News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Block 1x1 images

Started by NanoSector, April 18, 2012, 01:43:40 PM

Previous topic - Next topic

NanoSector

Hi! Excuse me if a word misses an f, my f key is almost stuck.

To dive right into the subject, basically I think such stuff needs to be blocked.
Several users/bots/hackers/whatever are using 1x1 images to inect users' computers with malware.

I wouldn't call this a security issue but a feature. If a site makes use of analytics it may be a good idea to not have this since some analytics systems use 1x1 images to recognize stuff.

Thanks!
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

kat

Would a simple "Minimum image size", as exists for "Maximum" achieve that?

(Just curious)

NanoSector

Quote from: K@ on April 18, 2012, 01:46:09 PM
Would a simple "Minimum image size", as exists for "Maximum" achieve that?

(Just curious)
Yeah, I guess that will :)
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

IchBin™

Why not just remove the option for them to post images in the permissions for newbies or ungrouped members?
IchBin™        TinyPortal

NanoSector

Quote from: IchBin™ on April 18, 2012, 01:53:56 PM
Why not just remove the option for them to post images in the permissions for newbies or ungrouped members?
Because once they have spammed a lot and got permission to post images they will be able to post them anyway.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

kat

What about external images?

Could they screw things, in the same way?

NanoSector

Quote from: K@ on April 18, 2012, 02:39:04 PM
What about external images?

Could they screw things, in the same way?
Yeah, that's what I'm talking about, really :P

A malicious image that is loaded in the users' browser.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Antechinus

Quote from: Yoshi2889 on April 18, 2012, 01:43:40 PMI wouldn't call this a security issue but a feature. If a site makes use of analytics it may be a good idea to not have this since some analytics systems use 1x1 images to recognize stuff.

Thanks!

It's not a bad thought. I get where you're coming from. Problem is that there are several legit uses for 1x1 images, so you're running the risk of breaking things if you just ban them completely.

However, there are no legit uses that I can think of for 1x1 images in posts, sigs, avatars or PM's. If only those were restricted then that should nobble the wallies without breaking anything legit.

IchBin™

Is it really worth it to parse a post to get this information about an image in a post? It means you'd have to send off a request just to get the image first to figure out the size/dimensions etc. I'd much rather just limit the ability for people to posts images in the same way I'd like to limit who can post links for spamming.
IchBin™        TinyPortal

Antechinus


青山 素子

Quote from: IchBin™ on April 18, 2012, 07:50:12 PM
Is it really worth it to parse a post to get this information about an image in a post? It means you'd have to send off a request just to get the image first to figure out the size/dimensions etc.

Not to mention that some web hosts don't allow the methods necessary for the script to download external resources. Namely any of url fopen (usually blocked), curl (not common on hosts), and direct sockets (pain to code and not usually supported).
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


NanoSector

Why don't you add is as extra protection then, so that it can be enabled and a check can be applied whether the use of url fopen is allowed?

Really it doesn't matter to me but there are users actually getting infected because of this problem...
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

kat

These images... It seems to just be gifs. Is that correct?

Does that, in itself, make it easier to block? Or, are all formats affected, by this?

IchBin™

What if they create a 2x2 or 5x5 image? Checking the size doesn't really solve the problem. The best way to solve this type of problem is to restrict people from posting images in the first place.

Maybe you can get someone to write a mod to pull the file down, run it through an AV scan and then allow or disallow. :)
IchBin™        TinyPortal

NanoSector

Quote from: K@ on April 19, 2012, 03:06:30 PM
These images... It seems to just be gifs. Is that correct?

Does that, in itself, make it easier to block? Or, are all formats affected, by this?
Sorry, I dunno.

@IchBin: Yeah, but obviously bigger images are more obvious.
Pulling it through a virus scan seems a good idea though :)
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

kat

#15
Isn't that what that krisbarteo used, way back when?

I believe we fixed that. Is it relevant? Can that fix be used, in some way? (Just curious)

NanoSector

Quote from: K@ on April 19, 2012, 03:19:15 PM
Isn't that what that krisbarteo used, way back when?

I believe we fixed that. Is it relevant? Can that fix be used, in some way? (Just curious)
What? How? Where? (I dunno about the "fix" used)
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

kat

Click the link, ya nutter! :)

NanoSector

Quote from: K@ on April 19, 2012, 03:22:12 PM
Click the link, ya nutter! :)
Sorry it could be that I'm stupid (and I know I'm crazy) but I don't see any fix, really, except for kb_scan.php..
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

kat

Oh! Sorry. I thought you meant that you'd not known about krisbarteo...

A patch was released, to stop him.

Advertisement: