NodeBB v4.0.0 — Federate good times, come on!

They appear on mine @cagatay but not on yours. Not sure why.

@abcabc123 this is being resolved over at https://sudonix.org. Please avoid posting in multiple locations as this just adds confusion and removes value.

@abcabc123 It will do - I did tell you this would happen resolv.conf is deprecated.

@darkpollo have a look at /admin/settings/general and around half way down, you'll see

@darkpollo said in [nodebb-plugin-2factor] Two-Factor Authentication:

Also you trying to tell me I cannot detect ofensive comments because I am not English native is also kind of dismissive as well.

This will be the last comment I make on this subject, but I never made any assumption that you could not detect "offensive" comments - it is your interpretation. If you find it offensive, then so be it - I cannot and will not attempt to change that view based your response.

@darkpollo said in [nodebb-plugin-2factor] Two-Factor Authentication:

if they got access to anyone email, then the person have other issues bigger than a forum credentials.

Correct. And if they make use of password recycling, then they likely have access to much more in the process - not just a forum. Humans have a bad habit of making things easier to remember and will re-use passwords across the board. This in itself seriously dilutes the effectiveness of security.

Finally, there is no corporate entity on this planet that will agree that SMS for 2FA is a good idea. Period.

@darkpollo if you are having to ask ChatGPT if a specific "tone" is offensive, then I can only assume English is not your primary language. I assure you, as an English-speaking native, that there is absolutely nothing offensive in anything written by @Astro-What. The response is more aligned to frustration in the sense that if someone has control of sensitive information yet makes use of insecure methodology in order to access it, they should not have access in the first place.

@darkpollo said in [nodebb-plugin-2factor] Two-Factor Authentication:

Not asking for SMS; just for mail, which is best than nothing and better than SMS (imho).

This is in fact much worse than SMS authentication as the secondary factor. If a hacker gains control of your email, there is nothing else in their way to prevent them from accessing your site. Your email becomes the holy grail, and itself should be protected by 2FA.

@darkpollo said in [nodebb-plugin-2factor] Two-Factor Authentication:

TOTP is not 2FA for start.

This statement is incorrect. TOTP IS a form of 2FA. Without the 6 digit time-sensitive number changing every 30 seconds, you cannot login, therefore, it is a second factor.

@darkpollo said in [nodebb-plugin-2factor] Two-Factor Authentication:

If you are going to start insulting people, I will go somewhere else.

I think you are being somewhat over sensitive here - @Astro-What is not being insulting at all - merely responding to you. The point being made around TOTP not being difficult is 100% correct and really isn't condescending in any way.

I agree, that SMS as the second factor is certainly better than nothing, but in the security community, this method is frowned upon because of how easily it is circumvented. TOTP isn't perfect either, but it's certainly more secure than SMS by a mile.

This has been resolved. NodeBB setup, and installed for user.

@abcabc123 resolv.conf won't survive a reboot in terms of changes as its considered deprecated. You might want to test this first.

@abcabc123 you should take this up with the vps provider you are using. If there is no Internet access, the machine can't be reached remotely meaning we cannot access it.

@Tracy wow. That's impressive. I'm from the VAX/VMS days with a strong background in Unix. I fondly recall the DEC days alongside AIX.

@Tracy you sound as old as me

@Tracy probably the same with me then as I can't ping it either. I know the user is in Asia.

@Tracy could well be behind a firewall or iptables.

@Tracy I'm in contact the site owner and have login details as root.

@Tracy yes, I too have seen similar over on Sudonix. I've put myself forward but yet to have any response.

@abcabc123 https://sudonix.org/topic/693/please-help-me-i-can-t-install-nodebb

@eeeee said in Emails still not sending, 535:

This is where I get stuck, where is the DMARC/SPF/DKIM configured and what should it be configured as?

These are DNS records that validate you as a legitimate sender. You need to add these to your DNS configuration. There are plenty of guides on the Internet in relation to this and most include wizards that will first ask questions concerning how you intend to send mail, and will then build the record for you. You just then next to paste this into a TXT record at your DNS provider.

SPF, DKIM & DMARC: What Is It? How to Set It Up

SPF, DKIM & DMARC guide. Learn what they are and how to set them up in your DNS records, for better control over your email deliverability.

Woodpecker Blog (woodpecker.co)

@darkpollo that in my view defeats the entire purpose of 2fa. If your email was hacked, they'd also have the two factor which is what your are looking to secure in the first place.