This thread is for all your simple questions about installing and running Wakaba or Kareha, that just require quick answers. Please don't create new threads for issues like that, post them in here instead.

Before posting, check that the question has not already been answered in this thread, or in the previous thread: http://wakaba.c3.cx/sup/kareha.pl/1141929669/

Questions about "500 Internal Server Errors" go in this thread: http://wakaba.c3.cx/sup/kareha.pl/1109033191/

>>415

Thanks

>>418

That didn't work.

It overwrote my index.html :S

>>419
Put your board in a separate directory.

Hi!

I got an attack, where the "hacker" posted "Obvius Troll is Obvius" serveral times on my boards.

What can I do?

How do I prevent same IP from posting several times in a short period of time?

Every time I try to post a manager's post, I get hit with the anti-spam, even if I don't have a url in my comment. What's going on, and can I fix it?

Thanks.

>>422

Known bug, see earlier in this thread for workarounds.

SQL connection failure
D:
Just set up my new chan. How to fix?

>>424
http://command-q.org/wakaba/wakaba.pl is my imageboard.

fixed it, now how do I add boards? :<

I just installed Wakaba in my hosting, and it works OK. Question: When I reply to a thread, posts after the 1st do not have a Reply link; what should I do to enable it?

http://resourceroom.org/SSN/wakaba.pl

What happened there?

<<447
Never mind, that was a dumb question.
In case anyone asks the same thing, just click the post number ¬¬

I'm using Kareha.

I want to reload captcha image on click. My idea is to delete the captchakey cookie and to rerequest captcha.pl. So, I can delete to cookie using javascript

var     cookie_date = new Date ( );  // current date & time
cookie_date.setTime ( cookie_date.getTime() - 1 );
document.cookie = "captchakey=; expires=" + cookie_date.toGMTString();

Now, given, that kareha captchakey generation mechanism is based on the REMOTE_ADDR and time() in minutes (string 61 in captcha.pl), if I rerequest the captcha within one minute, I'll get the same image.

However, when a user successfully post a message, the captcha is generated randomly (string 430 in kareha.pl).

So, I could follow this way, but before doing this I want to understand, what was your reasons for such design?

>>429

Hilariously weird Apache setup?

>>430

It has to do with the bookkeeping for preventing replay attacks, if I remember correctly.

how does a script for rotating title images look like? just a short example please...

>>432 bump

>>433

Don't post if you have nothing to say. Your question is not so important that it absolutely has to be at the top of the board at all times.

>>432
Chrissake, this is something you could have answered yourself in 30 seconds if you did some google searching.

<?php
$a = glob("*.{gif,jpg,png}", GLOB_BRACE);
header("Location:".$a[array_rand($a)]);

I got my imageboard up, but it only allowed me to post the first post with picture only. Every time I try to attach a picture to another post or reply, I get that page that reads, "Duplicate file entry detected" even though it's a completely different picture.

Anybody know why this is; what causes this problem and/or how I can fix it?

Thanks

How the hell do I post with an admin tripcode? Can't seem to find this anywhere.

>>436 problem with imagemagick, maybe?

>>437
In Kareha, you can set up capcodes with specified tripcodes in the config. In Wakaba you can't.

After I went to a page (aaa.pl, I believe) I keep getting 403's just about everywhere... Could you... erm... fix this please? I can't access anything but /sup/ and /soc/.

>>440

Not unless I have your IP address.

Hey there

I noticed the preview post function is working perfectly here, so I guess I'm doing something wrong. I've set up kareha message board and everything works perfect... except for the preview post button which gives me some error

I'm uploading an image to let you see.

>>442
Alright, I just realized something, Kareha throws out an error for preview post when you are making a NEW thread, as opposed to previewing a reply post.

The same seems to be the case here. Some sort of bug?

>>441
Uhh, I'll give it to you on IRC.

>>443

It seems to work fine for me in Safari, even for new threads. What browser?

>>445
Oh, I'm using Opera 9.63

I am having trouble making wakaba go to a new page. No matter how many images and new threads I create, it will not create a page 2. I messed with the settings in config.pl but they don't seem to do anything:

use constant IMAGES_PER_PAGE => 5; # Images per page
use constant REPLIES_PER_THREAD => 5; # Replies shown

Also, would anyone know how to make a new board in wakaba?

Thanks

>>447 Sounds, once again, like a folder permissions problem.

To make a new board, create a new subfolder and install another copy of wakaba.

>>447

Also remember that you have to rebuild caches after any change to the settings, if they "don't seem to do anything".

>>449

Awesome. Thanks a bunch, that worked!

>>448

So where exactly would this folder be inserted? Alongside the current wakaba install or inside the current wakaba install? Also, how would I link to the new board once I create it?

Thanks.

No ADMIN_PASS or NUKE_PASS defined in the configuration at config_defaults.pl line 8.
BEGIN failed--compilation aborted at config_defaults.pl line 126.
Compilation failed in require at wakaba.pl line 17.
BEGIN failed--compilation aborted at wakaba.pl line 17.

I am getting that page when I attempt to install Wakaba. Can someone help me out?

The config_defaults.pl file says when the message No ADMIN_PASS or NUKE_PASS defined in the configuration appears, it means the config.pl file is incomplete. I checked over the config.pl file and everything was completed.

>>451
http://wakaba.c3.cx/sup/kareha.pl/1141929669/n213-216
http://wakaba.c3.cx/sup/kareha.pl/1141929669/n529-530
http://wakaba.c3.cx/sup/kareha.pl/1109033191/n138-139

>>450

Wakaba installs are completely independent, and handle one single board each. Anything beyond that is up to you to arrange however you want it.

>>453
Thanks a lot, it worked.

Does anyone know how to get rid of the captcha? I tried editing something and it gave me some error lol.

>>456
Yes, you set ENABLE_CAPTCHA to 0. It really isn't that hard to figure out if you actually read the file and use your head. Seriously, are we supposed to handhold you through your entire installation and configuration?

>>457
Yes.

I've been trying to figure it out, but I do believe this is beyond my skills.

As you can see, the top is Firefox and below is Opera. The "choose" or "browse" button does not look the way it's supposed as per CSS. Is this a matter that can be remedied or is that just a browser issue that I cannot help?

I've got a problem with Kareha. I cannot use the delete file function. It just does not work. I want to delete an image without deleting a person's post but nothing happens, the picture is still there. I've tried all the browsers, that doesn't seem to be the problem. It doesn't even give me any errors, I click on 'delete file' and it does something and then it reloads the admin page but the image I wanted to delete is still there...

>>460
Oh, also I am using kareha MESSAGE board with image uploads enabled.

>>459
For the most part, you cannot edit file input via css.

Am I a dumbass or is there no way to sticky or lock threads under Wakaba? I don't see any such option in the management panel.

>>459
that's a browser issue.

>>463
why would you want to do that?

>>464
Was going to make a rules sticky, because most people are dumb and don't actually read the rules.

I have a problem with encoding in Wakaba. My .htacess file is configured for using utf-8, the same about global encoding settings of Wakaba and DB encodings. I only use cp1251 in my strings file with "use encoding 'cp1251'" and "no encoding" uncommented.
That all works fine, but anything added into database turns into crappy junk. I'm lame so I have no clue of where the error could be.
P.S. sorry for my bad English.

>>466
Well that's why. Stop using cp1251.

>>467
Thanks, Anon. I've converted strings file into utf-8 and now it seems to work perfectly.
Also, happy New Year everyone!

>>465
you really think people who don't read the rules are going to read them if you move the rules section down the page a little bit?

>>469
Good point.

This is a suggestion regarding security. I assume this is the correct place to post it; otherwise, I can start a new topic.

Please implement proper file content filtering in Wakaba/Kareha. As of right now, Wakaba filters out forbidden file types through an array of forbidden extensions, but this is not necessarily sufficient. For example, a PHP file may be uploaded with extension ".php.7z." If a board allows the 7z extension and if the file is not renamed (as is default in the case of Wakaba), an Apache server may in fact still execute it, resulting in the execution of malicious code. This has actually caused a significant disturbance in a site with which I help out. A simple two-line patch that relies on the UNIX file() utility has been written to address this for the moment.

>>472
the default is to not allow any files except jpg, png, or gif images (and rename them). it's possible to make it insecure by configuring it improperly, but it's certainly not the default.

Like >>473 says.

Also, I'm really tempted to say that that is in fact a PHP bug, and until they fix it you're better off disabling PHP on your server.

>>475
Even if it isn't a bug, it's probably caused by shitty/careless PHP coding.

>>472 also, remove the +x from your uploads folder.

>>473

When I say default, I mean Wakaba's behavior when enabling non-prohibited filetypes in config.pl, such as MP3s. I'm pretty sure Wakaba is set up not to rename those after uncommenting the respective lines.

>>476

I am told by the server admin that it is actually a bug with the latest Apache (or perhaps mod_php), possibly affecting only Gentoo. I could not find a citation (beyond this anecdote) to support the claim, but this is seems to be a known issue. It does turn out that if ".php" is found anywhere in the filename, it is still executed by Apache. A PHP file can then be disguised as a 7zip file or MP3 file (e.g., nasty_hax.php.mp3), and be uploaded. If the extension is uncommented config.pl, it gets uploaded. If the server (or PHP interpreter) suffers from the issue, the attacker executes the malicious code and has fun. I have neither tested nor asked about this for other script types. Indeed, renaming files would technically render this exploit moot, but by default Wakaba does not do this with non-pictures. There are Wakaba boards out there that support non-picture uploading, and I have seen only one (Pooshlmer) that renames files.

>>477

Indeed, that is a wise suggestion. In fact, I've just chmod-ed the src/ directories myself.

...and then the pictures could not be accessed by anyone. I set permissions to 644, but no one could see the pictures unless the execute bits were set. I'll have to ask the admin about it myself, unless someone here has an idea.

At any rate, I just thought I'd share the (admittedly nontrivial) suggestion and post about this potential exploit for other people. It completely blindsided us. Having a layer of security at the board software level in case of a future server exploit sounds like the best solution, though I understand leaving it in the hands of the administration rather than adding feature bloat.

Kudos for the script.

it is a mod_mime "feature"

http://shsc.info/FileUploadSecurity

Well, the core issue is that PHP is broken and will execute files without the +x bit set. This is horribly insecure, and should never have been implemented, but apparently now we're stuck with it.

The best solution is to completely disable PHP. If you have to use it, enable it only for folders known to be safe from uploads and disable it everywhere else.

To add extra protection in Wakaba for it, though, rather than mess with file, it'd be far easier to just dump all files whose filename matches /\.php/. This issue shouldn't affect any CGI languages, since those won't run without +x.

>>480

Thank you! That explains loads.

>>481

I personally am not a fan of PHP, myself, but I think the admin wants to run some PHP scripts. Simply using the regular expression on the filename was indeed the first idea that came to mind.

I've got a problem somehow related to encoding.
I successfully installed Kareha, but every time I try to make a post I get a white screen with text saying "Software error: Unknown encoding 'utf-8' at wakautils.pl line 613". It doesn't abort the posting though (my messages still appear despite the error), but the flashing is no good.
I didn't do any changes to wakautils.pl since the very install. What could be that?

>>484
what version of perl are you using?

>>485
Nevermind, it's alright now... I really forgot to update my perl.

http://wakaba.c3.cx/sup/kareha.pl/1130723862/318

I noticed this issue was never addressed. The CSS typo is still included in the current version of Kareha. I don't know if you forgot about it or if it's intentional...

Hello, is there any built in way or any code snippets you guys have that would allow my to set an image limit on a threads (like a single on) I could probably manage this myself eventually, but I was wondering if it was done already.

>>488
RTFM, it's in the config.

I have a problem with kareha, I cannot set a maximum image limit per thread.

I thought IMAGE_REPLIES_PER_THREAD actually meant IMAGE REPLIES PER THREAD! Apparently it doesn't do anything. I am still able to post image replies way beyond the limit. Is there any way to control this problem?

I think it makes the thread stop bumping when you pass the limit.

Why on earth would you want to limit the number of image replies anyway? That's just annoying, and adds no value to anyone.

>>491
It allows me to control the amount of images uploaded so that I don't go over a certain limit. I'm running a small board with limited bandwith and space.

I want to be able to control the space in terms of number of threads. There's no shame in that. Why are you trying to control my methods so much by just waving it off as "I don't like it, therefore, it is bad." ?

>>492
There is a configuration option for limiting the threads by filesize, you know.

>>492

Like the guy says, there's an option already for setting the maximum disk space usage across the entire board. That's what you want to use, not some weird and ineffective limiting of posts per thread.

>>479
Wakaba starts off by renaming files uploaded with those filetypes, but restores the name afterward. If you want to use the generated names on files, search wakaba.pl for "externally defined filetype - restore the name" and commment out that entire if block. I'd give the line numbers, but I've done a bunch of other custom stuff in mine, so they won't be accurate.

>>495
Should be around line 1075-ish.

OK, so I just closed a thread in Kareha, and I ended up getting this error when I tried to reopen it. Is this normal? By the way, I'm using image mode, on a Linux server.

>>497 did the thread reopen? That's sometimes an artifact of a page that didn't load completely.

>>498
No, the page didn't reopen. Not even when I refreshed it.

Hey I've got a bit of a problem. I've got Kareha pretty much set up but I'd like my .htacess to default to a different page.

Googling gets me the syntax for that (DirectoryIndex etc.) but I don't understand the included example.htaccess file and the directions to change the RewriteRule stuff. Maybe this is more of a general IT question but what am i missing?

http://httpd.apache.org/docs/2.2/mod/mod_dir.html

• > A file written by the user, typically called index.html. The DirectoryIndex directive sets the name of this file. This is controlled by mod_dir.

(In case you simply stopped reading the example.htaccess after the very first line, the mod_rewrite directives at the bottom are purely optional, and have nothing to do with the index page. They only are there to provide better hints to web browsers about the document character set.)

Don't touch config_defaults.pl, ever. That's just where the error was triggered. Your problem is still in config.pl, and you've either removed, commented, or renamed ADMIN_PASS or NUKE_PASS.

Not sure about your verification code error, but to change the title (or anything else), just edit config.pl and let wakaba.pl regenerate your html.

And, yes, wakaba.pl has a purpose; it's what your site runs on...

Can you use the same mysql database for multiple boards? If not, how do you use the same admin table for every board to make global ip bans?

>>502-503,505-506,508
what

>>509
Yes.

Another question:

When you run wakaba.pl, wakaba.html is created. But I'm wondering if there's a way to edit something so when the html file is created, it's named something like board.html, or imageboard.html.

>>512
http://www.google.com/codesearch/p#ug-nylQR254/wakaba/config.pl&l=127

>>513
Doesn't work, I changed that and it had no affect. Edited the field in config.pl, deleted wakaba.html and re-ran wakaba.pl but it still creates wakaba.html.

>>512
Did you try uncommenting it?

is there any way i can disable the ability to post images?

>>516
Yes, it's very plainly in the configuration. Look for the word "image".