2.0 concerns - by Road Rash

Started by Road Rash Jr., June 29, 2011, 11:31:04 PM

Previous topic - Next topic

Kindred

and BTW: That was not overlooked...
it was noted - and explained - and explained again in the previous message that I wrote in response to oldrow.
(and also explained that spammers is not a security issue, specifically, unless they are somehow bypassing the normal registration process.)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

ARG01

This whole damn argument could have been avoided if the OP would have just posted what the "major problem now that needs addressing" is in the first post, or at least somewhere during the discussion.

I mean damn, why go out of your way to instigate?  ???
No, I will not offer free downloads to Premium DzinerStuido themes. Please stop asking.

Kindred

pretty much what we've been saying all along.  O:)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Road Rash Jr.

Quote from: ARG on June 30, 2011, 12:38:50 PM
This whole damn argument could have been avoided if the OP would have just posted what the "major problem now that needs addressing" is in the first post, or at least somewhere during the discussion.

I mean damn, why go out of your way to instigate?  ???

It may have been noted, but ignored as the OP is Kindred starting a threat with an insignificant post that ignored the facts of the original post from over a week ago.
That's where all the information is and backed up by others reporting the same issue under different circumstance.
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

Kindred

and again with the accusations and no link...


this thread was originally attached to the 2.0 announcement thread (where it did not belong) and I have not ignored anything since there has been no actual information given (whether to ignore or to pay attention to)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

vbgamer45

 :o wuzzle means to mix that makes sense.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

ARG01

Quote from: Road Rash on June 30, 2011, 12:49:08 PM
Quote from: ARG on June 30, 2011, 12:38:50 PM
This whole damn argument could have been avoided if the OP would have just posted what the "major problem now that needs addressing" is in the first post, or at least somewhere during the discussion.

I mean damn, why go out of your way to instigate?  ???

It may have been noted, but ignored as the OP is Kindred starting a threat with an insignificant post that ignored the facts of the original post from over a week ago.
That's where all the information is and backed up by others reporting the same issue under different circumstance.


But, knowing that the thread was split and moved here, you still seemed to have refused to give information in this thread that was asked for on more than one occasion. I just don't get it?  :-\
No, I will not offer free downloads to Premium DzinerStuido themes. Please stop asking.

Illori

without logs of the attack and proof that smf is at fault there is no way the developers can try to figure out what is going on and provide a patch if such is needed.

IDunc

Gosh damn, RR looks like a complete tool in this thread.


MrGrumpy

the possession of knowledge is worthless unless imparted upon others
My Custom Themes
2.0 themes only - I don't do 1.1.x

Road Rash Jr.

Quote from: Road Rash on June 30, 2011, 11:04:16 AM
An over looked thread http://www.simplemachines.org/community/index.php?topic=438894.0
@ Arg, This is the original thread I started over a week ago, under 2.0 support. The begining of this thread here is confussing because it was not started by me but by Kindred who cut a post where I replied to Illori. 
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

Road Rash Jr.

Quote from: IDunc on June 30, 2011, 01:08:18 PM
Gosh damn, RR looks like a complete tool in this thread.
I agree which I believe was Kindred intent when he started this thread out of context.
The original issue can be found here http://www.simplemachines.org/community/index.php?topic=438894.0
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

Aleksi "Lex" Kilpinen

Kindrred's intent was to separate this discussion from the release announcement AFAIK, and just FYI we've always tried to keep all not directly related discussion out of those topics, so Kindred just followed procedure... Nothing more.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Illori

you should stop linking to that one thread, we have told you there is no trigger in smf to make spammers come to your forum. many other forums other then smf are facing the same issue. with several anti-spam mods the spammers can be controlled or even stopped. they spammers may be searching for forums that have the 2.0 copyright or some other way to identify the 2.0 install, there is no way to stop this.

Road Rash Jr.

