vb.org Archive
Page 27 of 42 « First 172526 27 282937 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Forum Home Enhancements - [AJAX] Websites who have referred today (in the last 24 hours) (https://vborg.vbsupport.ru/showthread.php?t=137792)

blind-eddie 10-30-2007 07:14 AM
Question, One of my members noticed something very weird in my [AJAX] Websites who have referred today (in the last 24 hours) box below our forums, you will notice very large text. Yes they were links. No, to my knowledge no-one clicked them. I also went into my admincp to see if any of my admins did this, I saw nothing regarding this in our logs. Can you tell me what would cause this to happen & what I can do to prevent it from happening again? I have [AJAX] Websites who have referred today (in the last 24 hours) dis-abled for now pending comments here. Thanks, Tim

http://outerzone.us/images/yyyyyyyy.bmp



Note, This Particular Site is vb3.6.5

RedTyger 10-30-2007 07:43 AM
Ah, the screenshot makes all the difference, thank you. This looks to me like Referer spoofing. Since the modification looks at the page the visitor came from and adds it to the database, if the visitor fakes that information then whatever they change it to will be added just the same.

They could also do it (if you have the "Use page titles" option enabled) by creating a webpage with the title "Hello, you've just been hacked" and adding a link to your forum in the page. When they click on the link, the modification will read the "Hello, you've just been hacked" title and add it.

It isn't hacking, its just a slightly crummy trick. I may add one or two tests to try and guess if a referrer is genuine but its not possible to be 100% sure and its not possible to check with page titles at all. If the blocklist isn't functioning properly then I'll try and fix that, because that is the best way to deal with it. Otherwise, just delete them. No harm done.

momo2 10-30-2007 09:30 AM
Thanks for update... I love this and keeps me alert...

blind-eddie 10-31-2007 04:19 PM
Quote:
Originally Posted by RedTyger (Post 1371761)
Ah, the screenshot makes all the difference, thank you. This looks to me like Referer spoofing. Since the modification looks at the page the visitor came from and adds it to the database, if the visitor fakes that information then whatever they change it to will be added just the same.

They could also do it (if you have the "Use page titles" option enabled) by creating a webpage with the title "Hello, you've just been hacked" and adding a link to your forum in the page. When they click on the link, the modification will read the "Hello, you've just been hacked" title and add it.

It isn't hacking, its just a slightly crummy trick. I may add one or two tests to try and guess if a referrer is genuine but its not possible to be 100% sure and its not possible to check with page titles at all. If the blocklist isn't functioning properly then I'll try and fix that, because that is the best way to deal with it. Otherwise, just delete them. No harm done.

Thank you for the info...

TrIn@dOr 10-31-2007 04:34 PM
Quote:
Originally Posted by TrIn@dOr (Post 1371294)
I can't see the deletion of all referrals or of individual...
I can't delete individuals or all of them, why?

blind-eddie 10-31-2007 04:53 PM
Look at my SS above , you will see remove all referals just above the box.

TrIn@dOr 10-31-2007 05:03 PM
Quote:
Originally Posted by blind-eddie (Post 1372887)
Look at my SS above , you will see remove all referals just above the box.
Nope, i don't see the [X] no where.

The group admin need to be primary group or secondary?

EDIT//

Yep, if the Admin group is secondary on a user, he can't remove referrals, fix?

Fungsten 11-01-2007 05:49 PM
Quote:
Originally Posted by TrIn@dOr (Post 1372896)
Nope, i don't see the [X] no where.

The group admin need to be primary group or secondary?

EDIT//

Yep, if the Admin group is secondary on a user, he can't remove referrals, fix?
Same here. I even tried to mess with the code.

mystic10 11-01-2007 08:05 PM
PROBLEM IS THAT WEBSITE REFERR DOSENT HAVE A BOX OF ITS OWN PLEASE SEE LINK AND PIC TO BETTER UNDERSTAND WHAT I MEAN..THANKS FOR UR HELP
http://tinypic.com/view.php?pic=67d2urt&s=1

https://vborg.vbsupport.ru/external/2007/11/43.jpg

Wulfnoth 11-03-2007 11:00 AM
I get the following error on my page:

Code:
Warnung: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /index.php(537) : eval()'d code (Zeile 66)


All times are GMT. The time now is 12:28 AM.
Page 27 of 42 « First 172526 27 282937 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01376 seconds
  • Memory Usage 1,746KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete