Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
2 users currently in General Chat: |
Acmlm's Board - I2 Archive - General Chat - TEK Hacks is under attack. | | | |
Pages: 1 2 3 4 5 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 1/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
That's called externally abbuse register.php with some stupid script; one of the many reasons I added a more secure register process on my board. Acmlm Board's register page is way too 'soft', not only because it's easy to launch scripts at it like that, but banned members can re-register oh so easily. And don't give me shit like "There's an IP ban feature", we all know that works like crap ever since these morons found out what proxies are. |
|||
alte Hexe Star Mario I dreamed I saw Joe Hill last night Alive as you and me "But Joe you're ten years dead!" "I never died" said he "I never died!" said he Level: 99 Posts: 85/5458 EXP: 9854489 For next: 145511 Since: 03-15-04 From: ... Since last post: 2 hours Last activity: 2 hours |
| ||
It's true. Any half ass can find ways around an IP ban... If I got off my ass and actually looked at it...I probably could find more than one way around it. |
|||
Weasel Missionary in Peru Level: 34 Posts: 31/454 EXP: 236444 For next: 17207 Since: 03-15-04 From: Washington Since last post: 467 days Last activity: 339 days |
| ||
The thing with DESnet is that I was online while the person was doing this scripting thing. So I was able to stop it immediately. Only some 50 accounts registered. How exactly is this bug being exploited, and how does one fix it? |
|||
Zemus Sand Crab Level: 25 Posts: 1/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
You fix it like Ace fixed it. make it require POST instead of GET in the PHP | |||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 4/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Weasel, all you need to do is make a register page with some simple checks. There's a lot of ways to stop a multi-registry script like this. A simple sollution is to add a random number/text string in the bottom which the user needs to type exactly in a text box. Another sollution, which also proves effective against re-registering halfasses (and I can tell, since I've been using this method at my boards for a long time now, even had it on my Acmlm Board long ago), is to add other checks to the register page, such as: Checking if the IP addres is found in the DB. Forcing the user to enter an email address to which a confirmation email is sent (and do this when the user wants to change the email address later, too). Because I was most bothered by AOL lamers long ago, I added some checks that AOL users needed to enter their @AOL.com email address. And then of course, there's the little checks making sure email addresses are correct, as in containing an '@' and '.'. |
|||
Weasel Missionary in Peru Level: 34 Posts: 32/454 EXP: 236444 For next: 17207 Since: 03-15-04 From: Washington Since last post: 467 days Last activity: 339 days |
| ||
I don't understand. You mean mean if( $_POST['action'] == "register") ? I don't quite follow what you mean... I understand what Tuvai said That makes a lot more sense. (edited by Weasel on 03-15-04 01:46 AM) |
|||
Kwan Doesn't have a valid sized userpic. ||bass will be pissed :(((((((( Level: 50 Posts: 26/1137 EXP: 937111 For next: 10206 Since: 03-15-04 From: Durkadurkastan! Since last post: 22 days Last activity: 2 days |
| ||
The $_POST thing basically stops people using links to say, posts PMs to me And getting AOL users to use their address, clever :o |
|||
Zemus Sand Crab Level: 25 Posts: 2/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
I don't know PHP, ask Ace about the POST thing, all I know is that's his method of solving the URL registering. | |||
Xkeeper The required libraries have not been defined. Level: NAN Posts: -4968/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Someone on AIM has been sending me links telling me what they're doing to TEK... THat'd be Knuck. However, it was mainly a link to someone's profile [Admins: The only person who sent me a PM so far] which contains a link to a HTML file. in the mini/ava and layout possibly. Have fun. |
|||
Acmlm Torosu heh Level: 51 Posts: 37/1173 EXP: 981994 For next: 31944 Since: 03-15-04 From: Somewhere that isn't outside of Sherbrooke, Québec, Canada Since last post: 39 days Last activity: 3 hours |
| ||
$_POST is simply an array containing all the POST variables (things submitted through a form) ... there's also $_GET for GET variables (sent in the URL), $_COOKIE for cookies, and a few more like that ... Using $_POST instead of just the variable name alone prevents it to be gotten from anything else than POST, so you can't pass it as GET (in the URL) |
|||
Xkeeper The required libraries have not been defined. Level: NAN Posts: -4965/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Notice... http://board.acmlm.org/profile.php?id=143 Her minipic link[ed] to an HTML file [devil.html] containing ~5 IFRAMEs linking to contax.html which had the javascript to generate random numbers and then register them. |
|||
Zemus Sand Crab Level: 25 Posts: 6/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
I'm surprised Lihaed wasn't banned on sight after what she did on the old board | |||
Colleen Administrator Level: 136 Posts: 108/11302 EXP: 29369328 For next: 727587 Since: 03-15-04 From: LaSalle, Quebec, Canada Since last post: 3 hours Last activity: 1 hour |
| ||
Yup, she just got permabanned. Sorry for having our users... well... end up flooding your board with new users accidentally. |
|||
Zemus Sand Crab Level: 25 Posts: 7/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
Did you all notice that if you view her bio you still register 5 accounts on TEK Hacks? | |||
Kwan Doesn't have a valid sized userpic. ||bass will be pissed :(((((((( Level: 50 Posts: 33/1137 EXP: 937111 For next: 10206 Since: 03-15-04 From: Durkadurkastan! Since last post: 22 days Last activity: 2 days |
| ||
Originally posted by X Her minipic link[ed] to an HTML file [devil.html] containing ~5 IFRAMEs linking to contax.html Yes. |
|||
Colleen Administrator Level: 136 Posts: 111/11302 EXP: 29369328 For next: 727587 Since: 03-15-04 From: LaSalle, Quebec, Canada Since last post: 3 hours Last activity: 1 hour |
| ||
Damn, didn't notice they weren't only in her minipic... *wipes* | |||
Zemus Sand Crab Level: 25 Posts: 9/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
wow, Kwan, already rackin' points in for worthless posts. come on, try and keep your response to at least 5 words ;-) and that doesn't include quoting other people's posts. And hey Colleen, you gonna fix Lihaed's profile? edit: nevermind, ya did (edited by K-Pel on 03-15-04 02:56 AM) |
|||
Legion banning people for no reason sure is fun Level: 101 Posts: 48/5657 EXP: 10399737 For next: 317938 Since: 03-15-04 From: The Crossroads is under attack! Since last post: 5 days Last activity: 5 days |
| ||
You know, this prooves what I've been saying all along. Some rules can be broken. If not, then technically, most of us should be permabanned from Tek Hacks. A rule is a rule...rrrright? >=D Extinuating circumstances I say. |
|||
Colleen Administrator Level: 136 Posts: 112/11302 EXP: 29369328 For next: 727587 Since: 03-15-04 From: LaSalle, Quebec, Canada Since last post: 3 hours Last activity: 1 hour |
| ||
As I just said, it was wiped. I'm going to bed soon, but if she re-regs and I notice tomorrow, I'll take care of it. | |||
Zemus Sand Crab Level: 25 Posts: 10/233 EXP: 86920 For next: 2700 Since: 03-15-04 Since last post: 281 days Last activity: 111 days |
| ||
lmao, she just changed her custom title edit: for the record, I find Danicess, Anya, KR, and Rydain much sexier ;-) (edited by K-Pel on 03-15-04 03:02 AM) |
Pages: 1 2 3 4 5 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - General Chat - TEK Hacks is under attack. | | | |