Remember Toard - A text only Bulletin Board ?
After a while, I’ve fix some stuff.
Never thought that my old project is still a live till today lolz
Note to mods: Feel free to delete this thread if needed
7 Likes
It’s interesting how you’ve managed to create a bulletin board that looks somewhat old-school with the monospaceish but also manage to make it mobile friendly and usable at the same time 
6 Likes
New website design these days are good, but also heavy on device and just a waste of a time, is also the reason why i create a project that looks like oldschool.
The fact is that, I still coding on mobile till these days. And i glad that it’s mobile friendly
1 Like
Well, some small CSS to make it beautiful won’t make it slower… 
- Inter font
- More padding, less borders
- Less underlines, more buttons
1 Like
Fork & Pull is welcome
1 Like
Bump. I guess you could use Toard without worrying about spams now.
Pretty much things has been changed, Which includes two layer antirobot protection.
The great wall has approached.
Now you do not need to worry about some kind of attack especially when you host at Glitch.
- Now uses SQL (We use better-sqlite3 for the client)
- Fix monospace on WebKit browser.
- Fix creating thread after verification results 404
- Fix searching resulting error
Reported-By: Dwiky Rizky Ananditya <kyzsuki@gnuweeb.org>
- Increased limit on first wall.
- Move layout create <div> to bottom after reply <div>
- Change tab title when received new replies
- Post elements is no longer adjacent to replies.
Signed-off-by: Yonle <yonle@lecturify.net>
Feel free to Remix and build your own Text Bulletin Board
Source code: GitHub - Yonle/Toard: Text only Bulletin board
Glitch Project: Glitch :・゚✧
1 Like
The first protection (anti spam) is there, Which when it detects multiple POST request from same IP address for more than 5 times in under 30 seconds, It will dong the IP address. If the attacker still attempts to continue, The attacker IP address is permanently DONG-ed.
Additionaly, You could enable the 2 layers captcha system if the attack still continues in different IP addresses.
This captcha system is not enabled by default, but could be enabled by inserting the following column into config table at config.db database:
sqlite3> INSERT INTO config VALUES ("captcha", "yes");
Once enabled, You do not need to restart Toard server. If it saw captcha column, It already does what you wish for.
Anyways, there we go, the captcha screenshots (also works without JS).
Better than suffering in Cloudflare “Just in a second…” page, eh?
The antispam systems that i implement in my own here, I call it as “The Greatest DONG Protection Layers”
1 Like
1 Like
The captcha steps / How it works
Uses verify_sess cookie to work.
- It generates string
- Uses figlet to generate ascii from the generated string
- Generated ascii string splitted into arrays (
split("")) - Then distort the ascii string with
map(i => (Math.floor(Math.random() * 12) > 9) ? i : ".") - Restructure the ascii string back after putting random dots with
join("") - Inserting column into temporary database for this
verify_sesswhereansweris a generated string, while thequestionis the ascii string. The verification session only last for 3 minutes.
Verification steps
Look up at database for this verify_sess, If unavailable, Reject.
- Sees for matching answer. Whenever the answer match to the expected answer, Switch
stageas stage2. - Repeat the same process again, Except that generated string is now math question, with the
answeras the exact answer. - If correct, Insert post into database, then redirect user to the assigned path.
1 Like
I honestly find this really funny, there were similar examples of chatgpt also failing at drawing ascii art and recognizing shapes as well. Guess they didn’t think of this case yet, but maybe gpt 4 could do better.
1 Like
Hello.
An funny update here.
If IP ban is not enough,
Do an ISP ban.
Open up terminal, then type ./modtools/isp_block.sh Ovh or similiar ISP name.
Have a good day.
1 Like
Since many peoples do not know yet, Time to share some experience when this project was getting somewhat popular that then i do not realize that there is an attack going on (due to ratelimit).
When the rate limit is gone, I witnessed this:
The actual attack actually making atleast 4K of new blank threads.
Fortunately it was a easy to bulk remove these spams tho
And because of this, I created a relatively simple spam-per-IP detection system into the backend, and then deployed right when the attack is still on action.
The system did the job, that then automatically block the IP address.
So how is the container doing?
Pretty well.
When the attacker noticed about the attack, he managed to talk with me. And so i did.
Refs: https://toard.glitch.me/1000016 & https://toard.glitch.me/1000015
And finally, The captcha system implemented.
1 Like
So you think it ends here?
Nope.
A week later, Same attacker is back but this time going to my Tird server at https://yonle.lecturify.net, being offtopic and spamming same images on every single thread.
At the same time i created modtools that could do stuffs regarding this situation including “Nuking a thread”. So, The same attacker waves at me again, But at bad timing.
Really bad timing actually
Second take from him?
Ah yes, Say hi again to “The Agenda”
Alright. Second thread nuked again.
Another takes? Yes he did. He change his IP again after i banned him.
Which then i banned the entire Cloudflare Warp IPv6 Subnets.
So what next?
He tries to spam my third Toard server again.
Then what? Of course. Bulk Delete then IP ban.
Few days later, I decided to implement ISP ban that could also done by whois-ing client IP address, which then making it easier to ban certain ISPs including Cloud Hosting Providers.
So then i decided to ban every single known Cloud Hosting Providers.
And the end.
That is how modtools born and the moderation gets somewhat tighten and damn strict.
3 Likes