Skip to main content
Recent Posts
1
Addons / [Addon] SSO/Social Login - Google/Facebook
Last post by vbgamer45 -
Version: 1.0.0
Author: vbgamer45
Website: https://www.elkartemods.com/
Compatible with: ElkArte 1.1.0 - 1.1.99


Live on https://www.elkartemods.com/ with Google to use!
Download Link: https://www.elkartemods.com/index.php?topic=65.0

================================================================================
 DESCRIPTION
================================================================================

SSO / Social Login adds OAuth 2.0 social login support to ElkArte. Users can
sign in or register with one click using their Google or Facebook account.
Buttons appear on the login and registration pages automatically.

Features:
  - Sign in with Google
  - Sign in with Facebook
  - Auto-links existing accounts by matching email address
  - Optional auto-registration for new users
  - Extensible provider architecture (add new providers easily)
  - Admin panel for managing settings and provider credentials
  - Profile page showing linked SSO accounts with unlink option
  - CSRF-protected OAuth flow with server-side token exchange
  - Styled login buttons with official provider branding

================================================================================
 REQUIREMENTS
================================================================================

  - ElkArte 1.1.x
  - PHP 7.0 or higher
  - PHP cURL extension enabled
  - SSL/HTTPS recommended (required by most OAuth providers)

================================================================================
 INSTALLATION
================================================================================

  1. Download the package zip file
  2. Go to Admin > Packages > Install a New Package
  3. Upload and install the package
  4. Navigate to Admin > Configuration > SSO / Social Login
  5. Enable SSO and configure at least one provider (see below)

================================================================================
 CONFIGURATION
================================================================================

After installation, go to Admin > Configuration > SSO / Social Login.

SETTINGS TAB:
  - Enable SSO / Social Login: Master on/off switch
  - Auto-register new users: When enabled, users signing in via SSO who don't
    have a matching forum account will have one created automatically

PROVIDERS TAB:
  Configure each OAuth provider with credentials from their developer console.
  Step-by-step setup instructions are shown for each provider.

  Google Setup:
    1. Go to https://console.cloud.google.com/apis/credentials
    2. Create a project and OAuth 2.0 Client ID (Web application type)
    3. Add the Redirect URI shown in the admin panel to Authorized redirect URIs
    4. Copy the Client ID and Client Secret into the admin panel
    5. Configure the OAuth consent screen with your forum name

  Facebook Setup:
    1. Go to https://developers.facebook.com/apps/
    2. Create an app (Consumer or Business type)
    3. Find App ID and App Secret under Settings > Basic
    4. Go to Facebook Login > Settings
    5. Add the Redirect URI shown in the admin panel to Valid OAuth Redirect URIs
    6. Copy the App ID and App Secret into the admin panel
    7. Set the app to Live mode for production use

================================================================================
 HOW IT WORKS
================================================================================

  1. User clicks "Sign in with Google" (or Facebook) on the login page
  2. User is redirected to the provider's consent screen
  3. After authorization, the provider redirects back to your forum
  4. The mod checks for a matching account:
     a. If the SSO identity is already linked -> logs in
     b. If the email matches an existing member -> links and logs in
     c. If no match and auto-register is on -> creates account and logs in
     d. If no match and auto-register is off -> shows error with instructions

  Users can view and unlink their SSO accounts from their profile.
3
Addons ideas and questions / Re: Helpdesk
Last post by Burke Knight -
@vbgamer45  & @Spuds

I'll try it out on a test site when I get settled. Will be moving to a new place this coming week, so may be a bit before I can.

I'm guessing it's for 1.x ?
4
Chit Chat / Re: Tips for Bots
Last post by vbgamer45 -
Yeah it was wrecking me and I had hardware firewall/software firewall, had to pull out all the stops.  Did switch to cloudflare as well which helped a ton.
I have done so much apache/fastcgi tweaking along with the database to handle the loads.    The worst is when I would get hit 50k to 100k bots at one time.
I do a lot of research the asn's i use ip2location.co.m If you use cloudflare be careful with your mx record proxing/email sending I run reports via https://mxwhiz.com/ to do double check  (mine btw)

Downside of blocking older chrome versions is windows 7 users would be cut off if they used chrom.
5
Addons / [Addon] Awesome Post Ratings
Last post by vbgamer45 -
Awesome Post Ratings
Developed by: vbgamer45
https://www.elkartemods.com

This is a port of my paid modification for SMF. I started this a long time ago for Elkarte finally fixed the last bugs I had.

