Welcome, Guest. Please login or register.

Login with username, password and session length










Pages: [1]
  Print  
Author Topic: what in the hell..  (Read 16935 times)
0 Members and 4 Guests are viewing this topic.
Intangir
Global Moderator

Posts: 5166



WWW
« on: January 23, 2009, 02:13:24 am »

wow fantastic..

someone posted some pretty damn inappropriate spam on here and within less than a day it says 24 views, and it was full of pictures... really wrong pictures...

wtf is that..
someone manually did it too, this site is the least active site on the damn net these days and someone manually adds the most rotten shit on it, with links to another site.. and it gets 24 views instantly..

Logged
Hotshot[SF]
Global Moderator

Posts: 3305



« Reply #1 on: January 23, 2009, 08:05:44 am »

... you sure its not a bot?

And 24 view as in 24 unique IP's? Might of been the bot viewing his own post over and over?

edit: looking at this SMF, it seems rather weak. Cant seem to pull up any useful info :\ I cant even see your IP from the previous post, even tho the site says I should because im a mod.
« Last Edit: January 23, 2009, 08:12:42 am by Hotshot[SF] » Logged

Intangir
Global Moderator

Posts: 5166



WWW
« Reply #2 on: January 23, 2009, 02:09:39 pm »

ok we should be able to now

we can also ban

global moderator is different than admin

i changed us to global moderator cause of the way i redesigned the site to share elements across all sites, (but also hide certain elements from certain sites, like wow stuff from the intangir.org site, or one guilds vent info from anothers) so now i dont log in as admin unless i need to make changes cause the site looks screwed up
Logged
Intangir
Global Moderator

Posts: 5166



WWW
« Reply #3 on: January 24, 2009, 02:51:43 am »

well they shouldnt be able to get away with it anymore
none of their bbcode tags will work

ours still will though
Logged
Hotshot[SF]
Global Moderator

Posts: 3305



« Reply #4 on: January 24, 2009, 11:59:00 am »

works now...

but while we are talking about security you are aware that this site sends the passes in plain text right?

Anyone sniffing the connection will have our username and passwords in plain text.
Logged

Intangir
Global Moderator

Posts: 5166



WWW
« Reply #5 on: January 24, 2009, 05:27:57 pm »

which part? the forum?
the passwords themselves are stored in the DM encrypted.. would be dumb of them to not send them that way. but i didnt write the forum so i dont know
Logged
Hotshot[SF]
Global Moderator

Posts: 3305



« Reply #6 on: January 27, 2009, 01:36:50 pm »

eh nevermind... just started looking up some security stuff...

Using either a packet sniffer or a firefox HTTP header addon I was able to see my password in plain text... but using a packet sniffer to detect it from another PC (like from my vmware) it wont work...

Long story short: Its calling a function that applies SHA-1 twice... not sure how that can work, but looking it up right now.

edit: Wow.... I am using Firefox with an extension called "No script" that stops javascript for all sites expect the ones you specifically say its ok on... ironically in this case it it was sending my pass in plain text...
« Last Edit: January 27, 2009, 07:10:20 pm by Hotshot[SF] » Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines
SC2 theme by Vaun. Based on AF316 theme by Fedhog.
Valid XHTML 1.0! Valid CSS!