| Author |
 Topic  |
|
|
KC
Junior Member
USA
152 Posts |
 Posted - 24 March 2005 : 11:27:30
|
I searched the forums but can't seem to find anything about known security flaws on 3.3.03 that would allow someone to assume someone elses name without the password.
My databases are secure, I block all downloading of any .mdb files.
I use Access DB, and cookie mode.
I can't just upgrade the sites to 3.4, which I have no problem with on my other sites, because the code is so customized it would render half of my sites functions useless.
Can you point me to topics with the code I need to change is so I can edit them myself please?
Thanks.
Getting hacked and destroyed 3 or 4 times a day for 3 days now is getting old.
|
 Owner of vales.com and Elite Computers. |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
|
|
KC
Junior Member
USA
152 Posts |
Posted - 25 March 2005 : 08:48:03
|
Thanks daveo, I did not search on "security flaw" I was searching on different forms of "hack".
|
Owner of vales.com and Elite Computers. |
 |
|
|
mli
Starting Member
Canada
3 Posts |
Posted - 05 September 2005 : 15:07:13
|
Hello there,
I'm a user of a Snitz forum. I don't run the forum but I use it everyday. There's been hacking problems during this weekend while the owners are away. This forum does not have any registration, these last few days someone's been posting pictures and commenting out topics right on the topics menu. Here's what it looks like, it's on the 3rd page now, it may get pushed back by the time you look for it. Any ideas on a quick fix before the owners get back? The hacker keeps coming back and distroying the forum. This forum is very popular with Vancouverites and tourists.
http://www.discovervancouver.com/forum/forum.asp?FORUM_ID=2&whichpage=3
Thanks
M |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 05 September 2005 : 15:23:33
|
quote:
Originally posted by mli
Hello there,
I'm a user of a Snitz forum. I don't run the forum but I use it everyday. There's been hacking problems during this weekend while the owners are away. This forum does not have any registration, these last few days someone's been posting pictures and commenting out topics right on the topics menu. Here's what it looks like, it's on the 3rd page now, it may get pushed back by the time you look for it. Any ideas on a quick fix before the owners get back? The hacker keeps coming back and distroying the forum. This forum is very popular with Vancouverites and tourists.
http://www.discovervancouver.com/forum/forum.asp?FORUM_ID=2&whichpage=3
Thanks
M
Well, this is what you get when you enable HTML.... and as far as I can see HTML is even enabled in the subject and the autorname, ...and anonymous posting has been enabled......
In other words ; every obstacle that might hinder someone to mess up the site has been removed.
I am afraid that there's not much more you can do while the admin's are away... sorry. |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 05 September 2005 15:27:19 |
|
|
|
mli
Starting Member
Canada
3 Posts |
Posted - 05 September 2005 : 15:27:48
|
Thanks for the quick responds. There's a few moderators around. I don't know how much the mods have control, if I pass on the word to ask them to disable HTML all together for the time being that should stop the pests for now?
Thanks
M |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 05 September 2005 : 15:32:09
|
Well, I hope that that solves the issue. But, I'm afraid the admins hardcoded these features in there....
Let's hope for the best. |
portfolio - linkshrinker - oxle - twitter |
|
|
|
mli
Starting Member
Canada
3 Posts |
Posted - 05 September 2005 : 15:38:47
|
I have passed on the word. There's nothing more I can do as a user. Thanks for the help. It was great of you to help out.
M |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 06 September 2005 : 05:08:42
|
quote:
Originally posted by Podge
quote:
Originally posted by marcelgoertz
..But, I'm afraid the admins hardcoded these features in there....
and removed the Powered By Snitz logo.
Missed that one... Who'll take action on this? Richard? |
portfolio - linkshrinker - oxle - twitter |
|
|
|
KC
Junior Member
USA
152 Posts |
Posted - 07 December 2005 : 16:02:11
|
Sorry I was a little late getting back to you guys...
I came up with an awesome solution for security holes in all vesions of Snitz.
I have been using it for a few months now on multiple versions and it works great.
This is NOT for you rookies.
You need to be able to edit your DB locally, and it is based on MS Access DB and .asp forum code.
That said, she's pretty slick.
Too big to post here, and my server blocks direct DL's, but here ya go.
Secure Any Snitz Forum App web page and instructions.
I hope it at least helps some of you.
Enjoy, and please, try and figure it out yourself...
I don't have time to be helping any more than sharing this.
Thanks
|
Owner of vales.com and Elite Computers. |
|
|
|
laser
Advanced Member
Australia
3859 Posts |
Posted - 07 December 2005 : 16:06:34
|
quote:
and removed the Powered By Snitz logo.
It's called karma  |
|
|
|
Rocket468
New Member
USA
57 Posts |
Posted - 07 December 2005 : 23:38:36
|
| Thats pretty stupid to enable html, with annoys posting. I am suprised someone has not done something realy nasty to the board over the years since it would be so easy. |
|
|
|
|
KC
Junior Member
USA
152 Posts |
Posted - 22 February 2006 : 12:23:44
|
I figured more guys with security problems would have tried my solution and maybe commented.
Makes no diff to me.
It is impossible for someone to hack a mod or admin account on my Snitz systema, and that is the only way to do damage or than direct server hack.
I have not had any problems since ;-} |
Owner of vales.com and Elite Computers. |
|
|
|
KC
Junior Member
USA
152 Posts |
Posted - 04 February 2008 : 11:53:40
|
Nearly 2 years later and still no hack problems.
Enabling html AND BBC is not bad.
Just use your "Bad Words" list to include the html code you want to block like |<src| and |<marquee| and any other crucial HTML code piece you don't want functional in a forum post.
|
Owner of vales.com and Elite Computers. |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 04 February 2008 : 13:05:02
|
quote:
Originally posted by KC
Nearly 2 years later and still no hack problems.
Sometimes its better to be lucky than good. I've been running a couple of Snitz forums for just as long - without said code - and haven't had any hack problems either.... so far. Not sure I want to go around asking for trouble though.
Not trying to give you a hard time, but I start twitching a little every time I hear about the "über security solution"...
quote:
Originally posted by KC
Enabling html AND BBC is not bad.
Just use your "Bad Words" list to include the html code you want to block like |<src| and |<marquee| and any other crucial HTML code piece you don't want functional in a forum post.
Not so sure about this one either... maybe if you restricted the HTML to a very limited sub-set...
Either way, these discussions are better left to fresh topics. |
|
|
| |
Topic |
|
Topic Locked