Download: https://www.elkartemods.com/index.php?topic=64.0


Mod Information:
For Elkarte 1.1.x

Adds a way to rate posts based on various rating types!
You can customize and add your own ratings. Ajax based ratings.


Install Information:
Install via the Package Manager via upload package.

Icons by Fam Fam Fam Silk http://www.famfamfam.com/lab/icons/silk/
6
Chit Chat / Re: Tips for Bots
Last post by Spuds -
Glad I'm not alone on this I've been in bot fighting mode on my sites for the last few days!

Other items that may help, depending on your site, traffic, location, etc.

Many requests are coming in coming in on groups of ipv4 /16, which is a group of ~65.5K address (xxx.xxx.123.123). For my sites that is not normal traffic but YMMV.  I wrote a script that grouped those /16 hits (from the access log) and if it finds more than xx IP's in a group (i use 10) in the last 15min's then I write it to a log file and use fail2ban to block that entire xxx.xxx.0.0 sub (use ipsec).  If you have some really small local group you can whitelist that sub. I now have over 400 of those subs blocked.

nginx has geoip2 (via max mind) so you can use that to GeoIP fence to countries and block ones you know are not in your zone. I know some folks take issue with that but honestly to bad, you have to work through an attack!  I will say, however, most of the bot traffic was out of US address (proxies) so Virginia TX and WA were common whois endpoints, but still that drops some of the crap.

Last thing that can be helpful is bots tend to flood on connection attempts.  Another script, this one groups connection limit failures (from the error.log) over a given limit/time threshold that also have PHPSESSION in the url and -> ban.  Guests are not opening 30+ connections to login or browse a site, and to be honest even with cache off and trying to beat on a site from your own IP, you will not trigger that either.

I may add that low chrome version check, more bot pain! I've seen high values but those are from variants (vivaldi for example), but i did not consider old cruft thanks for the idea!
7
Chit Chat / Tips for Bots
Last post by vbgamer45 -
Tips for Bots
Use cloudflare for geo blocking of countries/asn's works great. You can also challenge users instead of block if you are concerned.
Code: [Select]
(ip.src.country eq "CN") or (ip.src.country eq "HK") or (ip.src.country eq "VN") or (ip.src.country eq "BR") or (ip.src.country eq "AR") or (ip.src.country eq "EC") or (ip.src.country eq "UY") or (ip.src.country eq "IR") or (ip.src.country eq "SG") or (ip.src.country eq "IQ") or (ip.src.country eq "BD") or (ip.src.country eq "VE") or (ip.src.country eq "CL") or (ip.src.country eq "PY") or (ip.src.country eq "MX") or (ip.src.country eq "PA") or (ip.src.country eq "BG") or (ip.src.asnum eq 136907) or (ip.src.country eq "SN")

Block old chrome versions or challenge if using cloudflare and block empty user agents
For apache httpd.conf below
Code: [Select]
# Block empty user agents
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^$ [NC]
RewriteRule .* - [F,L]

# Block Chrome below 120
RewriteCond %{HTTP_USER_AGENT} Chrome/([1-9][0-9]|10[0-9]|11[0-9])\. [NC]
RewriteRule .* - [F,L]
Clouldflare block chrome
Code: [Select]
(http.user_agent contains "Chrome/100." or http.user_agent contains "Chrome/101." or http.user_agent contains "Chrome/102." or http.user_agent contains "Chrome/103." or http.user_agent contains "Chrome/104." or http.user_agent contains "Chrome/105." or http.user_agent contains "Chrome/106." or http.user_agent contains "Chrome/107." or http.user_agent contains "Chrome/108." or http.user_agent contains "Chrome/109." or http.user_agent contains "Chrome/110." or http.user_agent contains "Chrome/111." or http.user_agent contains "Chrome/112." or http.user_agent contains "Chrome/113." or http.user_agent contains "Chrome/114." or http.user_agent contains "Chrome/115." or http.user_agent contains "Chrome/116." or http.user_agent contains "Chrome/117." or http.user_agent contains "Chrome/118." or http.user_agent contains "Chrome/119." or http.request.uri.query contains "action=printpage" or http.request.uri.path contains "printpage")


Turn off certain forum features for guests.

Make sure your site supports HTTP2 for your webserver.

Tweak your PHP/Database settings. User latest versions.

But in generally tweak, all settings, from webserver, php, database. The defaults are not enough for bigger sites.