On a forum that I'm managing, I'm having issues with a user posting links to the member's areas of porn sites in the URL portion of the image BBCode. Basically, he loads about twenty into his posts, and then anytime anyone loads the post, they're prompted to enter a password to a porn site twenty times (You can see how this adds up quickly with multiple posts in a single thread.) IP banning him isn't working, because his ISP gives him a new IP whenever he restarts his router, and I can't disable images altogether for obvious reasons. Would there be an easy way to filter links like that from being inserted into the image BBCode ? For instance, he's not linking to an image, just the URL to the backdoor like http://members.whatever.com. I guess I'm really wondering if there's a way I could force the image BBCode URL's to have an image type file extension like .jpg, .gif, or .png ?
Yes, but I can't get through to anybody that has any authority to do anything though. Plus, my entire board now knows about the exploit, so it's only a matter of time before the copycats come in and the whole place is in an uproar. I need a more permanent fix to the problem than just removing the lone user at this point in time.
After four hours of tinkering, I finally managed to craft a plugin that did the trick. If anyone else ever runs across the same problem, drop me a PM, and I'd be more than happy to send it to you.
09-01-2007, 03:40 PM
Image BBCode Exploit of Sorts
Linear Mode
