Problem with images in the sigs

Message

pilla · Post by **pilla** » Fri Dec 26, 2003 2:46 pm

The sigs that have images are presenting strange numbers after the "img" tags, like this:

[img:cbeaad30c4]http://antipersonnel.org/media/images/sigpic/free.gif[/img:cbeaad30c4]

Mine is presenting too, but I don't know why.

krusty_ar · Post by **krusty_ar** » Fri Dec 26, 2003 3:48 pm

I seems some kind of style or something, maybe phpbbuses this to adjust the presentation of the img, and there's some bug...

klieber · Post by **klieber** » Fri Dec 26, 2003 3:50 pm

we have temporarily disabled the use of [img] on our board. More details will be released at a later time.

--kurt

pilla · Post by **pilla** » Fri Dec 26, 2003 3:58 pm

klieber wrote:we have temporarily disabled the use of [img] on our board. More details will be released at a later time.

--kurt

Roger

Squinky86 · Post by **Squinky86** » Fri Dec 26, 2003 6:52 pm

Does this have anything to do with hotlinking image avatars? I just noticed that seems to also have been disabled :'(.

adammc · Post by **adammc** » Fri Dec 26, 2003 7:07 pm

I didn't realise you could do that without modding the vanilla phpBB code

airflow · Post by **airflow** » Fri Dec 26, 2003 8:07 pm

Squinky86 wrote:Does this have anything to do with hotlinking image avatars? I just noticed that seems to also have been disabled :'(.

I noticed this too when I visited the forum today... My image had disappeared and it took me a while to find out the real reason, as I suspected it to be the webserver first. I just wanted to start a new thread because of this, but I see that someone else has already mentioned it... Any comments from the Admins yet?

regards,
airflow

klieber · Post by **klieber** » Fri Dec 26, 2003 10:22 pm

airflow wrote:Any comments from the Admins yet?

klieber is pretty sure that, just a few hours earlier, he wrote:we have temporarily disabled the use of [img] on our board. More details will be released at a later time.

--kurt

Squinky86 · Post by **Squinky86** » Fri Dec 26, 2003 11:52 pm

hehe, he meant for the hotlinking of avatars, not for the IMG tags, which I thought may be inter-related, so I added them to this thread instead of making a new one. Sorry for not making a seperate thread

Edit: Unless my slow mind didn't pick up that the hotlinking of avatars was only disabled temporarily, also?

airflow wrote:I suspected it to be the webserver first.

Same here. I think we just need to wait and they'll give us details later.

viperlin · Post by **viperlin** » Sun Dec 28, 2003 11:33 pm

well i've started getting complaints about it in my sig so i think we would like those details ASAP

klieber · Post by **klieber** » Mon Dec 29, 2003 1:06 pm

viperlin wrote:well i've started getting complaints about it in my sig so i think we would like those details ASAP

Chances are, we will not be releasing details in the near future (next 2 weeks or so). I suggest you change your sig for now.

--kurt

Oopsz · Post by **Oopsz** » Tue Dec 30, 2003 3:37 am

aridhol · Post by **aridhol** » Tue Dec 30, 2003 3:13 pm

Some non-details then?

They have been disbled because of abuse?
Instabillity?
Rudeness, BandWidth, Estetic feeling, powertrip, flamewars, principle?

But to limit something like this (not really important) and not give any info seems kind of... uh.. silly to me. If there was any discussion that led to disabling them just post a link.

I can accept pretty much any explanation... except no explanation. 2 weeks to explain? Too long unless you give us a statement at least.

And how long is temporarily? As long as For the time being? Or half of eternity?

Oh... I'm nagging. Sorry, I'll leave for now

airflow · Post by **airflow** » Tue Dec 30, 2003 4:56 pm

aridhol wrote:But to limit something like this (not really important) and not give any info seems kind of... uh.. silly to me. If there was any discussion that led to disabling them just post a link.

