Author Topic: 2010-05-01: Registration fixed  (Read 15604 times)

0 Members and 1 Guest are viewing this topic.

Offline JonLeung

  • Administrator
  • *****
  • Posts: 3294
2010-05-01: Registration fixed
« on: April 30, 2010, 11:10:39 PM »
bustin98 says he's fixed the CAPTCHA issues with the registration process.  And it should also give you a new combination of letters if you're having troubles with a particular one.  Thanks, bustin!

Hopefully now we'll see some new members again.

Offline marioman

  • Hero Member
  • *****
  • Posts: 649
Re: 2010-05-01: Registration fixed
« Reply #1 on: May 01, 2010, 06:51:34 AM »
Hopefully now we'll see some new members again.
Like olsonraymond?   ::)

I am not sure what is going on, but that post seems to also be messing up the RSS feed.  Sometimes I can read it, but sometimes I get a parse error.

EDIT:  I am also seeing references to kdjkfjskdfjlskdjf.com all over the forum.  The Web of Trust scorecard for this site says that it downloads malicious content/browser exploits.  Thought you would like to know.

EDIT2: *Does some testing*  Yep, kdjkfjskdfjlskdjf.com is installing trojan horses.  Watch yourselves.

EDIT3: The script is in the RSS feed (and possibly the quick edit feature) so that's why it isn't working right.
« Last Edit: May 01, 2010, 07:30:26 AM by marioman »

Offline Peardian

  • Hero Member
  • *****
  • Posts: 627
  • Busy busy
Re: 2010-05-01: Registration fixed
« Reply #2 on: May 01, 2010, 04:21:17 PM »
olsonraymond? That name showed up on Nintendo Papercraft's forum to post spam about money/surveys, and that place uses a captcha as well.


And yes, I got redirected to a trojan-infected site when I went here just a few moments ago.
MM (10%) - SMA3 (33%) - DNS (0%)

Come check out the Nintendo 64 Mapping Workshop!

Offline Revned

  • Hero Member
  • *****
  • Posts: 1092
Re: 2010-05-01: Registration fixed
« Reply #3 on: May 01, 2010, 05:37:43 PM »
The captcha this forum uses for registration is weak. Keep an eye out for more spambots.

Offline Peardian

  • Hero Member
  • *****
  • Posts: 627
  • Busy busy
Re: 2010-05-01: Registration fixed
« Reply #4 on: May 01, 2010, 06:01:05 PM »
Surprise surprise, the exact same redirect-to-trojan thing happened when I subsequently visited the Nintendo Papercraft forum. It runs on the same software as this one, so I'm wondering if that's related.
MM (10%) - SMA3 (33%) - DNS (0%)

Come check out the Nintendo 64 Mapping Workshop!

Offline bustin98

  • Administrator
  • *****
  • Posts: 331
Re: 2010-05-01: Registration fixed
« Reply #5 on: May 02, 2010, 09:20:32 AM »
Alright, first: olsonraymond is gone, and his posts are gone. Which means the redirects should be gone too. I've searched the source code and DB to make sure the redirect wasn't there by some other means and came up empty. The question I have is does this forum software allow for javascript or something else to be embeded. I'm not up on intrusion methods like I should be so if anyone has some suggestions feel free to pass them on.

Second: reCaptcha wasn't working, and the internal captcha system is weak too, but the number of new signups is decreased compared to before I started mucking with the captcha to begin with. We've had 3 new members and I'm not convinced that they are bots. (1 so far seems legitimate.) If they were, I think I'd be seeing the consequences already. IF something does happen I still have a trick up my sleeve.

If anyone finds a post that is malicious send me a PM and I will take a look right away and nail down whatever it is that's allowing the code to exist.

Offline Peardian

  • Hero Member
  • *****
  • Posts: 627
  • Busy busy
Re: 2010-05-01: Registration fixed
« Reply #6 on: May 02, 2010, 12:57:41 PM »
I'm not sure if olsonraymond was responsible for the redirect, as it occurred on the main forum index both times, but it hasn't happened again so let's hope.

Just a bit of an update, the forum I was referring to has been temporarily taken offline due to that virus infection. Let's hope we can avoid the same fate.
MM (10%) - SMA3 (33%) - DNS (0%)

Come check out the Nintendo 64 Mapping Workshop!

Offline bustin98

  • Administrator
  • *****
  • Posts: 331
Re: 2010-05-01: Registration fixed
« Reply #7 on: May 04, 2010, 01:31:12 PM »
Just as a note, I performed my latest bit of surgery on the forums, changing the visual verification field to having a name randomly generated. Just FYI. Should make updates to the forum software fun though...

Offline Maxim

  • Hero Member
  • *****
  • Posts: 974
Re: 2010-05-01: Registration fixed
« Reply #8 on: May 05, 2010, 02:40:38 AM »
Just switch to recaptcha - no other captcha system comes close in terms of unbreakability.

Offline bustin98

  • Administrator
  • *****
  • Posts: 331
Re: 2010-05-01: Registration fixed
« Reply #9 on: May 05, 2010, 07:45:17 AM »
I did switch to it, that's when it broke. And I didn't feel like tearing it apart to figure out what was wrong.

We actually got hammered after I restored the forums and forgot to do the modifications. Oops.

Offline mohi11

  • Newbie
  • *
  • Posts: 1
Re: 2010-05-01: Registration fixed
« Reply #10 on: October 11, 2017, 10:56:50 PM »
TNX FOR YOUR USEFUL POSTS