@julian said in Setting up email for nodebb:
Could be you need proper DKIM and SPF records.
Could also be missing the AAA
record if the server is sending as ipv6. This is definitely the case with Gmail.
Users helping the NodeBB team spread the word!
@julian said in Setting up email for nodebb:
Could be you need proper DKIM and SPF records.
Could also be missing the AAA
record if the server is sending as ipv6. This is definitely the case with Gmail.
@NodeHam Sorry for late response. Can you provide a bit more detail as to what you want to achieve? For example, would the iframe
component be the same for each user, or would each user have something different?
One cheap way to accommodate this would be via NodeBB's hooks, and a custom jQuery function in lieu of a plugin.
@JDouglas You should target the below CSS class for this
li[component="categories/category"] .title
You could just use .title
although this is a shared class, and without explicit definition as above, it will have undesirable effects.
@eeeee said in Do you have limited or full access to your host?:
I did have this conversation previously with @phenomlab, and I recall we were looking at around $40 a month upwards for a dedicated host
If you're fine with Oracle and willing to ensure there is some constant load on your server (from my experience just running Mongo+Redis with some cache for NodeBB will do fine for their usage detection), Oracle Cloud Infrastructure is still waving a huge free tier carrot in the form of 4 ARM64 cores w/24GB of RAM w/200GB total disk space (you can distribute these across up to 4VMs)
Otherwise - Hetzner has a great offer. NodeBB deployments are mostly RAM-bound, so I'd personally go for ARM here too - since NodeBB doesn't really have any x86-specific dependencies (also, if you want to save a buck, or rather €0.60, you can put an IPv6-only server behind Cloudflare and get IPv4 connectivity for free ).
You really don't need dedicated unless you really have a lot of users - it may be worth it if you want to host many services (since you can run your own VMs there) or if you actually need a full CPU-worth of performance, but again - the heaviest part of NodeBB is typically the database (and maybe caches), you're almost certainly not using that much processing power to serve a forum
(As for the experience topic, I'm not sure if I can really comment when I'm still in my early 20s, below the lowest concrete number thrown here )
@NodeHam said in Replacing header/user image with something else:
Therefore, I find what I've read hard to believe so thought I should ask here.
It's possible to perform something called Clickjacking, which is a malicious technique used by attackers to trick users into clicking on something different from what they perceive they are clicking on. Also known as UI redress attack or user interface (UI) deception attack, clickjacking involves overlaying an invisible layer over a legitimate webpage or interface element, such as a button or link. When the user interacts with what they see on the webpage, they are unknowingly interacting with the hidden elements, which could be links to malicious websites, downloading malware, or performing unwanted actions like giving access to personal information.
For instance, an attacker might overlay an invisible button over a "Download" button on a legitimate website. When a user tries to download something from the website, they unwittingly click the invisible button, triggering a download of malware instead.
Clickjacking attacks can be carried out through various means, including iframes, CSS opacity, or other web technologies. To protect against clickjacking, web developers can implement security measures like frame-busting scripts, X-Frame-Options HTTP header, or Content Security Policy (CSP) directives. Additionally, users should be cautious when interacting with unfamiliar or suspicious websites to avoid falling victim to clickjacking attacks.
As an example
<!DOCTYPE html>
<html>
<head>
<title>Clickjacking Example</title>
<style>
#overlay {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
opacity: 0; /* Make the iframe invisible */
z-index: 9999; /* Ensure it's above other content */
}
</style>
</head>
<body>
<h1>Welcome to Our Website!</h1>
<p>Click the button below to claim your prize:</p>
<button onclick="claimPrize()">Claim Prize</button>
<!-- Invisible iframe overlaying a legitimate website -->
<iframe id="overlay" src="https://legitimatesite.com"></iframe>
<script>
function claimPrize() {
// Code to handle claiming the prize goes here
alert("Congratulations! You've won a prize!");
}
</script>
</body>
</html>
Using relatively simple techniques, it's possible to inject malicious code into your own site. As you alluded to, securing using the correct headers is a good start, but if it were me, I'd avoid this altogether.
@julian said in Blog comments on external blog website:
@crazycells ah sorry, I didn't respond because I wasn't sure...
But I think it should be fine. Technically according to browser security policy, nodebb.org and community.nodebb.org are essentially different sites.
So if you used a different domain the same restrictions apply, but the plugin should still work.
Thank you very much, we will try it and report the outcome then...
hi @julian , sorry bugging you with this question... I wonder if we can give our forum the comment access of another blog using this plugin. forum and blog websites will be on completely separate domains...