Seems like users at my site can post base64 images on posts through the WYSIWYG editor.

Anyone has developed something to avoid this huge data insertions ??


[Tue Feb 04 16:52:37 2014] [error] [client 173.245.49.171] (36)File name too long: Cannot map GET /data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBhIQDxIQEBIPDw8QDxAPEA8PDw8PDQ8PFBAVFBQQFB IXHCYeFxkjGRQSHy8gIycpLCwsFR4x NTAqNSYrLCkBCQoKDgwOFw8PGikcHhwpLCksKSksKSkpKSkpKS kpKSksKSksKSkpLCkpKSkpKSkpLCwp KSkpLCkpKSksKSwpKf/AABEIALcBEwMBIgACEQEDEQH/xAAcAAABBQEBAQAAAAAAAAAAAAADAAECBAUGBwj/xAA4EAACAQIEAwYDBwMFAQAAAAAAAQIDEQQFEiExQVEGEyJhcZ GBobEHFDJSwdHwQmLhFSMzcoJj/8QAGgEAAgMBAQAAAAAAAAAAAAAAAgMAAQQFBv/EACYRAAICAQQCAQQDAAAAAAAAAAABAhEDBBIhMRNBIhRRYXEFI/D/2gAMAwEAAhEDEQA/AMPQQlAPpBVEcpo6RXlEeEBpBKQhhoPTph1TGootJECKsqZDuy 3KJHSCyxUKZoUoAKES9SiHFgtDOJVr
....
MoiiQhEIeefaBQ01YT/MmvY5J1BCPLa5JZ5HZ0z/rRF1CPeCEZEh4zqke8EIKgSOsQhEoh//Z HTTP/1.1 to file, referer:
http://goo.gl/AXLyqd

They are generating apache errors and I'm afraid they could affect both apache and vb search server performance.

I would think the use of the attachment manager would prevent that "image" from even uploading. It should cause an error message that says something like, "not a recognized image format." It also would not be in the format of http://domain.com/filename., it would have to be in [ attach]1234567[/attach].

If it is posted between tags, then you could prevent it by censoring the term base64. Adding that to the censored words list will break the image and cause either nothing to appear in some browsers or a red X to appear in others.

I wrote an article about this a few years ago - http://www.syndicatetheory.com/labs/vbulletin-large-inline-images-exploit

A plugin is included to show you how to prevent it.

Cheers

Excellent read Adrian. :)