(UTC)
Change Template: 
Choose Language:
Add Poll
 
Options: Text Color Split Pie
 
 
 
 
 
 
 
 
Poll Comment:
Max 500 characters. Remaining characters:
days and minutes. Leave it blank if you don't want to set it now.

Please type the characters exactly as they appear in the image,
without the first 2 and last 2 characters.
The characters must be typed in the same order,
and they are case-sensitive.
Open Preview Preview

You can resize the textbox by dragging the right or bottom border.
Off Topic Comment Insert Spoiler
Insert Hyperlink Insert FTP Link Insert Image Insert E-mail Insert Media Insert Table Insert Table Row Insert Table Column Insert Horizontal Rule Insert Teletype Insert Code Insert Quote Edited Superscript Subscript Insert List /me - my name Insert Marquee Insert Timestamp No Parse
Bold Italicized Underline Insert Strikethrough Highlight
                       
Change Text Color
Insert Preformatted Text Left Align Centered Right Align
resize_wb
resize_hb







Max 5000 characters. Remaining characters:
Text size: %
More Smilies
View All Smilies
Collapse additional features Collapse/Expand additional features Smiley Wink Cheesy Grin Angry Sad Shocked Cool Huh Roll Eyes Tongue Embarrassed Lips Sealed Undecided Kiss Cry
Topic Summary - Displaying 11 post(s). Click here to show all
Posted by: Monni
Posted on: Sep 12th, 2014 at 3:48pm
Dandello wrote on Sep 12th, 2014 at 3:46pm:
The 'Optional bday' mod would be good as well - I suspect most forums don't need mandatory birthdates.


I want that in 2.6.2 Wink
Posted by: Dandello
Posted on: Sep 12th, 2014 at 3:46pm
Back on topic - I think Carsten's Ex-Member Mod would be a good addition to 2.6.2.

I have an updated version of it but still haven't heard back from Carsten as to whether or not we have permission to update/distribute his mods. (His copyright info explicitly states that written permission is required.)

I think maybe possibly this one could also be modified to save things like member vars and other ancillary member files so the member could be reinstated if necessary.

The 'Optional bday' mod would be good as well - I suspect most forums don't need mandatory birthdates.
Posted by: Monni
Posted on: Sep 7th, 2014 at 8:19am
They forget that I can understand 13 different languages... No matter what encoding they use for hidden messages, I can decrypt them... lol

Thread ID: '1315302929    Result: íå íàøëîñü ôîðìû äëÿ îòïðàâêè'

This one looks like garbage, but it's actually Russian message, and says "Couldn't find the form to send"
Posted by: Dandello
Posted on: Sep 6th, 2014 at 10:21pm
Monni wrote on Sep 6th, 2014 at 9:44pm:
I'm out to get them...



...They ran through the briars and they ran through the brambles and they ran through the bushes where a rabbit couldn't go. They ran so fast that the hounds couldn't catch 'em...

(It's from an American folk song... Grin )
Posted by: Monni
Posted on: Sep 6th, 2014 at 9:44pm
I'm out to get them... Just like when write Mandarin Chinese with some of my friends who are too lazy to keep in touch with me... One sure way to get their attention...
Posted by: Dandello
Posted on: Sep 6th, 2014 at 9:26pm
Is it paranoia when they really are out to get you?  Wink
Posted by: Monni
Posted on: Sep 6th, 2014 at 9:15pm
Maybe it's just me following too closely the error logs for forum of one of my clients, but I've noticed several cracking attempts per day... So far all have failed, but they're clearly collecting valid file name and path patterns so they can find vulnerable software. I've added stub error pages in Apache so that minimal information is returned on failed requests.
Posted by: Dandello
Posted on: Sep 6th, 2014 at 9:09pm
Made the changes and uploaded it here for testing. I have no idea why those error calls were changed since obviously we don't want to give the crackers any more information than we absolutely have to.  Huh
Posted by: Monni
Posted on: Sep 6th, 2014 at 8:51pm
Something like this:

Code
Select All
 --- C:/Users/Mika/AppData/Local/Temp/Security.pm-revBASE.svn000.tmp.pm	Tue Sep 02 07:28:23 2014
 +++ C:/build/yabb/trunk/cgi-bin/yabb2/Sources/Security.pm	Sat Sep 06 23:50:09 2014
 @@ -53,13 +53,13 @@
      if ( !-e "$datadir/$curnum.txt" ) {
          if ( eval { require Variables::Movedthreads; 1 } ) {
              if ( !$moved_file{$curnum} ) {
 -                fatal_error( 'not_found', "$datadir/$curnum.txt" );
 +                fatal_error( 'no_topic_found', $curnum );
              }
              while ( exists $moved_file{$curnum} ) {
                  $curnum = $moved_file{$curnum};
                  next if exists $moved_file{$curnum};
                  if ( !-e "$datadir/$curnum.txt" ) {
 -                    fatal_error( 'not_found', "$datadir/$curnum.txt" );
 +                    fatal_error( 'no_topic_found', $curnum );
                  }
              }
              $INFO{'num'} = $INFO{'thread'} = $FORM{'threadid'} = $curnum;
 @@ -130,7 +130,7 @@
      }

      fopen( BOARDFILE, "$boardsdir/$currentboard.txt" )
 -      or fatal_error( 'not_found', "$boardsdir/$currentboard.txt", 1 );
 +      or fatal_error( 'no_board_found', $currentboard, 1 );
      while ( $yyThreadLine = <BOARDFILE> ) {
          if ( $yyThreadLine =~ m{\A$curnum\|}oxsm ) { last; }
      }
Posted by: Dandello
Posted on: Sep 6th, 2014 at 8:43pm
Good idea.  Smiley
Posted by: Monni
Posted on: Sep 6th, 2014 at 8:30pm
As error "not_found" is shown for guests, I think it would be best to split as "no_topic_found" and "no_board_found", so we wouldn't need to display paths to the files or file names to guests... This makes it harder for crackers to inject malicious files using vulnerabilities on other software installed on same user account.

The messages actually already exist in my language files...
 

YaBB Development & Mods » Powered by YaBB 2.7.00!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid RSS HTML 5 Valid CSS Powered by Perl Source Forge

Page completed in 1.2787 seconds.