Thread: HELP! Need help blocking invisible unicode chars in usernames.
View Single Post
  #1  
Old 07-23-2010, 08:18 PM
dvg323 dvg323 is offline
 
Join Date: Feb 2005
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default HELP! Need help blocking invisible unicode chars in usernames.
Hello,

I am running vB 3.8.6 (it's outdated, I know, but the people who host/own our forums refuse to respond to my pleas to update).

There are users who are joining with invisible space Unicode characters and naming themselves after moderators. The vB treats them as 2 users, but I noticed that when I banned "_Moderator" (Where "_" is the invisible space), it not only banned the fake account but the REAL moderator account as well. To combat this I had to rename the account to Moderator2 so that I could ban (and rename) the fake account. I am worried that this exploit may possibly grant these dupe accounts access to the staff forums. I do not know which Unicode symbols they are using, because when they register as a string of them we cannot click their usernames, and we do not know what to search.

If there's a list of blank space unicode characters that I can add to the block list I'd REALLY appreciate some direction on where to go.

Thanks a lot in advance.

edit: Managed to use some trickery to pull up one of their usernames. Here is a copy/paste job of it:
" " <--- It is copy/pasted between these quotation marks.
" " <--- Another
" " <-- A third one.-
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01391 seconds
  • Memory Usage 1,761KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete