TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

Stats

Members
  • Total Members: 3,963
  • Latest: BiZaJe
Stats
  • Total Posts: 195,917
  • Total Topics: 21,308
  • Online today: 790
  • Online ever: 8,223 (February 19, 2025, 04:35:35 AM)
Users Online
  • Users: 1
  • Guests: 635
  • Total: 636
  • tino

Small over sight

Started by swampy, April 04, 2010, 05:29:07 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Swampy

April 04, 2010, 05:29:07 AM
The shout box has a vulnerability.  I just had a spammer insert a large advert into the shout box that covered the entire screen from the shout box down to the bottom.  He entered the same graphic 15 times.

I might like to suggest that the shout box not display any picture larger than the actual space type is allowed to occupy.

Swampy

IchBin

#1
April 04, 2010, 05:32:59 AM
Would you mind sending me your server access_log for apache? I'd like to see if it puts any info in there that may be useful for this. Also, could you let me know the times he did this so I can search for info during that timestamp.

Swampy

#2
April 04, 2010, 11:58:35 AM
all he did was [image]http://www.very_big_image.jpg[image] into the shout box. It was between 10 and midnight eastern time.

bloc

#3
April 04, 2010, 12:01:19 PM
The graphic covered the whole shoutbox? Did it bleed out of it into the forum as well?

Swampy

#4
April 04, 2010, 12:17:43 PM Last Edit: April 04, 2010, 12:28:12 PM by swampy
yes sir, that is correct

Where to I find my server log for this and I will be happy to provide it.

IchBin

#5
April 04, 2010, 02:48:56 PM
Server logs are usually in a folder called logs in your home folder. If not, take a look in your CPanel to see if you can get one from there.

Swampy

#6
April 04, 2010, 03:08:23 PM
This is really dumb on my part.  Months ago I set my server logs to delete after one day because I had run into a build of logs problem. In short, I don't have yesterdays log.  DARN!!!!!

Best I can do is remove the ban from this spammer and hope he does it again, so I can capture it again.

Sorry guys.

Swampy

IchBin

#7
April 04, 2010, 06:39:14 PM
Yeah that sucks... Be sure to get him again if you can. I'm thinking a setting to not allow links to be posted will be nice. :)

Swampy

#8
April 08, 2010, 01:06:51 AM
Soneone else is reporting the same thing and were able to capture what he did in the shout.

The Spammer was:

ConnorB
174.101.172.42
Email: ziygoc@gmail.com

QuoteShout Message:

</div> and enter   your ZIP code for free   access!</div> </div><b style="position:absolute; top:0; left:0; width:100%; height:900%; background-color: red; font-size: 50px; color: #333333; z-index:999999;">Visit   http://free100.tk and enter   your ZIP code for free   access!</div>

IchBin

#9
April 08, 2010, 04:49:40 AM
Yeah, it's as simple as using something like strip_tags() I think. The fix should be coming very soon.
Print
Go Up Pages1
User actions

This website is proudly hosted on Crocweb Cloud Website Hosting.