The shout box has a vulnerability. I just had a spammer insert a large advert into the shout box that covered the entire screen from the shout box down to the bottom. He entered the same graphic 15 times.
I might like to suggest that the shout box not display any picture larger than the actual space type is allowed to occupy.
Swampy
Would you mind sending me your server access_log for apache? I'd like to see if it puts any info in there that may be useful for this. Also, could you let me know the times he did this so I can search for info during that timestamp.
all he did was [image]http://www.very_big_image.jpg[image] into the shout box. It was between 10 and midnight eastern time.
The graphic covered the whole shoutbox? Did it bleed out of it into the forum as well?
yes sir, that is correct
Where to I find my server log for this and I will be happy to provide it.
Server logs are usually in a folder called logs in your home folder. If not, take a look in your CPanel to see if you can get one from there.
This is really dumb on my part. Months ago I set my server logs to delete after one day because I had run into a build of logs problem. In short, I don't have yesterdays log. DARN!!!!!
Best I can do is remove the ban from this spammer and hope he does it again, so I can capture it again.
Sorry guys.
Swampy
Yeah that sucks... Be sure to get him again if you can. I'm thinking a setting to not allow links to be posted will be nice. :)
Soneone else is reporting the same thing and were able to capture what he did in the shout.
The Spammer was:
ConnorB
174.101.172.42
Email: ziygoc@gmail.com
QuoteShout Message:
</div> and enter your ZIP code for free access!</div> </div><b style="position:absolute; top:0; left:0; width:100%; height:900%; background-color: red; font-size: 50px; color: #333333; z-index:999999;">Visit http://free100.tk and enter your ZIP code for free access!</div>
Yeah, it's as simple as using something like strip_tags() I think. The fix should be coming very soon.