Page 1 of 1
Avatars
Posted: Fri Jun 12, 2009 6:27 pm
by Alex
Hi
I'm having problems uploading an avatar.
Is there a type of file it has to be? Trying .jpg
Image is 100X72 pix
Tried doing it straight to this site and tried using host URL.
Just get the wee box with
X
The image is;
I must be missing something silly no doubt...
A
Re: Avatars
Posted: Fri Jun 12, 2009 7:28 pm
by Screet
Alex wrote:I must be missing something silly no doubt...
AFAIK there was a problem with the BBS that hackers would use the avatar function to store illegal and undesired material, thus it had to be turned off.
Screet
Posted: Sat Jun 13, 2009 9:44 pm
by Alex
Thanks Screet at least I know I.m only a wee bit silly then.
But what does AFa... as I typed it I got it.
How can someone store stuff in an avatar?
On second thought Na I don't wont to know that.
A
Re: Avatars
Posted: Sat Jun 13, 2009 10:03 pm
by Nemoricus
Screet wrote:AFAIK there was a problem with the BBS that hackers would use the avatar function to store illegal and undesired material, thus it had to be turned off.
Screet
Then how did those people with avatars get them?
Posted: Sat Jun 13, 2009 10:35 pm
by DaddyHoggy
We got'em before Ahruman had to lock that bit of the BB down.
AFAIK = As Far As I Know
Posted: Sun Jun 14, 2009 12:49 am
by Diziet Sma
Wouldn't a sanity-check for file size and type be enough to prevent that kind of abuse? Seems to me that ought to be a standard feature of any BB software. Heck, any code I ever wrote always checked user input for validity before accepting it... and that was 20 years ago...
Posted: Sun Jun 14, 2009 12:53 am
by JensAyton
Diziet Sma wrote:Wouldn't a sanity-check for file size and type be enough to prevent that kind of abuse? Seems to me that ought to be a standard feature of any BB software. Heck, any code I ever wrote always checked user input for validity before accepting it... and that was 20 years ago...
If security and sanity were a goal, it wouldn’t be written in PHP… but I, for one, have no interest in taking on BB software as yet another side project. :-)
(Actually, come to think of it, the phpBB people blamed the problem on some other piece of software, which may or may not also be running on Giles’s server; I asked, but didn’t get a reply. File size isn’t relevant, since the problem was a small set of scripts.)
Posted: Sun Jun 14, 2009 11:17 pm
by Yodeebe
how about setting a time when everyone can change they're avatars, then locking them again?
Posted: Mon Jun 15, 2009 12:48 am
by Nemoricus
Yodeebe wrote:how about setting a time when everyone can change they're avatars, then locking them again?
This would be nice.
Posted: Sat Jun 20, 2009 4:12 am
by Diziet Sma
What about enabling THIS option in the phpBB settings?
Another forum I hang out on which also uses phpBB allows you to link to an avatar stored offsite.. it seems to me this would solve the problem in a way that's of no use to hackers.
Posted: Sun Jun 21, 2009 12:31 am
by Cmd. Cheyd
Actually it is...
I'm a malicious hacker. I create a JPG or other image that has known exploits, and include the exploit. I host it via Flickr, Photobucket, or Bill & Ted's Excellent Photo Hosting Service. I set this as my Avatar. And I start posting all over the forums....
Posted: Sun Jun 21, 2009 12:34 am
by Nemoricus
Unfortunately, that makes a lot of sense.
Also, I discovered that this forum has a set of avatars already uploaded. That's where my current, very nice one comes from. Is it possible that we could submit avatars of a similar style to the admins for approval and have them added to the list?
Posted: Sun Jun 21, 2009 3:23 am
by Diziet Sma
Nemoricus wrote:Unfortunately, that makes a lot of sense.
Yes, sadly, I have to agree..
Nemoricus wrote:Also, I discovered that this forum has a set of avatars already uploaded. That's where my current, very nice one comes from. Is it possible that we could submit avatars of a similar style to the admins for approval and have them added to the list?
This would work for me...
Posted: Mon Jul 27, 2009 4:09 pm
by saint
Alex wrote:
How can someone store stuff in an avatar?
<tech>
When a programmer fails to write the required checks :>, a bunch of malicious data can be used to overvride (almost)wildly a memory area succeeding in getting some evil code executed, it's a bit of wizardry that
requires to know low level computer programming.
BTW, Apple iPhones an iPod Touch where jailbroken this way...
</tech>
Sniff, I miss Eastern Gianozia People Republic Ltd. crest ); ...