Graal Forums  

Go Back   Graal Forums > PlayerWorlds > PlayerWorlds Main Forum
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-18-2012, 12:05 AM
Emera Emera is offline
Delterian Hybrid
Emera's Avatar
Join Date: Mar 2011
Location: Newcastle Upon-Tyne
Posts: 1,704
Emera is a jewel in the roughEmera is a jewel in the rough
Empty PMs linked to hacking incident.

Players on UN have been receiving empty PM's from various different players. We've done some snooping and found that the PM's aren't actually empty, and contain the following HTML code.

<img src="http://surgecraft.org/log.php?a=#a&b=.jpg>

The fact that the php file is named log isn't very comforting. I don't actually know how to tackle the issue apart other than not open your PM's for the time being, which isn't very practical X_X
Reply With Quote
  #2  
Old 05-18-2012, 12:12 AM
Crono Crono is offline
:pluffy:
Join Date: Feb 2002
Location: Sweden
Posts: 20,000
Crono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond repute
Yeah he DCed my net, at least he said sorry afterwards though.
__________________
Reply With Quote
  #3  
Old 05-18-2012, 12:13 AM
Emera Emera is offline
Delterian Hybrid
Emera's Avatar
Join Date: Mar 2011
Location: Newcastle Upon-Tyne
Posts: 1,704
Emera is a jewel in the roughEmera is a jewel in the rough
:3 This is getting slightly out of hand all of this hacking nonsense.
Reply With Quote
  #4  
Old 05-18-2012, 12:20 AM
fowlplay4 fowlplay4 is offline
team canada
fowlplay4's Avatar
Join Date: Jul 2004
Location: Canada
Posts: 5,200
fowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond repute
Append to wordfilter/rules.txt

PHP Code:
RULE
CHECK pm
MATCH 
<img
PRECISION 100
%
WORDPOSITION part
ACTION replace
RULEEND 
__________________
Quote:
Reply With Quote
  #5  
Old 05-18-2012, 12:22 AM
Bell Bell is offline
Registered User
Bell's Avatar
Join Date: Feb 2007
Posts: 1,824
Bell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud of
I emailed Stefan about it so that maybe he can help with a permanent fix. I agree its extremely annoying.

I swear I used to be able to disable images in pm's in an option but it doesn't seem to be there anymore.
__________________
For support contact
http://support.toonslab.com/
Reply With Quote
  #6  
Old 05-18-2012, 12:27 AM
callimuc callimuc is offline
callimuc's Avatar
Join Date: Nov 2010
Location: Germany
Posts: 1,015
callimuc is a splendid one to beholdcallimuc is a splendid one to beholdcallimuc is a splendid one to beholdcallimuc is a splendid one to beholdcallimuc is a splendid one to behold
Quote:
Originally Posted by Emera View Post
<img src="http://surgecraft.org/log.php?a=#a&b=.jpg>
If its the same code you posted, than Im aondering how many PMs the "hacker" will have to send until he does realize that there is a " missing at the end.
__________________
MEEP!
Reply With Quote
  #7  
Old 05-18-2012, 12:43 AM
Rave_J Rave_J is offline
Graal Developer
Join Date: Feb 2006
Location: Texas
Posts: 848
Rave_J can only hope to improve
Send a message via AIM to Rave_J Send a message via MSN to Rave_J Send a message via Yahoo to Rave_J
Quote:
Originally Posted by callimuc View Post
if its the same code you posted, than im aondering how many pms the "hacker" will have to send until he does realize that there is a " missing at the end.
lol
__________________
Graal Developer
Reply With Quote
  #8  
Old 05-18-2012, 12:48 AM
fowlplay4 fowlplay4 is offline
team canada
fowlplay4's Avatar
Join Date: Jul 2004
Location: Canada
Posts: 5,200
fowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond repute
Quote:
Originally Posted by Bell View Post
I emailed Stefan about it so that maybe he can help with a permanent fix. I agree its extremely annoying.

I swear I used to be able to disable images in pm's in an option but it doesn't seem to be there anymore.
The only way to fix this particular exploit is to have a white-list of image hosts (i.e. imgur, imageshack, or tinypic) for linking images in PMs.

Also the filter I just posted does disable images in pm's.
__________________
Quote:
Reply With Quote
  #9  
Old 05-18-2012, 12:52 AM
Starfire2001 Starfire2001 is offline
Unholy Nation
Starfire2001's Avatar
Join Date: Dec 2010
Location: The streets.
Posts: 156
Starfire2001 will become famous soon enough
Quote:
Originally Posted by fowlplay4 View Post
The only way to fix this particular exploit is to have a white-list of image hosts (i.e. imgur, imageshack, or tinypic) for linking images in PMs.

Also the filter I just posted does disable images in pm's.
Thanks added it, working on server pms but doesn't disable images from global pms. Any way I could do that?
__________________
-Ph8
Reply With Quote
  #10  
Old 05-18-2012, 01:06 AM
ffcmike ffcmike is offline
Banned
Join Date: Jul 2004
Location: London
Posts: 2,029
ffcmike has a reputation beyond reputeffcmike has a reputation beyond reputeffcmike has a reputation beyond reputeffcmike has a reputation beyond reputeffcmike has a reputation beyond reputeffcmike has a reputation beyond reputeffcmike has a reputation beyond reputeffcmike has a reputation beyond repute
Send a message via AIM to ffcmike Send a message via MSN to ffcmike
I & Kevin discovered this weeks ago, thought it was common knowledge due to some incidents on UN which PWA dealt with.
Reply With Quote
  #11  
Old 05-18-2012, 04:59 PM
Bell Bell is offline
Registered User
Bell's Avatar
Join Date: Feb 2007
Posts: 1,824
Bell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud of
Stefan contacted me and put a filter in for it and is going to see if he can resolve the issue within the client but could not get it to crash the v6 client at all. Are any of you who actually have the problem using v6? He suggests everyone update their version.
__________________
For support contact
http://support.toonslab.com/
Reply With Quote
  #12  
Old 05-18-2012, 05:05 PM
Emera Emera is offline
Delterian Hybrid
Emera's Avatar
Join Date: Mar 2011
Location: Newcastle Upon-Tyne
Posts: 1,704
Emera is a jewel in the roughEmera is a jewel in the rough
Fantastic, thank you.
Reply With Quote
  #13  
Old 05-18-2012, 05:05 PM
fowlplay4 fowlplay4 is offline
team canada
fowlplay4's Avatar
Join Date: Jul 2004
Location: Canada
Posts: 5,200
fowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond reputefowlplay4 has a reputation beyond repute
Quote:
Originally Posted by Bell View Post
Stefan contacted me and put a filter in for it and is going to see if he can resolve the issue within the client but could not get it to crash the v6 client at all. Are any of you who actually have the problem using v6? He suggests everyone update their version.
This isn't about a crash at all, it's just linking an image and logging their IP Addresses. The attacker then DDoS'd the IPs.
__________________
Quote:
Reply With Quote
  #14  
Old 05-18-2012, 05:07 PM
Bell Bell is offline
Registered User
Bell's Avatar
Join Date: Feb 2007
Posts: 1,824
Bell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud ofBell has much to be proud of
Thanks fp
__________________
For support contact
http://support.toonslab.com/
Reply With Quote
  #15  
Old 05-18-2012, 11:14 PM
Crono Crono is offline
:pluffy:
Join Date: Feb 2002
Location: Sweden
Posts: 20,000
Crono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond reputeCrono has a reputation beyond repute
Quote:
Originally Posted by Bell View Post
He suggests everyone update their version.
never!!
__________________
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 06:27 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.