| Author |
 Topic  |
|
|
Zuel
Average Member
USA
540 Posts |
 Posted - 02 November 2006 : 12:54:10
|
I'm hosting a World of Wacraft forum and there is a new scam that people are using to abuse the forum code: [url=
They add phishing links to go to keyloggers. Well as a temp solution, I disabled that forum code. But now since it was used throughout the site and signatures, I want to add it to members only.
inc_func_common.asp line 920 is where it starts.
What I want to do is if the poster/person replying is not in a particular user group, do not render the [url to <a href.
Seems to be alot of changes. I'm thinking I might have too create the function formatStr2() to allow a second parameter to check the MemberID then within that function check if they are in the usergroup.
Or am I thinking too hard?
|
My Completed Mods: News Mod | Zuel's Avatar Add-on
In Development: World of Warcraft Member Roster | [C# Based Forum]
Note - I may take a few days to recieve your email. Hotmail filters all new emails as junk. Would be best to post all questions, concerns in a forum topic to catch my immediate attention. This way others can assist and also correct any similar mistakes.
MSN / E-Mail: ucyimDa_Ruler@Hotmail.com
Personal Bookmarks: How to work a DBS File
|
Edited by - Zuel on 02 November 2006 12:54:25 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 02 November 2006 : 14:25:04
|
why don't you just post a topic telling people not to click on the links  and then lock any user that posts links to phishing sites, why punish everyone ? |
 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 02 November 2006 : 14:27:32
|
| and what do you mean by members only, unless you have addded some kind of mod only members can post anyway, if that's the case I would suggest you remove the mod you added |
|
|
|
Zuel
Average Member
USA
540 Posts |
Posted - 02 November 2006 : 16:58:53
|
quote:
Originally posted by HuwR
why don't you just post a topic telling people not to click on the links and then lock any user that posts links to phishing sites, why punish everyone ?
Well by saying that, that means you have alot of faith in people. I know it is going to happen even if I do monitor the site 24/7. I'd rather prevent it from ever happening.
quote:
and what do you mean by members only, unless you have addded some kind of mod only members can post anyway, if that's the case I would suggest you remove the mod you added
I have usergroup mod installed. I can write some code to restrict anything I want based on the usergroup ID. Very handy. |
My Completed Mods: News Mod | Zuel's Avatar Add-on
In Development: World of Warcraft Member Roster | [C# Based Forum]
Note - I may take a few days to recieve your email. Hotmail filters all new emails as junk. Would be best to post all questions, concerns in a forum topic to catch my immediate attention. This way others can assist and also correct any similar mistakes.
MSN / E-Mail: ucyimDa_Ruler@Hotmail.com
Personal Bookmarks: How to work a DBS File
|
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 02 November 2006 : 17:30:35
|
| then I would suggest banning anyone that posts such links, they will soon stop if you keep banning them. It seems a bit drastic to prevent anyone from posting a link just because a few are being twats |
|
|
|
Zuel
Average Member
USA
540 Posts |
Posted - 02 November 2006 : 18:16:21
|
Well, it is weird because people in the game who want to join the guild MUST visit the forum to apply. One of the requirements is post a link to your gear. And they may phish it to go anywhere. We don't know who these people are, and why would they stop re-registering because if someone does fall for it, then they roughly make $500+ per account they snatch. (Up to $1,500 possibly)
quote:
It seems a bit drastic to prevent anyone from posting a link just because a few are being twats
Having that being said, I only disabled the [url= portion for the select few whom do not reside in specific usergroups. They can always type out the link and Snitz will automatically handle the URL.
But the bottom line is I'm doing it anyways, I just need to know where the code is or how Snitz handles formatStr() function. Does it convert it to HTML when a user Posts/Edits/Replies or does it keep everything in Forum Code until it renders?
Also Snitz was down last night. I cried.  |
My Completed Mods: News Mod | Zuel's Avatar Add-on
In Development: World of Warcraft Member Roster | [C# Based Forum]
Note - I may take a few days to recieve your email. Hotmail filters all new emails as junk. Would be best to post all questions, concerns in a forum topic to catch my immediate attention. This way others can assist and also correct any similar mistakes.
MSN / E-Mail: ucyimDa_Ruler@Hotmail.com
Personal Bookmarks: How to work a DBS File
|
Edited by - Zuel on 02 November 2006 18:17:31 |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 02 November 2006 : 18:25:23
|
you need to look at the edit_hrefs function, maybe just replace it with a dummy function, that should prevent it from turning them into links.
If you haven't already you should probably enable the email validation, that will stop people regesterring unless they have lots of legitimate email addresses (which is unlikely) |
|
|
| |
Topic |
|
Topic Locked
