Pale Moon forum

We'll be taking the forum down for some extended maintenance and system-level changes at 13:00 UTC today (Nov 20th 2019).

We'll be making a few changes to how the forum stores information, which will have an impact on your use:

• To prevent abuse, we'll be filtering out known bad bots by user-agent from this point forward at the web server level. This should not impact you but if you foolishly use a user-agent randomizer extension then you may have your access blocked.
• To strengthen our user privacy handling, including guest visitors, we'll be making the phpBB session table (which includes visitor IPs, user agent strings and various data about last visited boards and times) volatile: it will be stored in memory only and not committed to disk. This means that for some of you, you may be logged out of the forum whenever the database server is restarted (due to e.g. software updates). If you do not mangle your website cookies too badly, though, a re-login could be automatic and transparent.
• For the same reason (and to prevent potential status bleeding to a new user on the same IP/a public computer) we will no longer be marking guest visitor post read status in the database.
• We will also be setting our log retention to 11 days for webserver logs.

Maintenance has been completed.

While these changes were made, we've additionally tightened some settings around browser verification and session hijacking risks; this may impact you if your IP changes regularly or if you use dynamic proxies/VPNs.

What brought this on? Has there been particularly potent abuse recently?

It's called "being pro-active"

After the down time for maintenance was done, the system logged me out.

So I entered my username and password, clicked on "keep me logged in" and then clicked on Submit and the system said "invalid username or password". Tried the same thing two more times and I got the same "invalid" prompt.

So I clicked on the "forgot my password" prompt. Box comes up and I enter my email address and then I clicked on Submit. The system prompt to me was, "does not recognize (or something to that effect) my email address". I went to my log book and I had the right email address to confirm I using the correct password with the correct capital letters, correct lower case letters and correct numbers.

So then I decided to get some lunch and after lunch, try again. After lunch; I cleared my cache, my cookies, my history and tried again. I entered my user name that was denied before and also entered my password that was denied before as well, clicked on "keep me logged in", hoped for the best, then clicked on Submit and this time I was logged back in.

Once I was logged in, went to my User Control Panel to check on my email address in "edit account settings" and the email address is the same as the one which the system didn't recognize. So some others who are registered members might experience the same thing I ran into when trying to log back in.

If you run into issues logging in (I did not, while I was also logged out after the downtime as expected) you can try using the "delete cookies" link at the bottom of forum pages. Note that the actual cookie name HAS changed so if you were specifically whitelisting individual cookies, you may be inadvertently be blocking the new cookies by name now. Be a little less aggressive in your blocking of the forum cookies in that case, since cookie names may change from time to time (as recommended by phpBB whenever you change cookie settings)

Admin wrote: ↑

2019-11-20, 12:01

[*]We will also be setting our log retention to 11 days for webserver logs.[/list]

I'm interested in the reasons why you picked 11 days as treshold instead of 7 days or 14 days

Actually, it should have been 10 days.

Why 10 days? Because that is the time the EFF indicates as striking a good balance between privacy and operational necessity. 7 days would be too short because it would not allow weekly statistics aggregation or log evaluation for abuse. 14 days is what it was at, but we've now shortened it to fall within the bounds of what is considered the desired balance of privacy/security.

This period of time balances privacy concerns with the need to ensure that log processing systems have time to operate; that operations engineers have time to monitor and fix technical and performance problems; and that security and data aggregation systems have time to operate.

We'll be working towards being compliant with the EFF's posted "Privacy-friendly Do Not Track policy"^[1]. Once compliant, the policy will be posted in the /.well-known files area of the relevant web assets of palemoon.org. This should be a formality since we do not track users across the web, and we should only need to worry about the log retention policy on various servers to become compliant.

[1] https://www.eff.org/dnt-policy

Upon further investigation it won't be possible for us (or any domain that has a forum allowing user content with embeds and links) to follow this "Privacy-friendly Do Not Track" policy to the letter, since it's too restrictive and catering only to domains for which content is fully controlled by the operator(s). For example, providing a functional forum to guest users wouldn't be possible, and allowing users to link to/embed images hosted elsewhere would not be an option either (since those domains can't be controlled).

So, we won't be able to be compliant with this as long as we operate a community forum.
However, we will still be taking privacy conscious steps otherwise to minimize retention of user data, especially for those that are just visitors with no accounts, following the posted policy as a guideline where we can.

I too have had trouble signing in to the forum similar to Night Wing. Went round the houses clearing cookies, history, cached web content, etc. No luck. Then tried using firefox. No luck. Closed and restarted PM each time. changed privacy settings for cookie storage on then off and kept trying to log in. Also had ublockorigin turned off. Even tried safe mode.

It took maybe 15 mins before it accepted my password and signed in ok.

Strange. There's no server-side caching going on for that so I'm not entirely sure what's up.
If this is a problem for more people, I can purge all session keys from the db (which will effectively hard log out everyone).

