Excessive Smilies overloading Servers

[Logician]

Quote:

Originally posted by Boofo
What code would I need to warn someone with a PM telling them that they will be banned if it happens again?

You can play with this code:

PHP Code:

$greeter="enter senders id";
$receiver="enter receivers id";
$title2="PM title";
eval("\$warning_pm = \"".gettemplate("warning_pm",1,0)."\";");
                    $DB_site->query("INSERT INTO privatemessage (privatemessageid,userid,touserid,fromuserid,title,message,dateline,showsignature,iconid,messageread,folderid) VALUES (NULL,$receiver,$receiver,$greeter,'".addslashes(htmlspecialchars($title2))."','".addslashes($warning_pm)."',".time().",1,1,0,0)"); 


However one important warning here:
bbcodeparse and bbcodeparse2 functions are called from many parts of vb code, not only when someone posts a message. Therefore if you apply a hack there you have to make sure, the conditional the hack depends will not be TRUE when the function is called from somewhere else in vb code.

Let's discuss on an example:
If you apply send PM hack above in this function and make sure it runs when a post has more than 1000 smilies, the poster who will snd a post with 1000 smilies will receive your PM. But if you don't clear all existing posts with 1000 smilies, someone who accidently visited such a post will also receive this PM because the same function will be called and the condition will prove TRUE in showthread.php too.

Bottom line is: Before applying such hacks into this function, make sure you cleared all existing posts/PMs from your database in the first place. Then you can be sure the hack will only apply to new posters only as it should..

PHP Code:

 And can I do it for a particular user if he does it more than once? 


no easy way. You have to form a structure that will track warning of the users..

[Boofo]

Thanks, Sinan. I'll play around with it and let you know what I come up with.

By this:

Quote:

Before applying such hacks into this function, make sure you cleared all existing posts/PMs from your database in the first place.

do you mean if I have "Moderate posts" turned on? Because I don't.

[Logician]

Quote:

Originally posted by Boofo
By this:

do you mean if I have "Moderate posts" turned on? Because I don't.

No.. I mean whatever max.smilie number you specified in this hack, you make sure you don't have existing posts in your database which have that many smilies in them. If any, delete them before applying the hack.

Otherwise the hack code will apply to visitors of these threads too, not only new posters..

[Boofo]

oh, ok, that makes a little more sense now. Thank for explaining that to me.

By the way, where do I set these variables?

$greeter="enter senders id";
$receiver="enter receivers id";
$title2="PM title";

[Rushy]

I ckecked that and it's still doing it. It posts the post and then renders the thread useless.

Quote:

Originally posted by Logician

ok then there is one possibility left and that is your "Maximum images per post/signature" settings in Admin CP/vb settings is set to 0.

Change it to any value except 0 and the hack will work..

[eXtremeTim]

Hmm my windows server seems to be safe against this our at least at the moment. When i add a ton of smilies im guessing near 1000 or so then it says my script did not return a complete set of headers. But if i go to like 900 then my server just flies to the to many images page in under a second.

[Kaelon]

Upon checking this, vBulletin 2.30 still shares this vulnerability, so I recommend that users apply this patch promptly.

Kaelon

[Kaelon]

vBulletin 2.3.2 still, furthermore, still has this vulnerability. I would recommend it be included in vBulletin 3.

[Logician]

Just curious: Have you ever reported it as a bug in vb.com? I think it deserves to be accepted as a "bug" so I think it would be corrected if reported in vb.com.

[Tae-Hwan]

logician is the man!