-- 
Get my PGP key with `gpg --locate-keys tasty...@tastytea.de` or at
.


pgpCsdtr9FCix.pgp
Description: Digitale Signatur von OpenPGP

[gentoo-user] IPv4 broken beyond repair

2021-05-20 Thread thelma 
It seems to me IPv4 is broken beyond repair.
I'm trying to block spammers but buy rewrite source IP (that is not checked) so 
it is impossible to block them. 
Example below is from a single source:

189.142.216.209 - - [20/May/2021:09:49:29 -0600] "GET /contact_us.php HTTP/1.0" 
200 25552
82.79.97.137 - - [20/May/2021:09:49:31 -0600] "GET /vvc_display.php?vvc= 
HTTP/1.0" 200 4149
202.138.252.59 - - [20/May/2021:09:49:33 -0600] "POST 
/contact_us.php?action=send HTTP/1.0" 302 13
91.235.177.140 - - [20/May/2021:09:49:35 -0600] "GET 
/contact_us.php?action=success HTTP/1.0" 200 24031
41.82.36.214 - - [20/May/2021:09:49:37 -0600] "GET /contact_us.php HTTP/1.0" 
200 25725

Re: [gentoo-user] What groups should user "root" be in?

2021-05-20 Thread Hund 
On May 20, 2021 11:42:23 AM GMT+02:00, Dr Rainer Woitok 
 wrote:
>Aisha,
>
>On Wednesday, 2021-05-19 19:14:27 -0400, you wrote:
>
>> ...
>> Are you running your machine day-to-day as root?
>> That sounds like a recipe for disaster...
>
>Of course not.   But if that quote [1] had any substance in it, it COULD
>happen that some deamon running as user "root" failed  because of "root"
>not being in the correct groups.
>
>> That preaching aside, I do have audio working as a normal user and my groups 
>> are -
>> 
>> $ groups aisha
>> wheel video portage lxc lxd aisha
>> $ groups root
>> root bin daemon sys adm disk wheel floppy tape video lxc lxd
>
>So neither your own id nor "root" is a member of group "audio" and audio
>is working nevertheless.   Hum, that just triggers  the next question to
>all Gentooers: What the heck is group "audio" good for?
>
>> ...
>> > [1] 
>> > https://www.linuxquestions.org/questions/showthread.php?p=3640443#post3640443
>
>Sincerely,
>  Rainer
>

Here's a good explanation:

https://wiki.ubuntu.com/Audio/TheAudioGroup

--
Hund

Re: [gentoo-user] What groups should user "root" be in?

2021-05-20 Thread Dr Rainer Woitok 
Aisha,

On Wednesday, 2021-05-19 19:14:27 -0400, you wrote:

> ...
> Are you running your machine day-to-day as root?
> That sounds like a recipe for disaster...

Of course not.   But if that quote [1] had any substance in it, it COULD
happen that some deamon running as user "root" failed  because of "root"
not being in the correct groups.

> That preaching aside, I do have audio working as a normal user and my groups 
> are -
> 
> $ groups aisha
> wheel video portage lxc lxd aisha
> $ groups root
> root bin daemon sys adm disk wheel floppy tape video lxc lxd

So neither your own id nor "root" is a member of group "audio" and audio
is working nevertheless.   Hum, that just triggers  the next question to
all Gentooers: What the heck is group "audio" good for?

> ...
> > [1] 
> > https://www.linuxquestions.org/questions/showthread.php?p=3640443#post3640443

Sincerely,
  Rainer

[gentoo-user] Audio through second HDMI output on GPU?

2021-05-20 Thread Arve Barsnes 
Hello,

Resending this message, as the last time it was derailed by a question
about DE and pulseaudio, neither of which are relevant to this
low-level problem (and also not installed anyway, as I run a simple
openbox WM with alsa only).

Does anyone know anything about how to check audio through Nvidia HDMI outputs?

My regular audio is through the motherboard output, and I also have a
USB soundcard that I regularly use without trouble, but my HDMI is a
different matter.

I have a GTX 1080 card with two HDMI outputs, the first connected to
my main monitor, and the second connected to a TV. I've managed to
play sound through my monitor with aplay, but no luck with the TV.

aplay reports:
$ aplay -l
card 1: NVidia [HDA NVidia], device 3: HDMI 0 [HDMI 0]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 7: HDMI 1 [HDMI 1]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 8: HDMI 2 [HDMI 2]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 9: HDMI 3 [HDMI 3]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 10: HDMI 4 [HDMI 4]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 11: HDMI 5 [HDMI 5]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 1: NVidia [HDA NVidia], device 12: HDMI 6 [HDMI 6]
  Subdevices: 1/1
  Subdevice #0: subdevice #0

To get sound through the monitor:
aplay -D plughw:1,7 sample.wav

No luck on any of the other 6 devices reported. I suspect there might
be a setting somewhere on the Nvidia side that limits sound output to
one of these, and if that is so, I'd rather have the TV able to get
sound, as my computer have separate speakers and no need for the HDMI
sound output.

Any ideas for troubleshooting this welcome.

Regards,
Arve