Didn't have any issues here. Though, I use Sandboxie for the browser so nothing is kept and cookies/cache are dumped on exit.

I briefly had an issue yesterday where I was unable to log in, and an error message that said something like "Invalid form, please resubmit". It cleared up eventually, not sure what it was about.

I purge history each time I close my browser, so I don't believe it was a cookies or cache issue. And the issue occurred on multiple clients.

I'm guessing whatever the phpbb devs did recently with their form validation didn't like the changes made and would invalidate the form. It would then have to time out and expire the token before refreshing to something that works.

I hadn't experienced any login problems until a few minutes ago.

But just now, while already logged in, I got an "invalid form" message when trying to to follow a link that was posted in the Off Topic board to another thread in the Off Topic board (which requires logging in again).
Edit: The problem seems to have cleared up.

Isengrim wrote: ↑

2019-11-22, 11:26

[...] I was unable to log in, and an error message that said something like "Invalid form, please resubmit".

I experienced the "invalid form submitted" error this evening, before 23:00 CET.
Clearing the cache including all cookies did not help.
Mysteriously logging in worked again roughly 20 minutes later.
Do I have to mention that I had never ever come across the same "invalid form submitted" error message, before the most recent changes to the forum software?
Something is not working right, me thinks. Whatever the root cause may be.

~~Sat. 23-11-2019 10:50 CET~~
This morning logging into the Pale Moon forum has worked twice without any hickups.

coffeebreak wrote: ↑

2019-11-22, 22:09

I hadn't experienced any login problems until a few minutes ago.

But just now, while already logged in, I got an "invalid form" message when trying to to follow a link that was posted in the Off Topic board to another thread in the Off Topic board (which requires logging in again).

"The submitted form was invalid. Try submitting again."

Edit: The problem seems to have cleared up.

This has been an issue with phpBB and there is a solution, but I can't remember it. Googling "The submitted form was invalid. Try submitting again. phpbb" will probably shed some light on the issue.

I have been attempting to log-in to the board all morning (for 2-3 hours).

I would continually get the following attempting to log-in (trying all of the approaches mentioned below): The submitted form was invalid. Try submitting again.

After numerous failed attempts getting the above message (both clearing cookies and clearing all cache and rebooting computer and doing all of this in safe-mode as well) -- I tried creating another account to be able to post the problems I'm having.

Numerous attempts to create a new account also failed (once again cleared cookies, cleared cache and tried rebooting as well as doing all of this in safe-mode).

I initially got the following (attempting to create a new acct):

The username you entered is too short.
The password you entered is too short.
The password confirmation you entered is too short.
The submitted form was invalid. Try submitting again.
You have incorrectly sorted the items to the correct list of the confirmation question.

The password I was using before was only 5 characters (I upped it to 8 to avoid password issue)


but I continued to get the following for all attempts including in safe-mode (again trying all the approaches mentioned above):

The submitted form was invalid. Try submitting again.
You have incorrectly sorted the items to the correct list of the confirmation question.

I understand there is an issue causing the first issue above but...

... I am confused at why I'm getting the "You have incorrectly sorted the items to the correct list of the confirmation question." when attempting to create the new account when it appears my entries are valid.

Here are a few of my responses: So I finally tried logging-in using Firefox and I was successful hence able to post this.

Can this be fixed to that I can log-in to the forum using Pale Moon -- Please?

Question: As stated I WAS able to log-in using the Firefox browser and did so using my 5 character password I've always been using...

Would updating my password (now that I'm able to log-in using Firefox) to 8 character make any impact on being able to log-in to the forum using Pale Moon?

At this point now that I've FINALLY been able to log-in using Firefox I'm reticent to try anything else because I apparently can't create a new account and if I'm unable to log-in (in the event I'm logged-out again) I am unable to post anything in the forum and thus unable to get any help.

ADDENDUM:

I found myself logged-off again and as a result found that I am now able to log-in to the forum using Pale Moon.

So presumably all is fixed now!!!

The only thing that might be worth looking into as far as what I've posted is perhaps the "You have incorrectly sorted the items to the correct list of the confirmation question." results I was getting for what appears to me to be totally valid responses to the dialog (or perhaps this will work now as well )

I just had the same problem as other users before me mentioned. It resolved itself in, yes, about fifteen minutes.

Tharthan wrote: ↑

2019-11-23, 16:27

I just had the same problem as other users before me mentioned. It resolved itself in, yes, about fifteen minutes.

Of course I'm currently logged-in as a result of using Firefox -- and after all the problems over all the time spent this morning I'm reluctant to log-out just to test a Pale Moon log-in..... So I guess I'll just stay logged-in and hope if I ever find myself logged out again all of this won't all happen again. The issue appears resolved in my case as well -- however it appeared to take longer than 15 minutes.