The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
[3.X] How to remove image upload URLs?
Example of what I'm talking about;
The reasoning behind this is because I'm trying to mask my forum's true IP with CloudFlare, but with this method: http://www.madleets.com/Thread-Bypas...IP-from-forums , people will be able to get the IP. On the topic, what other methods do you guys know of within 3.X that would allow somebody to identify the IP? I've covered the SMTP with Amazon SES, but I'm sure there are other methods that I'm still vulnerable to. |
#2
|
||||
|
||||
You can edit permissions to not allow URL images... but that will not have any effect in stopping anyone from getting your IP.
Anyone can ping your site to find the IP. |
Благодарность от: | ||
ozzy47 |
#3
|
||||
|
||||
They could also run a tracert to the site, and get the true IP.
|
#4
|
|||
|
|||
Quote:
--------------- Added [DATE]1395011999[/DATE] at [TIME]1395011999[/TIME] --------------- currently, running a traceroute is only showing cloudflare's IPs |
#5
|
||||
|
||||
If that is the case, why worry about the URL images?
They only use one IP for many sites on cloudflare? I have no idea if they do. |
#6
|
||||
|
||||
Your original IP can still be uncovered.
Many rent-a-DDoS packages will include a Cloudflare resolver feature and there are online resolver tools. As with any proxy, the attacker can also trace it back via FTP and MX subdomains (which are not handled by CF proxy) Now saying that, it may still be a good idea to hide your IP through Cloudfare, if you are experiencing issues, but don't think one you do, you will be 100% safe. Well that's a good thing. |
Благодарность от: | ||
OzzModz |
#7
|
|||
|
|||
If I wanted to just remove the option for remote URL's on image uploads in places like signature/avatar/posts, how would I do that? where would I look for the code in vBulletin's files?
--------------- Added [DATE]1395056047[/DATE] at [TIME]1395056047[/TIME] --------------- No resolvers that I've tested (20+) have found the IP, ftp and mx subdomains return 'unknown host' |
#8
|
|||
|
|||
To do so, go to your theme settings in style manager.
I'll walk you through. Go to your style you want to edit, open 'edit templates'; Find 'Modify User Option Templates' Within there you'll find 'modifyavatar' Which if you open and replace ALL the code with; Code:
<script type="text/javascript"> <!-- function check_yes(objid) { yes = fetch_object(objid); if (yes) { yes.checked = true; } } <if condition="$show['categories']"> function switch_avatar_category() { selobj = fetch_object("avatar_category_select"); window.location = "profile.php?$session[sessionurl_js]do=editavatar&categoryid=" + selobj.options[selobj.selectedIndex].value; } </if> //--> </script> <form enctype="multipart/form-data" action="profile.php?do=updateavatar" method="post"> <input type="hidden" name="s" value="$session[sessionhash]" /> <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> <input type="hidden" name="do" value="updateavatar" /> <table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center"> <tr> <td class="tcat">$vbphrase[edit_avatar]</td> </tr> <tr> <td class="panelsurround" align="center"> <div class="panel"> <div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]"> <fieldset class="fieldset"> <legend>$vbphrase[your_current_avatar]</legend> <table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0"> <tr valign="top"> $currentavatar <td class="smallfont"> <div style="margin-bottom:$stylevar[formspacer]px">$vbphrase[avatars_small_graphics_short]</div> <div style="margin-bottom:$stylevar[formspacer]px"><label for="rb_avatarid_no"><input type="radio" name="avatarid" value="-1" id="rb_avatarid_no" $nouseavatarchecked />$vbphrase[do_not_use_an_avatar]</label></div> <div>$vbphrase[note_have_custom_avatar_delete]</div> </td> </tr> </table> </fieldset> <if condition="$show['forumavatars']"> <fieldset class="fieldset"> <legend><phrase 1="$categoryname">$vbphrase[predefined_x]</phrase></legend> <table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0" width="100%"> <tr> <td colspan="$cols"> <if condition="$show['categories']"> $vbphrase[avatar_category]:<br /> <select name="categoryid" id="avatar_category_select" onchange="switch_avatar_category()">$categorybits</select> <input type="button" value="$vbphrase[go]" class="button" onclick="switch_avatar_category()" /> </if> </td> </tr> <tr> <td colspan="$cols">$vbphrase[may_select_predefined_as_avatar]</td> </tr> $avatarlist <if condition="$show['pagenav']"> <tr valign="bottom"> <td colspan="$cols"> $pagenav </td> </tr> </if> </table> </fieldset> </if> <if condition="$show['customavatar']"> <fieldset class="fieldset"> <legend>$vbphrase[custom_avatar]</legend> <div style="padding:$stylevar[formspacer]px"> <div class="fieldset"> $vbphrase[have_custom_avatar_want_as_is]<br /><br /> <label for="avatar_yes"><input type="radio" name="avatarid" value="0" id="avatar_yes" $avatarchecked[0] />$vbphrase[use_custom_avatar]</label><br /><br /> $vbphrase[may_upload_custom_image_controls]<br /><br /> <if condition="$show['customavatar_url']">$vbphrase[option_2_upload_image_from_computer]<else />$vbphrase[upload_image_from_computer]</if> <div style="padding:$stylevar[formspacer]px"> <input type="file" class="bginput" name="upload" onchange="check_yes('avatar_yes')" size="45" /> </div> <if condition="$show['maxnote']"> $maxnote </if> </div> </div> </fieldset> </if> </div> </div> <div style="margin-top:$stylevar[cellpadding]px"> <input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" /> <input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" /> </div> </td> </tr> </table> </form> Also if you wish to edit profile pictures you can do so by the following, go back to Modify User Options Templates and find 'modifyprofilepic' again removing all the code and replacing it with Code:
<form enctype="multipart/form-data" action="profile.php?do=updateprofilepic" method="post"> <input type="hidden" name="s" value="$session[sessionhash]" /> <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> <input type="hidden" name="do" value="updateprofilepic" /> <table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center"> <tr> <td class="tcat" colspan="2">$vbphrase[edit_profile_picture]</td> </tr> <tr> <td class="panelsurround" align="center"> <div class="panel"> <div style="width:$stylevar[formwidth_usercp]" align="$stylevar[left]"> <fieldset class="fieldset"> <legend>$vbphrase[your_current_profile_picture]</legend> <table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0"> <tr valign="top"> <if condition="!$show['profilepic']"> <td class="alt1" style="border:1px inset; padding:$stylevar[cellpadding]px"> <span class="smallfont">$vbphrase[no_profile_picture]</span> </td> <else /> <td class="smallfont"> <img src="$bbuserinfo[profileurl]" alt="$vbphrase[your_profile_picture]" border="0" /> </td> </if> <td class="smallfont"> <div style="margin-bottom:$stylevar[formspacer]px">$vbphrase[profile_picture_desc]</div> <if condition="$show['profilepic']"><div style="margin-bottom:$stylevar[formspacer]px"><label for="profilepic"><input type="checkbox" name="deleteprofilepic" value="1" id="profilepic" />$vbphrase[delete_current_image]</label></div></if> </td> </tr> </table> </fieldset> <fieldset class="fieldset"> <legend>$vbphrase[custom_profile_picture]</legend> <div style="padding:$stylevar[formspacer]px"> <div class="fieldset"> $vbphrase[may_upload_custom_image_controls]<br /><br /> <if condition="$show['profilepic_url']">$vbphrase[option_2_upload_image_from_computer]<else />$vbphrase[upload_image_from_computer]</if> <div style="padding:$stylevar[formspacer]px"> <input type="file" class="bginput" name="upload" size="45" /> <input type="hidden" name="MAX_FILE_SIZE" value="$inimaxattach" /> </div> <if condition="$show['maxnote']"> $maxnote </if> </div> </div> </fieldset> </div> </div> <div style="margin-top:$stylevar[cellpadding]px"> <input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" /> <input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" /> </div> </td> </tr> </table> </form> Quote:
I've managed to hide my IP on many of my forums and they're almost 'DDoS' proof. NO-one has found a way past it yet, I'm glad to say it works. Any trouble just PM me |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|