![]() |
Excessive Smilies overloading Servers
One of my over-zealous (read: bored) users demonstrated an exploit / flaw in vB earlier this evening that I'd like to share with the rest of you to see if: (a) this has been solved; (b) there is a hack which corrects it; or (c) if any of you have come across the issues and have implemented a fix.
This applies to vBulletin 2.2.6, though I suspect it may apply to all previous versions as well. Problem: When a user enters nothing but a bunch of smilies in the entire "Message:" field of a post, the server's load rises above 5.00 (much higher at times) while processing the smilies. The post is then not made, and the server executes a cold flush of the system RAM. I've repeated this test several times, and the results seem fairly consistent. Flood a vBulletin with enough smilies and you can basically take it out of commission. Possible Solution: Eliminate the use of smilies on the forums in question, or implement an algorithm that limits the number of smilies that a user can enter into the Message field. The question is - how exactly would one eliminate the smilies? Just remove them from the list of smilies in the vBulletin Control Panel? Thoughts on this anyone? |
No one is concerned about this? :p
Kaelon |
Quote:
|
That's incorrect. The vBulletin Posting Code Allowances section only permits limiting how one inserts smilies, not how many smilies one can have in the text. What we need to correct this flaw is a setting that would limit the maximum number of smilies (and run a check before the post is processed).
Quote:
|
Maximum images per post/signature
Maximum number of images to allow in posts / signatures. Set this to 0 to have no effect. this affects also smilies |
Quote:
|
Quote:
Kaelon |
when you click on send posting it'll be preparsed.
newreply.php: PHP Code:
PHP Code:
PHP Code:
not really server intesive. after that preparsing it counts the ammount of "<img" segments, and if its to high, the post is refused, it'll never be added to the post table so it wouldn't be added to the thread. if your board doesn't use that behavor of checking max smilies you must have hacked it and made something wrong |
I think hes talking like 1000 smilies in one post and in that case he is correct.
|
Yes, that's right, PPN.
Basically, my server (which has 2 gigs of RAM, Dual P3's) doesn't even blink when a post has something like 20 or even 100 smilies. But, as I have tested personally, if you get a malicious user to come in and start spamming with a post of thousands of smilies - your server will basically come to a grinding halt. The worst part about this, is that the post is not even processed after the server-intensive issue - so you can never figure out who it was that did this to you to take disciplinary sanctions against the abusive user. Kaelon |
All times are GMT. The time now is 08:27 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|