VGMaps

Site Boards => Message Board Announcements => Topic started by: JonLeung on April 30, 2010, 11:10:39 PM



Title: 2010-05-01: Registration fixed
Post by: JonLeung on April 30, 2010, 11:10:39 PM
bustin98 says he's fixed the CAPTCHA issues with the registration process.  And it should also give you a new combination of letters if you're having troubles with a particular one.  Thanks, bustin!

Hopefully now we'll see some new members again.


Title: Re: 2010-05-01: Registration fixed
Post by: marioman on May 01, 2010, 06:51:34 AM
Hopefully now we'll see some new members again.
Like olsonraymond (http://www.vgmaps.com/forums/index.php?topic=1164.0)?   ::)

I am not sure what is going on, but that post seems to also be messing up the RSS feed.  Sometimes I can read it, but sometimes I get a parse error.

EDIT:  I am also seeing references to kdjkfjskdfjlskdjf.com all over the forum.  The Web of Trust scorecard (http://www.mywot.com/en/scorecard/kdjkfjskdfjlskdjf.com) for this site says that it downloads malicious content/browser exploits.  Thought you would like to know.

EDIT2: *Does some testing*  Yep, kdjkfjskdfjlskdjf.com is installing trojan horses.  Watch yourselves.

EDIT3: The script is in the RSS feed (and possibly the quick edit feature) so that's why it isn't working right.


Title: Re: 2010-05-01: Registration fixed
Post by: Peardian on May 01, 2010, 04:21:17 PM
olsonraymond? That name showed up on Nintendo Papercraft's forum to post spam about money/surveys, and that place uses a captcha as well.


And yes, I got redirected to a trojan-infected site when I went here just a few moments ago.


Title: Re: 2010-05-01: Registration fixed
Post by: Revned on May 01, 2010, 05:37:43 PM
The captcha this forum uses for registration is weak. Keep an eye out for more spambots.


Title: Re: 2010-05-01: Registration fixed
Post by: Peardian on May 01, 2010, 06:01:05 PM
Surprise surprise, the exact same redirect-to-trojan thing happened when I subsequently visited the Nintendo Papercraft forum. It runs on the same software as this one, so I'm wondering if that's related.


Title: Re: 2010-05-01: Registration fixed
Post by: bustin98 on May 02, 2010, 09:20:32 AM
Alright, first: olsonraymond is gone, and his posts are gone. Which means the redirects should be gone too. I've searched the source code and DB to make sure the redirect wasn't there by some other means and came up empty. The question I have is does this forum software allow for javascript or something else to be embeded. I'm not up on intrusion methods like I should be so if anyone has some suggestions feel free to pass them on.

Second: reCaptcha wasn't working, and the internal captcha system is weak too, but the number of new signups is decreased compared to before I started mucking with the captcha to begin with. We've had 3 new members and I'm not convinced that they are bots. (1 so far seems legitimate.) If they were, I think I'd be seeing the consequences already. IF something does happen I still have a trick up my sleeve.

If anyone finds a post that is malicious send me a PM and I will take a look right away and nail down whatever it is that's allowing the code to exist.


Title: Re: 2010-05-01: Registration fixed
Post by: Peardian on May 02, 2010, 12:57:41 PM
I'm not sure if olsonraymond was responsible for the redirect, as it occurred on the main forum index both times, but it hasn't happened again so let's hope.

Just a bit of an update, the forum I was referring to has been temporarily taken offline due to that virus infection. Let's hope we can avoid the same fate.


Title: Re: 2010-05-01: Registration fixed
Post by: bustin98 on May 04, 2010, 01:31:12 PM
Just as a note, I performed my latest bit of surgery on the forums, changing the visual verification field to having a name randomly generated. Just FYI. Should make updates to the forum software fun though...


Title: Re: 2010-05-01: Registration fixed
Post by: Maxim on May 05, 2010, 02:40:38 AM
Just switch to recaptcha (http://custom.simplemachines.org/mods/index.php?mod=1044) - no other captcha system comes close in terms of unbreakability.


Title: Re: 2010-05-01: Registration fixed
Post by: bustin98 on May 05, 2010, 07:45:17 AM
I did switch to it, that's when it broke. And I didn't feel like tearing it apart to figure out what was wrong.

We actually got hammered after I restored the forums and forgot to do the modifications. Oops.


Title: Re: 2010-05-01: Registration fixed
Post by: mohi11 on October 11, 2017, 10:56:50 PM
TNX FOR YOUR USEFUL POSTS