I call this behaviour "childish". But "silly" fits well, too.

regards,
airflow

pilla · Post by **pilla** » Tue Dec 30, 2003 5:04 pm

If it is a security vulnerability, it makes sense not to release any further information until the bugfixes are available. But it is up to the sysadmins to do whatever they think it's the best in this situation. From what I know of them, they wouldn't keep it undisclosed unless there was a very good reason for it.

BTW, all I know about the issue I have learned from this thread.

Maybe we should just ban images from the sigs, then we wouldn't have people complaining about the lack of information on the issue.

Squinky86 · Post by **Squinky86** » Tue Dec 30, 2003 5:09 pm

pilla wrote:Maybe we should just ban images from the sigs, then we wouldn't have people complaining about the lack of information on the issue.

I was trying to stay out of this since I felt like things could get a little rude in here, but I was just trying to point out that the avatar hotlinking was offline, too. I really didn't mean to start anything.

Gentoo has some of the best admins in the world. I trust them to do the right thing. They'll tell us what we want to know when it's time for us to know it. Just be patient, guys (and maybe a girl or two, if we're lucky)!

Pilla: There are plenty of members of the Gentoo community willing to help should you ask, but if you or any of the other admins don't want any information public, that's understandable, too.

pilla · Post by **pilla** » Tue Dec 30, 2003 5:47 pm

I am just a moderator -- I can move, erase, edit threads, but only using the phpBB moderator interface. I have no access to the inner workings of the system. This is exclusivity of our sysadmins, like rac, pjp, klieber and masseya.

And as I stated before, I don't know why the images were disabled in the sig.

astika · Post by **astika** » Wed Dec 31, 2003 3:56 am

most often, it is a bandwidth issue, or off-linking images from other sites, and
those sites might complain.

just have a text sig, works for me

stonent · Post by **stonent** » Wed Dec 31, 2003 6:43 am

You should have seen the Dell forums in the glory days. People had large java applets in their sigs. If you entered a large thread on an old computer, you'd lock up. Finally dell killed about 99% of the allowed html tags. Some were fun, like iframe, embed, or if you wanted to really screw up a thread, throw a bunch of /td's and /tr's

When I ran a phpBB2 forum, I removed all html restrictions so that the disappointed Dell forum users could still use their java applets and other fun stuff.

Occasionally I had to warn users for forgetting to close their tags and causing the posts to move all over the place.

Cerement · Post by **Cerement** » Wed Dec 31, 2003 9:52 am

another fun one was </script>

aridhol · Post by **aridhol** » Wed Dec 31, 2003 11:09 am

pilla wrote:If it is a security vulnerability, it makes sense not to release any further information until the bugfixes are available.

They don't have to release information about how it was done, just that it was a security vulnerability.

And it's not just in sigs, it's anywere the [img]-tag can be used.

meowsqueak · Post by **meowsqueak** » Thu Jan 15, 2004 12:18 am

Could it be related to this, or is this a tad too old? What version of phpBB is forums.gentoo.org using?

http://www.securityfocus.com/bid/4379/info/

Edit: I think I just discovered it was 2.0.4 as of last January, so I guess it's definitely phpBB2 then? A related problem perhaps?

viperlin · Post by **viperlin** » Thu Jan 15, 2004 12:21 am

meowsqueak wrote:Could it be related to this, or is this a tad too old? What version of phpBB is forums.gentoo.org using?

http://www.securityfocus.com/bid/4379/info/

Edit: I think I just discovered it was 2.0.4 as of last January, so I guess it's definitely phpBB2 then? A related problem perhaps?

it says at the bottom of the page, version 2.0.6, so yes thats a little over a "tad" old

meowsqueak · Post by **meowsqueak** » Thu Jan 15, 2004 12:26 am

Yes, but the problem could be similar. Maybe a way of embedding malicious code in an image has been found, that can work its way around the prevention schemes in phpBB2? I'm just speculating really.

Anior · Post by **Anior** » Tue Jan 20, 2004 12:04 am

Am I the only one here who 's actually /happy/ that they are disabled?
Large bloated sigs all come from satan and are the harbringers of Gehenna *sage nod*

Atleast they make you look like you're just in from the counterstrike forums... :-P