Jump to content

"mate raters welcome" new critique category?


bens

Recommended Posts

actually, it smells fishy to me. there's only one photo in there, by someone who joined yesterday, and the photo cannot actually be rated. what's the deal, site administrators? real or fake? tongue in cheek? early april fools? has someone hacked into the site's setup?
Link to comment
Share on other sites

Has the site been hacked? Look at the top photo for the last 3 days or all the pics with perfect scores (all nudes) for the last week. Can't rate any of them, the rate option has been removed. Combine this with the mate raters critique catagory and it looks like the administrators will have their hands full. Too bad this sort of thing happens.
Link to comment
Share on other sites

Does this have something to do with the strange "??" category that recently showed up? At first I thought it was a buffer overflow bug, but maybe it's a result of a sight hack. What's even odder is that the sole picture in the "??" category seems to be a legitimate one. The poster is Chinese, so its possible he entered a title in a Chinese character set and that somehow confused the database.
Link to comment
Share on other sites

oh, this is very strange, cuz i looked at jim adams' portfolio yesterday and i am almost certain that some of his photos now in the top rating as described by ed did not have unqualified 7's. (i am not suggesting at all that jim has anything to do with anything.)
Link to comment
Share on other sites

It's a mini hack. Someone with HTML skills can modify the form that is used to enter the category to make it anything they want.

 

Sometimes you see a related problem where suddenly a new category appears with some kind of strange character in it. This is not caused by a hacked form -- just some kind of corruption of the category field on the way to the server. I have it on my list to fix this problem at some point, but the corruption thing rarely happens and is quickly fixed, so it isn't a very high priority.

 

As for someone taking advantage of the current design to hack, well that hasn't happened before. Someone just discovered a not-so-rapid "Ban Me!" technique. If your goal is to be banned, there are plenty of ways to do it faster. But this method works too for the time being.

Link to comment
Share on other sites

but brian, your mini-hack does not explain how the hacker changed the ratings on jim atkins' photos. i distinctly recall looking at his portfolio yesterday, and at least a couple of the photos that now have 10 ratings of perfect 7's, i could swear had ratings in the 5s. you don't need to explain here, but please take a look at this too, as it looks like someone is actually finding a way to CHANGE ratings if my memory is correct, and i am 99% sure that it is.
Link to comment
Share on other sites

brian, sorry, moving to fast and made a mistake -- its "jim adams." poor jim has posted numerous photos that have somehow been hacked so that they are showing up in the top photos of the week as rated 7/7. if you click on the photos, they show no ratings. i remember looking at some of them yesterday and they had real ratings, so something strange IS going on, i think, worth investigating. sorry to be the bearer of bad news . . .
Link to comment
Share on other sites

<p><i>It's a mini hack.</i></p>

 

<p>Brian I guess that to modify the HTML code it is necessary to modify and save the code on the server. Now, if someone have been able to modify the code on the server I guess they should be able to modify almost everything. I hope this is not the situation but the question (that I am very sorry to ask) is ... what's the situation about security out of there?</p>

Link to comment
Share on other sites

No, Michele. Nobody has hacked the server. It is a trivial matter to send any data to a web server that you want to send. You don't have to use the form that the server sends you to format the data you send. It is a programming mistake on the server side to assume that the data you are receiving is coming from the forms that you sent and to assume that it is valid. This particular script assumes that the category coming in on photo critique request is one of the categories that is in the selection list on the form. That is a mistake because someone doesn't have to use the form and can send any category string at all.

 

The person who did this, by the way, is probably the same person who is running the rating scripts. At some point, he is going to find that he isn't just writing "Ban Me!" scripts. He is going to discover that he is writing "I'd like a visit from the FBI" scripts.

Link to comment
Share on other sites

Chris, yes it is a boo boo. photo.net has reasonable enough security but a lot of features would be different if the system were being coded today. For one thing, we would not have a system that allows anyone to submit HTML posts. That makes it fairly trivial to deface pages. The ease with which some parts of photo.net can be defaced may be a form of protection in itself. Since it isn't a challenge, all you prove by doing it is that you didn't deserve to be trusted. With the number of visitors that we have, it is amazing that we have so few problems. I guess that just shows that most people everywhere in the world are pretty decent. Apparently some kid thinks he is proving he is some kind of HTML/Web god with his antics. That isn't what he is proving at all.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...