Website of Elive, updates and changes

elive topaz specific instruction s page should be updated to modern times (example : "pay to install", "use the beta versions for cost free", etc)

also, on download page you should have more prominent details on how to report a broken download

thanks @TheTechRobo, all reports fixed or improved

More features:

• Emails inserted includes a few verifications to know that they are valid ones
• Emails that have been hardbounced (fail) in the past are warned to the user when inserts their email to download Elive
• A captcha system has been implemented (thanks @PrinceAMD helping to implement it), so this will avoid robots inserting fake emails, which may have been probably the cause of many spam issues in the last months

image742×418 31.1 KB

I thought he was the person you paid ? Does he still volunteer or something?

yeah in the past, actually not volunteering but we still friends and yesterday helped me setting up the catcha quite fast

I don't want to announce anything yet (not finished work) but im working -a lot- in the emailing system of the website of elive, im improving all the structure, for now we have a very good thing that will avoid people (or bots) entering fake emails, well, all the info is explained in the screenshot:

image664×530 47.7 KB

more features to come in progres... I will ping @TheTechRobo in the future to improve all the wordings on the website messages

Would asking for a verification from the same address be an option .... or do the bots have that covered too?

both yeah

bots seems like has this covered, i have see some emaisl which "clicks to every link found in the email" so yeah, there should be a lot of confirmations by bots too

and, asking for confirmation is also a bad thing, in the last months there have been many emails inserted which are fake, making the server sending emails to everywhere (and thus, being categorized as spammer), so the best is to avoid in a first time to have emails inserted that are not reals

a very complex topic! but at least the website is receiving a lot of improvements with the new changes made...

That pink box you showed looks a LOT better than what I see.

they are different things, the one of your screenshot is a simple javascript that checks what you are writing in realtime, so if you include "@hotmail." it will show you this message, same but other message with other addresses like yahoo, etc (other ones that we are blacklisted at the moment), of course it can be improved to look better very probably looking like the other one, which works entirely different: the other one is on php, it verify if that email is on the database and if was hardounced on the past, or it validates the email (checks if the MX's of the domain exists, which is a very simple and not so reliable verification), now it verify via smtp if the email really exist AND if we can deliver to it

Suggestions about the ugly message? (yeah it can look nice like the other one, BUT about UX, i tried to put it in the bottom of the box: wrong, because there you have the autofill showing and it will be unreadable, and in the top: wrong, because it moves your writting box down in realtime and is a bit annoying... so in the right is not so bad, it shows to the user what needs to show

I have been working for infinite days (almost one month already) and im really tired of this (and not yet finished), but the emailing system is much more reliable now (the biggest amount of work is now by re-checking and removing all the old fake emails inserted by spambots).

There's a summary of the steps:

• the download-delayed button now looks nicer and with a (useless) animation, and includes multiple-verification of the email inserted as in these steps:
• honeypot: a small trick to avoid spambots which seems to work quite well, in case is a spambot, a "false positive" message is shown (in order to confuse the mudafaka programmer of spambots):

We have sent you a confirmation email.

Your download ID is: xxxxxxxxx

• email basic validation (includes an AT, a dot, etc...), with message:

Insert an Email address where you wish to receive the download

• verify if already subscribed/unsubscribed: on this point no more checks are made, because they are meant to be considered "real subscribers" (after to have finished the full cleanup)

• MX verification: if the email has no mx servers published, fail, this is a basic need for validating emails, message is:

This email is not accepted as valid because has no MX server, try again in a few seconds or use a different Email provider.

• Disposable addresses: to strict the use of real emails for both quality and real subscribers, we require to not use disposable addresses (temporal emails), remember that anybody can unsubscribe in any moment or also not subscribe and this is respected, message:

Temporary (disposable) email addresses are not allowed, please use a real one, you will not be subscribed if you don't confirm your email or you can change these preferences anytime

• hardbounced in the past: these are emaisl which "failed" to send in the past (like all the hotmail ones at the moment), in such case, a fast test to see if we can -actually- deliver to the address is made and the email is reactived as subscribed state, in case we cannot deliver, a message is shown to the user:

Unfortunately, this email is unable to receive emails from Elive, use a different one.

We are sorry but your email provider is not accepting right now emails from us. The only way to solve this is to write to your email support and asking them to whitelist the emails from elivecd.org. If you are using Hotmail or any Microsoft service we strongly encourage you to switch to a more reliable email like Gmail, otherwise, you will always have problems like this with any kind of email

also, as you see this is an "im sorry, karma" attack to these OMG-so-shity email services of MicroSh t

• already waiting?: sometimes users insert again the email thinking they didnt' received anything, message:

Already included, please wait the needed delayed time to receive your download

• email is spammer? an email can be valid, but if it was reported as a spammer email, so we don't want to use emails from spambots and especially if they are marked as spammers nomaterwhat, message:

This Email was reported as fraudulent on the cleantalk.org website, which we cannot use in order to avoid spambots, if your email is real please contact us to know how to improve the filters.

• SMTP verifications: this step verify's if the email / account really exists, among similar filters, message:

Invalid Email.

This email seems to be incorrectly typed, fake, abandoned, or its provider service is rejecting to receive emails. Please use a different one, we suggest using Gmail addresses.

• delivery test: this is a test to just know if we "can deliver" the email, message:

WARNING: seems like we have difficulties delivering emails to "DOMAIN", so we cannot confirm that you will receive our email. We suggest using a different address instead, like Gmail.

and then, the email is considered valid and inserted, otherwise trashed (except the last step which includes it -already-, because is not 100% proof)

@TheTechRobo do you have suggestions for the wording of these messages? (the quoted ones)

I suggest you use "email-address" consistently and just email for the sent message itself.

There's a few bad wordings, here and there but not too many.

• It would be easier for others to correct if a post, asking for corrections is set up as a (temporary) wiki/howto .
• Mucking about quoting quotes and correcting those quoted quotes isn't easy.

Created one here: https://forum.elivelinux.org/t/hardening-elive-email-server
and edited some of the wordings. Would be nice if someone else checked those again.

how would you know this??

Most of the issues are because of run-on sentences, like this, they're very hard to read, they take a while to read, and so you should split it.

i know, but wordpress is a very sh#tty platform, too easy to break things up (also, these messages are in code), its very risky to touch anything in wordpress especially if you don't know "what things cannot be touched because breaks the entire solar system" or "how to fix X when Y happens"

by other side, after the new website will be start to be written (that's in process), maybe we can do that, a direct editing from the website itself, but from a temporary website https://webtest2.elivecd.org (user and pass is visitor / welcome), which is -ATM- a copy of the real website, but that stills being a little tricky and unreliable, let's see if we can do that soon

the second entry is an invisible fake "email" entry, spambots will fill up it, humans don't see that, so if is filled, submit is trashed

$ curl -Ls https://www.elivecd.org/newsletters/ | formfind
...
  Input: NAME="email" (EMAIL)
  Input: NAME="n_503e284f44_email" (EMAIL)

what do you mean? well, if you have suggestions for the quoted ones just tell me, so I can re-insert them, but basically these messages shows up like this one: Website of Elive, updates and changes - #108 by Thanatermesis (these ones in the same sizes, so that example includes 2-different font sizes, but of course this can be included if wanted)

note: probably today we can see running the new email validator, published i mean

That would mean we couldn't write any code in any Howto or post.
Anyway the job is done. The result is here.

In that case I still don't see why the website rewrite will still be using wordpress.

Let's move to angular + net core combo?

Or Flask or Drupal or Joomla! or something.

I've also heard good things about this:

i mean the wordpress platform is very delicated, very buggy prone and with lots of "things to know in order to not break everything" (fortunately it improved a bit over the time)

depends on specific plugins and templates using, just like a big marketplace of available plugins in case of extra ones needed, to migrate to something else will requite a very huge investment of time and/or economic

The new "delayed download" buttons are enabled back into the Stable download page, with all the features mentioned, in short: you cannot insert a fake email

starting to betatest it and see that there's no spambots anymore...

More improvements to avoid spambots:

image708×216 23.4 KB

• fake emails are catched and shows as errors
  • unless it really exists, on such case the user receives the first message (you used another email insead of yours? oh so soooorry, now you need to wait 1 hour , karma!)
• 3 failed attempts = banned from the website for 2 days (humans included, let's kick those madafukas)

the system is becoming smarter than ever