Maiden World Software Update

[Jon]

Well, Maiden World went for an unscheduled break there because of some impromptu software upgrades.

Thanks to someone using exploits in our (slightly outdated) board software to post messages as Manowar telling us our software needs upgraded.

To that individual, I'd like to point out that exploiting the board wasn't a nice way to get my attention, and that I have many other avenues of contact you could have pursued to get my attention (e-mail, contact form, etc etc). All of these would have been vastly preferable to posting the vulnerability of the forum publicly.

We'd at least appreciate some warning before public disclosure, and It'd be great if you didn't use our own admin accounts to post the messages.

Maiden World runs a custom copy of the phpBB sources. That means when upgrades come out, I have to go through all the files and apply the relevant fixes/changes. That takes 1 - 1.5 hours easily, and is something that tends to fall to the back of my schedule. I'd like to think people would understand that not all boards can be upgraded instantly instead of going out exploiting things.

Oh well, thats part of my Sunday evening gone...

 

[rockin_plumber]

:shock: :shock: :shock: was it a regular or aint you gonna divulge that :err:

 

[Jon]

:shock: :shock: :shock: was it a regular or aint you gonna divulge that :err:

Don't seem to be that way, but its possible (proxies and all that). I don't think the person meant any harm, I'm just trying to get across that I'd appreciate 'security reports' in a slightly different form than an exploited board.

 

[manic]

wats everyone no about :?

 

[rockin_plumber]

LOL LOL LOL Some people must be really bored to expliot a little BB like ours.....

And clever............. But stupid with it :x :x :x
Scum I tell yah.....
No better than these asses making viruses all the time :|

 

[manic]

LOL LOL LOL Some people must be really bored to expliot a little BB like ours.....

And clever............. But stupid with it :x :x :x
Scum I tell yah.....
No better than these asses making viruses all the time :|

wat happened? M-W got a virus?

 

[rockin_plumber]

wat happened? M-W got a virus?

:roll: read the top post

 

[manic]

:roll: read the top post

i dont understand it

 

[rockin_plumber]

i dont understand it

:roll: ask a grown up then :wink:

 

[manic]

:roll: ask a grown up then :wink:

i asked u :|

 

[Jon]

Ok, quite simply there were security holes in some of the scripts.

So, you could feed a weird ?blah=blah&blah=blahblah string to the end of an URL, or enter weird text into a post and get access to things you shouldn't.

Thats basically what an exploit is, when you talk about it in website terms.

 

[manic]

Ok, quite simply there were security holes in some of the scripts.

So, you could feed a weird ?blah=blah&blah=blahblah string to the end of an URL, or enter weird text into a post and get access to things you shouldn't.

Thats basically what an exploit is, when you talk about it in website terms.

ahhhhhhhhh, cool in one way but silly in another

 

[rockin_plumber]

i asked u :|

:err: Ok I didn't know the technicalities of it ok

 

[wicky]

:roll: ask a grown up then :wink:

I need to

Thanks for explaining in english rockin :wink: