How many licks does it take....

Signed-In Members Don't See This Ad

What's the deal with this guy? #1

  • There was obviously a situation where Stairs and Gravity were involved.

    Votes: 0 0.0%
  • Some people won't learn, others can't... He covers both...

    Votes: 1 20.0%
  • There's really nothing wrong, he's just desperate for attention.

    Votes: 2 40.0%
  • CHEESEBURGERS!!!!!!!!!!

    Votes: 2 40.0%

  • Total voters
    5
  • Poll closed .
Signed-In Members Don't See This Ad

ed4copies

Local Chapter Manager
Joined
Mar 25, 2005
Messages
24,523
Location
Racine, WI, USA.
Todd, please understand I don't understand ANY of this----I can tell you what has worked for MEE. I am old and cantankerous!! I will continue to try things until one works-----OR I will ask Jeff and he is kind enough to tolerate answering me!!

"Special symbols" are a no-no!!
 
Last edited:

jeff

Administrator
Staff member
Joined
Dec 5, 2003
Messages
8,970
Location
Westlake, OH, USA.
After the great malware infestation of 2012, I hired a security specialist to analyze our vulnerabilities and make us safe. One of this things he did was to put a piece of software in front of our web server that rejects all sorts of special character strings that hackers use to attempt "SQL Injection Attacks".

That's a technique where the hacker puts a certain string of characters into text boxes, hoping that the database will respond to them as if they were valid commands, and yield control of the database and web site to the bad guy. Then they load malware, which they hope will spread to users.

So we have extremely sensitive filtering, and depending on where the special characters are in a post or poll, and what else is in the surrounding text boxes, the filter will trip and you see the "forbidden" page. That's all that shows to not give the hacker any clues as to what he did.

The filter has stopped millions of attempts (automated robots work on sites at the direction of hackers) to hack us, some of which could have been very successful and very disastrous. We use other pieces of software as well. We run a filter that blocks known spammer registrations and for fun I just checked the log and in the last 12 months it has blocked 398,000 bogus registration attempts, most from automated spambots.

Once I know about a certain issue, I ask Tyler to look at the text, and write an exception to the rule since we know that's something legitimate. Sometimes, loosening a rule will make us vulnerable, so we don't, and I try to handle the occurrences with the same advice Ed gave; Loose the special characters, especially in post titles.

Ain't that fascinating :tongue:

Tyler is looking at this specific issue now.
 

ed4copies

Local Chapter Manager
Joined
Mar 25, 2005
Messages
24,523
Location
Racine, WI, USA.
It was actually all a sinister plot to intimidate my means of communication!!!!! He figured without the exclamation point, I would no longer be able to type!!!!!!!

As you can see, it did slow me down significantly!!!!!!!!!!!!
 

mbroberg

IAP Activities Manager, Emeritus
Joined
Mar 9, 2009
Messages
5,954
Location
Columbus, OH
It was actually all a sinister plot to intimidate my means of communication!!!!! He figured without the exclamation point, I would no longer be able to type!!!!!!!

As you can see, it did slow me down significantly!!!!!!!!!!!!

Must we be in fear of losing our CAPS as well? :tongue:
 

toddlajoie

Member
Joined
Feb 6, 2010
Messages
1,728
Location
Feeding Hills MA
Thanks for the explanation Jeff. I certainly wouldn't spend any time trying to make an exemption, I can live without special symbols, and it is in no way worth opening up a vulnerability. This was the first I had heard of this issue, so your explanation never would have crossed my mind. The reasoning is very sound, and I understand completely, and now I'll be aware of this if something similar happens in the future...

Now to figure out how to post images in the polls... Anyone have any helpful hints, links to tutorials, longwinded explanations (my specialty) or just plain bad advice?

Is it just putting the photo's URL in image tags?
 
Top Bottom