bens Posted February 3, 2005 Share Posted February 3, 2005 is this for real? if it is, what's the point of it? Link to comment Share on other sites More sharing options...
cappoldt Posted February 3, 2005 Share Posted February 3, 2005 That's just excellent...!:) <chuckling, tips hat to moderators, impressed> Link to comment Share on other sites More sharing options...
bens Posted February 3, 2005 Author Share Posted February 3, 2005 actually, it smells fishy to me. there's only one photo in there, by someone who joined yesterday, and the photo cannot actually be rated. what's the deal, site administrators? real or fake? tongue in cheek? early april fools? has someone hacked into the site's setup? Link to comment Share on other sites More sharing options...
root Posted February 3, 2005 Share Posted February 3, 2005 What's the point if you can't even rate the damned thing! Clifford worked because he's highly visible for future generations. Link to comment Share on other sites More sharing options...
bens Posted February 3, 2005 Author Share Posted February 3, 2005 but carl, don't you find the new category a little strange? Link to comment Share on other sites More sharing options...
jay_philbrick Posted February 3, 2005 Share Posted February 3, 2005 Has the site been hacked? Look at the top photo for the last 3 days or all the pics with perfect scores (all nudes) for the last week. Can't rate any of them, the rate option has been removed. Combine this with the mate raters critique catagory and it looks like the administrators will have their hands full. Too bad this sort of thing happens. Link to comment Share on other sites More sharing options...
ned1 Posted February 3, 2005 Share Posted February 3, 2005 Does this have something to do with the strange "??" category that recently showed up? At first I thought it was a buffer overflow bug, but maybe it's a result of a sight hack. What's even odder is that the sole picture in the "??" category seems to be a legitimate one. The poster is Chinese, so its possible he entered a title in a Chinese character set and that somehow confused the database. Link to comment Share on other sites More sharing options...
bens Posted February 3, 2005 Author Share Posted February 3, 2005 oh, this is very strange, cuz i looked at jim adams' portfolio yesterday and i am almost certain that some of his photos now in the top rating as described by ed did not have unqualified 7's. (i am not suggesting at all that jim has anything to do with anything.) Link to comment Share on other sites More sharing options...
bens Posted February 3, 2005 Author Share Posted February 3, 2005 sorry, meant as described by jay above. Link to comment Share on other sites More sharing options...
howard_foto Posted February 3, 2005 Share Posted February 3, 2005 delighted to observe people with a creative sense of humor to share about some of the absurdity that goes on around here. Link to comment Share on other sites More sharing options...
bens Posted February 3, 2005 Author Share Posted February 3, 2005 at the possibility that the site may be being hacked, particularly in light of the recent bot attacks. hope the administrators can provide clarification. Link to comment Share on other sites More sharing options...
ned1 Posted February 3, 2005 Share Posted February 3, 2005 If the "mate raters" was indeed a hack I think I see how it was done. Admins contact me as I would rather aid copy-cat hackers by posting it here. Link to comment Share on other sites More sharing options...
ned1 Posted February 3, 2005 Share Posted February 3, 2005 I mean "rather NOT help copy cats". Dr Freud, was that a slip? Link to comment Share on other sites More sharing options...
mottershead Posted February 3, 2005 Share Posted February 3, 2005 It's a mini hack. Someone with HTML skills can modify the form that is used to enter the category to make it anything they want. Sometimes you see a related problem where suddenly a new category appears with some kind of strange character in it. This is not caused by a hacked form -- just some kind of corruption of the category field on the way to the server. I have it on my list to fix this problem at some point, but the corruption thing rarely happens and is quickly fixed, so it isn't a very high priority. As for someone taking advantage of the current design to hack, well that hasn't happened before. Someone just discovered a not-so-rapid "Ban Me!" technique. If your goal is to be banned, there are plenty of ways to do it faster. But this method works too for the time being. Link to comment Share on other sites More sharing options...
bens Posted February 3, 2005 Author Share Posted February 3, 2005 thanks brian, appreciate the information. Link to comment Share on other sites More sharing options...
bens Posted February 3, 2005 Author Share Posted February 3, 2005 but brian, your mini-hack does not explain how the hacker changed the ratings on jim atkins' photos. i distinctly recall looking at his portfolio yesterday, and at least a couple of the photos that now have 10 ratings of perfect 7's, i could swear had ratings in the 5s. you don't need to explain here, but please take a look at this too, as it looks like someone is actually finding a way to CHANGE ratings if my memory is correct, and i am 99% sure that it is. Link to comment Share on other sites More sharing options...
cappoldt Posted February 3, 2005 Share Posted February 3, 2005 Drat. I was all excited that they'd maybe flock there, or even better, get slid there by site admins. Link to comment Share on other sites More sharing options...
ned1 Posted February 4, 2005 Share Posted February 4, 2005 You could fix it with an extra level of indirection in the database. Link to comment Share on other sites More sharing options...
aardvarko Posted February 4, 2005 Share Posted February 4, 2005 so you don't have a separate table for categories, with associated abstraction (e.g. categoryID CHAR(8) used in HTML form, corresponding to record in SELECT categoryName, categoryID FROM categories WHERE topicID=1481)? someone made a boo-boo a long time ago! Link to comment Share on other sites More sharing options...
bens Posted February 4, 2005 Author Share Posted February 4, 2005 brian, sorry, moving to fast and made a mistake -- its "jim adams." poor jim has posted numerous photos that have somehow been hacked so that they are showing up in the top photos of the week as rated 7/7. if you click on the photos, they show no ratings. i remember looking at some of them yesterday and they had real ratings, so something strange IS going on, i think, worth investigating. sorry to be the bearer of bad news . . . Link to comment Share on other sites More sharing options...
micheleberti Posted February 4, 2005 Share Posted February 4, 2005 <p><i>It's a mini hack.</i></p> <p>Brian I guess that to modify the HTML code it is necessary to modify and save the code on the server. Now, if someone have been able to modify the code on the server I guess they should be able to modify almost everything. I hope this is not the situation but the question (that I am very sorry to ask) is ... what's the situation about security out of there?</p> Link to comment Share on other sites More sharing options...
mottershead Posted February 4, 2005 Share Posted February 4, 2005 No, Michele. Nobody has hacked the server. It is a trivial matter to send any data to a web server that you want to send. You don't have to use the form that the server sends you to format the data you send. It is a programming mistake on the server side to assume that the data you are receiving is coming from the forms that you sent and to assume that it is valid. This particular script assumes that the category coming in on photo critique request is one of the categories that is in the selection list on the form. That is a mistake because someone doesn't have to use the form and can send any category string at all. The person who did this, by the way, is probably the same person who is running the rating scripts. At some point, he is going to find that he isn't just writing "Ban Me!" scripts. He is going to discover that he is writing "I'd like a visit from the FBI" scripts. Link to comment Share on other sites More sharing options...
mottershead Posted February 4, 2005 Share Posted February 4, 2005 Chris, yes it is a boo boo. photo.net has reasonable enough security but a lot of features would be different if the system were being coded today. For one thing, we would not have a system that allows anyone to submit HTML posts. That makes it fairly trivial to deface pages. The ease with which some parts of photo.net can be defaced may be a form of protection in itself. Since it isn't a challenge, all you prove by doing it is that you didn't deserve to be trusted. With the number of visitors that we have, it is amazing that we have so few problems. I guess that just shows that most people everywhere in the world are pretty decent. Apparently some kid thinks he is proving he is some kind of HTML/Web god with his antics. That isn't what he is proving at all. Link to comment Share on other sites More sharing options...
micheleberti Posted February 4, 2005 Share Posted February 4, 2005 Thanks Brian. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now