7
   

Don't open the I wear clownshoes threads

Forums:
Email this Topic Print this Page
 
 
edgarblythe
 
Reply Fri 14 Oct, 2016 10:11 pm
I did and look what it spawned.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 7 • Views: 1,073 • Replies: 25

 
Krumple
 
  1  
Reply Fri 14 Oct, 2016 10:13 pm
@edgarblythe,
edgarblythe wrote:

I did and look what it spawned.


Delete the thread if you do. Another spawns. Hacker embeded thread. Not sure who the original poster is.

*EDIT* Camfp is the hacker.
chai2
 
  2  
Reply Fri 14 Oct, 2016 10:17 pm
@Krumple,
Yeah, I opened it only because I obviously thought it was yours edgar.

Krumple, we can't delete threads, only admin can do that.

I assume edgar that you reported it?
Krumple
 
  1  
Reply Fri 14 Oct, 2016 10:19 pm
@chai2,
chai2 wrote:

Yeah, I opened it only because I obviously thought it was yours edgar.

Krumple, we can't delete threads, only admin can do that.

I assume edgar that you reported it?



You can delete a post you "start" as long as no body replies to it.

The hacker is making it so the viewer becomes the poster. That gives you the optiin to delete it.

He is spamming every thread with that image.
momoends
 
  3  
Reply Fri 14 Oct, 2016 10:39 pm
@Krumple,
it happened to me when i reported the photo on another topic... It´s getting out of the admin hands....
0 Replies
 
momoends
 
  1  
Reply Fri 14 Oct, 2016 10:40 pm
@edgarblythe,
he´s all over the place
0 Replies
 
Robert Gentel
 
  5  
Reply Sat 15 Oct, 2016 12:58 am
@edgarblythe,
This bug should be fixed. There was a bug in the bbcode parser library the site uses that allowed arbitrary html injection into the color tag. The "hacker" kids who did this used that bug to post a javascript that would post the message over and over if you viewed one of the posts. The posts have been removed and the bbcode parser's bug has been fixed.
Walter Hinteler
 
  2  
Reply Sat 15 Oct, 2016 01:04 am
@Robert Gentel,
Thanks, Robert!
Robert Gentel
 
  5  
Reply Sat 15 Oct, 2016 01:09 am
@Walter Hinteler,
Wasn't just me, lots of others helped.
0 Replies
 
momoends
 
  2  
Reply Sat 15 Oct, 2016 01:28 am
@Robert Gentel,
thank god! my eyes are still bleeding
0 Replies
 
Setanta
 
  1  
Reply Sat 15 Oct, 2016 03:46 am
They (?) must have used keystroke logging to make the false posts, because i was there, but i wasn't logged in; i looked at the threads, but i don't believe they logged in on my account and propagated their awful thread.
jespah
 
  3  
Reply Sat 15 Oct, 2016 03:51 am
Thank you to everyone who did the fixes and thank you to the community for reporting.
0 Replies
 
Region Philbis
 
  2  
Reply Sat 15 Oct, 2016 06:54 am

the folks who clicked on the hack topics lost their profile descriptions.

to everyone else --

if you have a profile you'd hate to lose to something like this in the future, go into your settings and save it somewhere...
0 Replies
 
Region Philbis
 
  1  
Reply Sat 15 Oct, 2016 07:04 am

http://able2know.org/account/profile/
0 Replies
 
ossobucotemp
 
  1  
Reply Sat 15 Oct, 2016 08:16 am
@Krumple,
You can delete your own thread for approximately ten minutes, and then you can't, unless I'm remembering wrong, which I suppose is possible.
0 Replies
 
Robert Gentel
 
  5  
Reply Sat 15 Oct, 2016 10:48 am
@Setanta,
As far as I know no user computers or servers were compromised (so no keystroke loggers etc). There was a bug in the bbcode library we use that let a carefully crafted post insert html. Doing that allowed them to link to a javascript, the javascript made the browser try to post the threads and if you were already logged in it worked. We patched the bug in the bbcode library that allowed the html so that won't work again.
edgarblythe
 
  2  
Reply Sat 15 Oct, 2016 12:03 pm
I was not certain. Did a whole computer scan just in case.
0 Replies
 
Setanta
 
  2  
Reply Sat 15 Oct, 2016 12:04 pm
I'm glad to think that "they" weren't getting anyone's passwords or credit card numbers. While i'm here, thanks to you and Peter.
0 Replies
 
Krumple
 
  0  
Reply Sat 15 Oct, 2016 12:42 pm
@Robert Gentel,
Robert Gentel wrote:

As far as I know no user computers or servers were compromised (so no keystroke loggers etc). There was a bug in the bbcode library we use that let a carefully crafted post insert html. Doing that allowed them to link to a javascript, the javascript made the browser try to post the threads and if you were already logged in it worked. We patched the bug in the bbcode library that allowed the html so that won't work again.


What do we do about the trauma from seeing that post?
chai2
 
  1  
Reply Sat 15 Oct, 2016 03:20 pm
@Krumple,
You deal with it and move on.
 

 
  1. Forums
  2. » Don't open the I wear clownshoes threads
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 05/07/2024 at 11:08:12