Page Index Toggle Pages: 1 Send TopicPrint
Normal Topic Flooding prevention and message deletion (Read 4142 times)
wondie
New Member
*
Offline


YABB and All the MODZ
RULEZ !!!!

Posts: 16
Location: Penang
Joined: Apr 30th, 2003
Gender: Male
Flooding prevention and message deletion
May 14th, 2003 at 1:23pm
Print Post  
Hi all,

My site which runs YABB 1 Gold - SP 1.3.1 is under attack from the script kiddies, which uses the redirect feature of YABB and hostile Flash files.

To some extend, once click on any of the messages which is contains the hostile scripts, up to 100 IE windows may pop up and that will ultimately leads to a crash of the viewer's PC.

For the time being, all I can do is to delete the entire thread that contains the hostile Flash and disable YABB code, and there goes all the smilies and colorful HTML stuff Sad

I wonder if there is any way to stop the script kiddies, like to modify YABBC tags to not include Flash ?

Secondly, is there a MOD where once you delete a member, that will also remove all the messages that member has posted ?

Thanks

Wondie
  
Back to top
 
IP Logged
 
Ikari-Kun
God Member
*****
Offline



Posts: 501
Joined: Apr 25th, 2002
Gender: Male
Re: Flooding prevention and message deletion
Reply #1 - May 15th, 2003 at 5:43am
Print Post  
iI would say the easyest way is to remove this part of code from the YaBBC.pl

Code
Select All
	$message =~ /\[flash\=(\S+?),(\S+?)](\S+?)\[\/flash\]/;
	$width = $1;
	$height = $2;
	if ($width > 500) { $width = 500; }
	if ($height > 500) { $height = 500; }
	$message =~ s~\[flash\=(\S+?),(\S+?)](\S+?)\[\/flash\]~<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=$width height=$height><param name=movie value=$3><param name=play value=true><param name=loop value=true><param name=quality value=high><embed src=$3 width=$width height=$height play=true loop=true quality=high></embed></object>~g;
 

  

perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
Back to top
ICQ  
IP Logged
 
alexik
Senior Member
****
Offline


gone with the wind

Posts: 275
Location: Lahti
Joined: Dec 20th, 2002
Gender: Male
Re: Flooding prevention and message deletion
Reply #2 - May 16th, 2003 at 9:59am
Print Post  
Quote:
Secondly, is there a MOD where once you delete a member, that will also remove all the messages that member has posted ?

Better would NOT to delete the person, just the posts. If you delete him, he'll be able to use same username & email again. Ban the person forever and finally he'll get tired of inventing new usernames & email addresses.
  
Back to top
 
IP Logged
 
wondie
New Member
*
Offline


YABB and All the MODZ
RULEZ !!!!

Posts: 16
Location: Penang
Joined: Apr 30th, 2003
Gender: Male
Re: Flooding prevention and message deletion
Reply #3 - May 31st, 2003 at 2:13am
Print Post  

Now my bigger challenge is how to fend off over 2000 posting / mailing flood in 5 minutes ?

The flooding act has bring my site on it's knees for the past 2 weeks and I have to refresh the site every other day and this has been a painful experience.

Any clues to solve this ?

Wondie
  
Back to top
 
IP Logged
 
Spikecity
God Member
*****
Offline


Beer anyone ?

Posts: 2630
Location: New York
Joined: Apr 16th, 2002
Gender: Male
Re: Flooding prevention and message deletion
Reply #4 - Jun 2nd, 2003 at 2:55pm
Print Post  
External referer security will guard against posting flooding using off site forms or scripts to directly attack the script.
  

Nothing to add here Smiley
Back to top
 
IP Logged
 
wondie
New Member
*
Offline


YABB and All the MODZ
RULEZ !!!!

Posts: 16
Location: Penang
Joined: Apr 30th, 2003
Gender: Male
Re: Flooding prevention and message deletion
Reply #5 - Jun 6th, 2003 at 12:35am
Print Post  
Quote:
External referer security will guard against posting flooding using off site forms or scripts to directly attack the script.


Ron,

Maybe you are able to assist me to find out what are the meanings of the following lines in settins.pl


$LOCK_EX = 2;       
$LOCK_UN=8;                                                       $LOCK_SH=1;



I notice that if I changed the values to no default values, it will lock up YABB engine.

                                                     
  
Back to top
 
IP Logged
 
Spikecity
God Member
*****
Offline


Beer anyone ?

Posts: 2630
Location: New York
Joined: Apr 16th, 2002
Gender: Male
Re: Flooding prevention and message deletion
Reply #6 - Jun 7th, 2003 at 3:10pm
Print Post  
That's wy all the manuals suggest you leave them default (these are proven to work always settings) and only in very, very, very rare situations need changes.
  

Nothing to add here Smiley
Back to top
 
IP Logged
 
wondie
New Member
*
Offline


YABB and All the MODZ
RULEZ !!!!

Posts: 16
Location: Penang
Joined: Apr 30th, 2003
Gender: Male
Re: Flooding prevention and message deletion
Reply #7 - Jun 8th, 2003 at 2:51pm
Print Post  
Quote:
That's wy all the manuals suggest you leave them default (these are proven to work always settings) and only in very, very, very rare situations need changes.


One thing I found out about those values are if I happend to change any of the numbers to other than the default ones, new users will face problem to register themselve into the board.

Hmm .. must do more RTFM to see what those 2 numbers really means ....
  
Back to top
 
IP Logged
 
Spikecity
God Member
*****
Offline


Beer anyone ?

Posts: 2630
Location: New York
Joined: Apr 16th, 2002
Gender: Male
Re: Flooding prevention and message deletion
Reply #8 - Jun 8th, 2003 at 8:06pm
Print Post  
wondie wrote on Jun 8th, 2003 at 2:51pm:
One thing I found out about those values are if I happend to change any of the numbers to other than the default ones, new users will face problem to register themselve into the board.

Hmm .. must do more RTFM to see what those 2 numbers really means ....

Better grab PerlMan then, they are explained there and have to do with file locking and exclusivity of file handling by the script.
  

Nothing to add here Smiley
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Send TopicPrint