Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
0 user currently in Acmlmboard support?. |
Acmlm's Board - I2 Archive - Acmlmboard support? - Seen this before? | | | |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
guruzim Newcomer Level: 5 Posts: 2/6 EXP: 359 For next: 170 Since: 03-15-04 Since last post: 472 days Last activity: 105 days |
| ||
Anyone seen this before? We've blocked off how it was done for now -- I'm just wondering if this is the first time this has been done to one of these boards, or if it has been done in the past. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 34/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Yup, there's been another recent thread about this in the General forum. To summarize that thread, you've been screwed by someone using a script to register a massive ammount of accounts in a short time. Let's just put it this way, AcmlmBoard's register page is a little too much like swiss cheese; way to easy for assfucks like that to bug AcmlmBoard owners. |
|||
Acmlm Torosu heh Level: 51 Posts: 62/1173 EXP: 981994 For next: 31944 Since: 03-15-04 From: Somewhere that isn't outside of Sherbrooke, Québec, Canada Since last post: 39 days Last activity: 3 hours |
| ||
Yeah, seems like it happened on several other AcmlmBoards yesterday ... even on this one before (last year), but at least using $_POST makes it harder now, and checking the referer URL would help even more ... manually going to register.php and typing random garbage gets tiring a lot faster than just letting a flooding script run | |||
Chaos Force Panser Level: 29 Posts: 68/332 EXP: 147860 For next: 25 Since: 03-15-04 Since last post: 21 days Last activity: 4 hours |
| ||
Yeah, it just happened to us at TEK yesterday. Its really a pointless script, I was able to remove all the accounts it made in about 30 seconds, but the fact that anyone would actually have the time to waste making pointless things like that is really disturbing. | |||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 36/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Or maybe an improved register page needs to be created. I had it way back on RPG Revelation's AcmlmBoard and it worked like a charm. Let's be blunt, currently all these idiots are put through NO trouble at all when they want to re-register after being banned. The highest security this board has is an IP ban and we all know that works like crap, as the average moron nowadays apperantly knows what a proxy is. Things that will make the board a lot more lamer-free concerning registering: - Checking if there already is a user with the same IP address, name or email address. - Checking if a proper email address was stated (IE containing both an '@' and a '.', and a valid length check), and sending a verification email to the specified address in which an account activation link is found. - Allthough I added this one more for personal reasons long ago: an AOL check; forcing AOL users to register with their @aol.com email address. I did this because all the lamers that were being dumbfucks at my AcmlmBoard long ago were AOL users. |
|||
seagram Go away Spammy, warned about it Stupid, warned about it Banned (permanently) for it Level: 19 Posts: 3/116 EXP: 30131 For next: 5646 Since: 03-30-04 Since last post: 564 days Last activity: 339 days |
| ||
what is this thread about? | |||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 128/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
If you don't have a clue what it's about then don't post in it, simple. | |||
ErkDog Fuzz Ball Level: 47 Posts: 121/982 EXP: 752190 For next: 14013 Since: 03-15-04 From: Richmond, VA Since last post: 40 days Last activity: 19 days |
| ||
for once I agree with Tuvai, hahah if you don't understand, then why post ? | |||
Luigi Red Koopa Level: 19 Posts: 105/126 EXP: 34570 For next: 1207 Since: 03-15-04 From: Friday the 13th Since last post: 521 days Last activity: 96 days |
| ||
Originally posted by TuvaiAnd the image showing the user's email address instead of text in profiles to prevent dumbass spam bots from harvesting people's email addresses. |
|||
Lemon Luigi Mole Level: 30 Posts: 283/356 EXP: 164161 For next: 1708 Since: 03-15-04 From: USA Since last post: 110 days Last activity: 99 days |
| ||
Originally posted by Tuvai Eh... Not everyone has E-Mail you know. That, and wouldn't it just be easier to make one of those "type the numbers on the picture" boxes like Yahoo? Bots can't check what numbers are on the pics, so then the chances of them getting a valid registration is VERY low. |
|||
Xtreme984 Koopa Level: 18 Posts: 8/111 EXP: 25164 For next: 4733 Since: 07-27-04 Since last post: 116 days Last activity: 58 days |
| ||
Originally posted by Lemon LuigiOriginally posted by Tuvai Lemon Luigi, that visual confirmation thing works like a charm, I may not be running an acmlm-board, but I have experience with this sort of thing. some of those validation scripts however don't create the images on the fly, but load them from a folder which is possibly another leak which reg bots can come through. |
|||
Surlent サーレント Level: 49 Posts: 524/1077 EXP: 863920 For next: 19963 Since: 03-15-04 From: Tower of Lezard Valeth Since last post: 16 hours Last activity: 1 hour |
| ||
I don't want to pseudo-mod (= acting like a mod), but watch the date; rules are different, but that thread is almost _months_ old. So don't bump it; and according to your post you could have PMed him directly instead pusing that thread. Nevertheless, this was not the purpose replying on that, of course: As for AcmlmBoards in general: As everyone (should) know, it was created from scratch on; it still has no confirmation/user or admin validation system; but that is solved on other ways (admins have very frequent online times and ban instantly if required - not a gentle but an at least also successful way). So comparing it with commercial ones like phpBB, Ikonboard, vBulletin, Invisionboard and others might not hit everything correctly. It can be implemented, just see Tuvai's board when it still was up - and a registration with randomly created image files might be fine - but even that could be bypassed if a hacker really tries to get into it. I'm not talking about script-kiddies who think they are great when they have one of those create-one-trojan-horse-with-one-mouseclick toolkits. |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - Acmlmboard support? - Seen this before? | | | |