| View previous topic :: View next topic |
| Author |
Message |
Lepton
1:41+ Arse Scratcher
|
 Posted: Sat Apr 14, 2007 9:16 pm Post subject: 1 |
 |
|
I've banned the username Sabaku_no_Gaara for 'inappropriate language'. Here's the thread; see the bottom of page 1 and the top of page 2: thread.
Discussion? |
|
| Back to top |
|
 |
Neo
Daedalian Member
|
| Posted: Sat Apr 14, 2007 9:50 pm Post subject: 2 |
|
|
Eh. Another troll bites the dust. I like having an empty ban list, but he was only going to get worse if left unchecked.
_________________
Ad Astra
|
|
| Back to top |
|
|
Dented Ford
Hoopy Frood
|
| Posted: Sat Apr 14, 2007 10:20 pm Post subject: 3 |
|
|
| I have only admiration at your restraint in not doing it sooner. |
|
| Back to top |
|
|
Lepton
1:41+ Arse Scratcher
|
| Posted: Sun Apr 15, 2007 12:48 am Post subject: 4 |
|
|
In a fit of curiosity, I found an exploit that would let Sabaku (or someone else) perform administrative functions by embedding a script into an offsite-referenced avatar and getting an admin user to view the avatar. It should also be possible to do it with [img] tags.
Now I feel justified in my habit of not logging in. : )
(Antrax, the upgrade fixes this; if you've got time... here is some info) |
|
| Back to top |
|
|
Antrax
ESL Student
|
| Posted: Sun Apr 15, 2007 6:13 am Post subject: 5 |
|
|
I personally am immune to such attacks, due to a combination of relevant knowledge and choice of browser/plugins. That being said, I can't say I would have banned anyone for inappropriate language, lest I be forced to ban myself and many other site regulars.
_________________
After years of disappointment with get rich quick schemes, I know I'm gonna get rich with this scheme. And quick! |
|
| Back to top |
|
|
Neo
Daedalian Member
|
| Posted: Sun Apr 15, 2007 7:48 am Post subject: 6 |
|
|
| Antrax wrote: |
| I personally am immune to such attacks, due to a combination of relevant knowledge and choice of browser/plugins. |
Is there anything I should know?
_________________
Ad Astra
|
|
| Back to top |
|
|
Antrax
ESL Student
|
| Posted: Sun Apr 15, 2007 7:58 am Post subject: 7 |
|
|
Well, without having read the article I'm guessing the attack is stealing a cookie and subsequently using it to hijacking a session. That wouldn't be too bad as re-authentication is required to log on to the admin panel, even if you're already logged on. Plus, if you don't use the "log me in automatically", you are again immune. Of course, Firefox offers a lot of protection, and the fact I only run javascript I explicitly allow and that I reject all cookies unless otherwise specificied both assist in my immunity to these simple attacks.
So, you could do any of those, or you could prod me to update our phpBB version more often 
_________________
After years of disappointment with get rich quick schemes, I know I'm gonna get rich with this scheme. And quick! |
|
| Back to top |
|
|
Samadhi
+1
|
| Posted: Sun Apr 15, 2007 8:12 am Post subject: 8 |
|
|
Yeah. Yeah. So how about that update?
_________________
And he lived happily ever after. Except for the dieing at the end and the heartbreak in between. |
|
| Back to top |
|
|
Antrax
ESL Student
|
| Posted: Sun Apr 15, 2007 10:44 am Post subject: 9 |
|
|
Having read Lepton's URL, I see that this attack is old news, and I believe we've patched against it a while back.
_________________
After years of disappointment with get rich quick schemes, I know I'm gonna get rich with this scheme. And quick! |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