Quote from: Aleksi "Lex" Kilpinen on June 30, 2011, 01:45:17 PM
Kindrred's intent was to separate this discussion from the release announcement AFAIK, and just FYI we've always tried to keep all not directly related discussion out of those topics, so Kindred just followed procedure... Nothing more.
On the contrary, that reply was in context with a post from Illori that I replied to. If what you are saying is valid, why has he pick this particular post and no others that would fall under your explaination?
But you don't know the whole story and it is really not worth getting into.
The issue is in the link provided above.
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

Kindred

My intent? Please. My intent in splitting this thread was to remove an off-topic discussion from the announcement thread and place it where it would get some actual discussion. (because, if someone is seeing ACTUAL security issues, we WANT TO KNOW) I picked this post to start the split because this is the post where things started to go way off-topic.

As for your thread: I did respond...
Quote from: Kindred on June 30, 2011, 11:32:42 AM
and BTW: That was not overlooked...
it was noted - and explained - and explained again in the previous message that I wrote in response to oldrow.
(and also explained that spammers is not a security issue, specifically, unless they are somehow bypassing the normal registration process.)

For the love of all gods...

Spammers are not a security issue.
We all know that spammers have broken CAPTCHA at this point. There has been a serious increase in spammer activity in the last 2-3 months. (no one has indicated why this is, but it has been noticed, web-wide)
Unless you have some evidence that the spammers have found a way to bypass the normal registration process, you can't claim that there is a SECURITY issue with SMF just because you have noticed more spammers.


Also... you have made security issue claims (again, without any backup data) in more that just your spammer thread.
Specifically:

Quote
http://www.simplemachines.org/community/index.php?topic=440409.msg3093881#msg3093881
-- actual hacker appears to have modified the category description field. - RR claims it is a 2.0 issue but presents no evidence.

http://www.simplemachines.org/community/index.php?topic=439865.msg3089504#msg3089504
-- database was nuked (fact) - RR claims that he reported the ability of a hacker to  destroy the database (no evidence of any such report)

http://www.simplemachines.org/community/index.php?topic=439994.msg3090574#msg3090574
-- index.php was deleted, somehow. RR claims "it happened to me too" but presents no facts.

http://www.simplemachines.org/community/index.php?topic=438894.msg3082255#msg3082255
-- RR himself claims that just by installing 2.0, he got inundated with spammers and suggests that it is something in 2.0 which allows them to target him.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Road Rash Jr.

Quote
http://www.simplemachines.org/community/index.php?topic=439865.msg3089504#msg3089504
-- database was nuked (fact) - RR claims that he reported the ability of a hacker to  destroy the database (no evidence of any such report)
false conclusion, distortion of post, no such claim was made as you imply
factual post
QuoteQuote from: Antechinus on June 27, 2011, 06:10:32 PM<blockquote>But yes, this does sound like either a hardware problem or a security breach on the server. </blockquote>
Or a security breach in SMF. I've made similar ignored reports and now others are noticing the same thing so it isn't a one time anomaly.
to clarify similar security breach reports were made. There is nothing in my post that says what is misrepresented.
Never argue with an Idiot like myself, they just drag you down to their level then beat you with experience.

Kindred

WHERE have you made reports of a similar security breach?
There are no reports from you in the security email report list.
There are no actual SECURITY reports from you regarding hackers.

Spammers are not related to hackers. A report of an increase in spam registrations has no relationship to a report of a database being nuked. If that was your comparison, then it was an invalid association.


Oh, and I will note that apparently you had no response to my other statements? :)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

xrunner

I've seen a road rash before and knew about such an injury, but I've never seen a forum rash until this thread. Is there a cure for it?

oldrow

Quote from: Aleksi "Lex" Kilpinen on June 30, 2011, 10:16:39 AM
Quote from: Kindred on June 30, 2011, 10:10:09 AM
I will note that my 2.0 sites do not appear to have these problems (at least I have not been notified of any issues), so either the anti-spam mods that I have installed are doing their job or they just haven't found me.
Same here. 2.0 Final, upgraded multiple times - always on the same domain, well linked in google and elsewhere - 2M posts, active userbase... Spammers, hackers, harvesters - not much to mention. I do however block access from TOR, and run HttpBL on top of verification questions, but I even have a board where guests are allowed to post, and I can't remember when I last had to delete a post from there... ;)

how do you block TOR?

Advertisement: