Topic: 2010-05-01: Registration fixed

[JonLeung]

bustin98 says he's fixed the CAPTCHA issues with the registration process.  And it should also give you a new combination of letters if you're having troubles with a particular one.  Thanks, bustin!

Hopefully now we'll see some new members again.

[marioman]

Hopefully now we'll see some new members again.

Like olsonraymond?  

I am not sure what is going on, but that post seems to also be messing up the RSS feed.  Sometimes I can read it, but sometimes I get a parse error.

EDIT:  I am also seeing references to kdjkfjskdfjlskdjf.com all over the forum.  The Web of Trust scorecard for this site says that it downloads malicious content/browser exploits.  Thought you would like to know.

EDIT2: *Does some testing*  Yep, kdjkfjskdfjlskdjf.com is installing trojan horses.  Watch yourselves.

EDIT3: The script is in the RSS feed (and possibly the quick edit feature) so that's why it isn't working right.

[Peardian]

olsonraymond? That name showed up on Nintendo Papercraft's forum to post spam about money/surveys, and that place uses a captcha as well.


And yes, I got redirected to a trojan-infected site when I went here just a few moments ago.

[Revned]

The captcha this forum uses for registration is weak. Keep an eye out for more spambots.

[Peardian]

Surprise surprise, the exact same redirect-to-trojan thing happened when I subsequently visited the Nintendo Papercraft forum. It runs on the same software as this one, so I'm wondering if that's related.

[bustin98]

Alright, first: olsonraymond is gone, and his posts are gone. Which means the redirects should be gone too. I've searched the source code and DB to make sure the redirect wasn't there by some other means and came up empty. The question I have is does this forum software allow for javascript or something else to be embeded. I'm not up on intrusion methods like I should be so if anyone has some suggestions feel free to pass them on.

Second: reCaptcha wasn't working, and the internal captcha system is weak too, but the number of new signups is decreased compared to before I started mucking with the captcha to begin with. We've had 3 new members and I'm not convinced that they are bots. (1 so far seems legitimate.) If they were, I think I'd be seeing the consequences already. IF something does happen I still have a trick up my sleeve.

If anyone finds a post that is malicious send me a PM and I will take a look right away and nail down whatever it is that's allowing the code to exist.

[Peardian]

I'm not sure if olsonraymond was responsible for the redirect, as it occurred on the main forum index both times, but it hasn't happened again so let's hope.

Just a bit of an update, the forum I was referring to has been temporarily taken offline due to that virus infection. Let's hope we can avoid the same fate.

[bustin98]

Just as a note, I performed my latest bit of surgery on the forums, changing the visual verification field to having a name randomly generated. Just FYI. Should make updates to the forum software fun though...

[Maxim]

Just switch to recaptcha - no other captcha system comes close in terms of unbreakability.

[bustin98]

I did switch to it, that's when it broke. And I didn't feel like tearing it apart to figure out what was wrong.

We actually got hammered after I restored the forums and forgot to do the modifications. Oops.

[mohi11]

TNX FOR YOUR USEFUL POSTS