News:

Join the Facebook Fan Page.

Main Menu

Load images via forum

Started by Maldark, June 29, 2016, 07:24:37 AM

Previous topic - Next topic

Maldark

Hi there

In the past, we've had the issue where users sent images containing ip-loggers through the forum. This could be a regular img tag that simply loads the image from a site such as hxxp:iplogger.org [nonactive].

To counter this, I'd like to make all of the images load through our forum, such that the ip shows up as ours instead of our users.

How can I obtain this functionality?

Thanks

Sir Osis of Liver

Don't think it'll do what you want, but you can disable img tags and require users to post images via attachment.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Maldark

I've seen a forum where it is done, I am unsure how they did it though.

Attachments are a no-go as our entire www folder is read-only due to security concerns

Kindred

what "security concerns"?

If you have the server configured correctly, then 644 or should be sufficient and safe while still allowing attachments.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Maldark

We previously had breaches that was a result of multiple problems. Some admins had reused passwords, which meant that the attacker was able to log into their accounts and upload a new theme to our website. This theme included extra php files that allowed the attacker to directly execute linux commands as well as upload other files. He then uploaded a shell script which meant that he got access to the dedicated box itself, and was then able to go into the settings.php and read the database password. For this reason, we've not completely disabled upload in the code (removed the theme upload function etc) as well as made every folder read/execute only.

nend

You can always load the images via proxy, then have to worry about the other services speed and if they'll be around. I would of said proxy it through your server, but then your putting extra loads and if you don't want attachments then you don't want this.

However I don't see any problems with the loggers in the first place. If you consider it every image you load from another source has the potential of tracking your IP.

Maldark

How would I go around using a proxy for the images? The problem is that we have a rather "toxic" community, and they will do all that they can to get eachothers IP adresses so that they can DDoS eachother.

Maldark

I'm sorry to bump this but we're still looking to implement this, so can anyone help me out?

Grammy

#8
I don't know much about these things, but I did see a mod that at least allows you to restrict images to only be loaded from sites you allow (if I'm reading it correctly) or to block certain domains.

http://custom.simplemachines.org/mods/index.php?mod=1627

It's compatible with 2.0.11.  It installed cleanly on my test site.   I set Pinterest as a blocked domain and tried to post an image. 

Screenshot attached.

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Advertisement: