Title: what in the hell.. Post by: Intangir on January 23, 2009, 02:13:24 am wow fantastic..
someone posted some pretty damn inappropriate spam on here and within less than a day it says 24 views, and it was full of pictures... really wrong pictures... wtf is that.. someone manually did it too, this site is the least active site on the damn net these days and someone manually adds the most rotten shit on it, with links to another site.. and it gets 24 views instantly.. Title: Re: what in the hell.. Post by: Hotshot[SF] on January 23, 2009, 08:05:44 am ... you sure its not a bot?
And 24 view as in 24 unique IP's? Might of been the bot viewing his own post over and over? edit: looking at this SMF, it seems rather weak. Cant seem to pull up any useful info :\ I cant even see your IP from the previous post, even tho the site says I should because im a mod. Title: Re: what in the hell.. Post by: Intangir on January 23, 2009, 02:09:39 pm ok we should be able to now
we can also ban global moderator is different than admin i changed us to global moderator cause of the way i redesigned the site to share elements across all sites, (but also hide certain elements from certain sites, like wow stuff from the intangir.org site, or one guilds vent info from anothers) so now i dont log in as admin unless i need to make changes cause the site looks screwed up Title: Re: what in the hell.. Post by: Intangir on January 24, 2009, 02:51:43 am well they shouldnt be able to get away with it anymore
none of their bbcode tags will work ours still will though Title: Re: what in the hell.. Post by: Hotshot[SF] on January 24, 2009, 11:59:00 am works now...
but while we are talking about security you are aware that this site sends the passes in plain text right? Anyone sniffing the connection will have our username and passwords in plain text. Title: Re: what in the hell.. Post by: Intangir on January 24, 2009, 05:27:57 pm which part? the forum?
the passwords themselves are stored in the DM encrypted.. would be dumb of them to not send them that way. but i didnt write the forum so i dont know Title: Re: what in the hell.. Post by: Hotshot[SF] on January 27, 2009, 01:36:50 pm eh nevermind... just started looking up some security stuff...
Using either a packet sniffer or a firefox HTTP header addon I was able to see my password in plain text... but using a packet sniffer to detect it from another PC (like from my vmware) it wont work... Long story short: Its calling a function that applies SHA-1 twice... not sure how that can work, but looking it up right now. edit: Wow.... I am using Firefox with an extension called "No script" that stops javascript for all sites expect the ones you specifically say its ok on... ironically in this case it it was sending my pass in plain text... |