Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Lenny's Signature ( I object to)

  • 09-06-2003 4:46pm
    #1
    Registered Users, Registered Users 2 Posts: 9,604 ✭✭✭


    Following on from this post http://www.boards.ie/vbulletin/showthread.php?s=&threadid=99864

    i aslo object to lenny signature. I dont want to be told my ip address or what os i am using etc.

    For all i know he could logging this and using as an exploit etc.

    How can you justifiy this when the IP address you use to post is only available to admins.
    Post edited by Shield on


Comments

  • Closed Accounts Posts: 1,141 ✭✭✭fisty


    lol?

    Devore already explained this.
    nobody else is going to see your stuff....
    blah blah....

    Now shut up and go away.


  • Closed Accounts Posts: 17,163 ✭✭✭✭Boston


    Sorry but don't be a muppet, what makes you think your ip address is only available to admins? I didn't ever see Devore or regi or anyone else promise you that level of security. Back in the good old days of UBB i had a handy way of access the ip address of every member or boards. then again it might have been another forum using ubb. I used a bug in the private messagener software or ubb to get the admins password and then promptly all hell broke loose, and i wasn't even tiring. Vbulletin is better at security and the admins keep it updated regularly but still there are ways and menas.

    Besides what makes you think he knows its you accessing the site?


  • Registered Users, Registered Users 2 Posts: 1,880 ✭✭✭nosmo


    A couple of things: AFAIK, Lenny did not write that, and therefore couldn't be logging it. (if you DID write it, apologies) You have an ICQ addy listed in your profile.. That is a much easier way to get your IP. And do you think Lenny would just sit at his PC scrolling through the THOUSANDS of IPs that might be logged by the sig if it DID log, looking for your IP?


  • Closed Accounts Posts: 49 trunks


    i thik its a gif that uses windows scripting host
    the only one that see it is you


    maybe


  • Registered Users, Registered Users 2 Posts: 11,446 ✭✭✭✭amp


    And besides, how else are we going to download all your goat pr0n irishgeo?


  • Advertisement
  • Closed Accounts Posts: 9,314 ✭✭✭Talliesin


    Originally posted by irishgeo
    For all i know he could logging this and using as an exploit etc.
    For all you know he can walk on water.


  • Closed Accounts Posts: 2,486 ✭✭✭Redshift


    This is nothing at all you can get ones that will show you the whole directory of your hard disk but it's the same thing again only you see it and it's not possible for anyone to get any info on you using a simple trick like this.

    You're safe enough M8:)

    Red


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    So let me see... you KNOW you're computer sends this info out willy nilly and you arent objecting to that (theres nothing any of the admins can do about that except rewrite the TCP/IP protocols).

    But you are objecting to being shown it??

    That info is sent with every http request a page causes... if broadcasting that info is a problem I would recommend never going to a page where you arent sure where ever picture and element of that page is being served from.... :)

    Fisty, I've never been accused of not being able to talk for myself and I'd prefer if you would cut out the abusive replys as thats the second or third I've seen from you today... kthxbye :)

    DeV.


  • Closed Accounts Posts: 17,163 ✭✭✭✭Boston


    Originally posted by DeVore
    Fisty, I've never been accused of not being able to talk for myself and I'd prefer if you would cut out the abusive replys as thats the second or third I've seen from you today... kthxbye :)

    DeV.

    All that misguided miss directed anger, your really need to express yourself more Devore. ww)


  • Registered Users, Registered Users 2 Posts: 3,177 ✭✭✭oneweb


    From what I can make of it, Lenny's sig is a gif image which is dynamically generated on the server side using PHP or JSP. The server basically grabs all the info that your browser sends in its HTTP request and spits it all back out in a li'l gif.

    As previously mentioned, any and all requests for html pages, images, video etc made by your browser will send info about your IP and config (blame your browser's User Agent string for that bit) to the hosting server.

    You could, if you felt it necessary, turn off signature showing from your user control panel.

    It is what it's.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 78,580 ✭✭✭✭Victor


    Originally posted by oneweb
    You could, if you felt it necessary, turn off signature showing from your user control panel.
    You could turn off the internet ;)


  • Closed Accounts Posts: 1,141 ✭✭✭fisty


    Originally posted by DeVore


    Fisty, I've never been accused of not being able to talk for myself and I'd prefer if you would cut out the abusive replys as thats the second or third I've seen from you today... kthxbye :)

    DeV.

    I was pointing out this was covered already, there was no need to start a seperate post.

    I can but only hope someday I shall be as eloquent as you m'lord.


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    "off topic"

    Behave yourself.


  • Closed Accounts Posts: 49 trunks


    I been doing some googling in the Lennys Sig

    firstly the file vipersig.png

    is the sig its some routene in the file it self that retives the Info from your computer

    I haven found anyting else "a little help"


    :(


  • Closed Accounts Posts: 49 trunks


    sorry the file


  • Registered Users, Registered Users 2 Posts: 2,281 ✭✭✭DeadBankClerk


    the image probably uses some php image library like gd to get the http header that you send to the webserver and write it onto an image.

    OHE NOE MY GIBSON SI TEH HACKED


  • Registered Users, Registered Users 2 Posts: 2,281 ✭✭✭DeadBankClerk


    And thats your ip and os in that attachment tbh.


  • Registered Users, Registered Users 2 Posts: 9,604 ✭✭✭irishgeo


    Ok i am objecting to being shown it yes. I have seem the one which lists your hard drive. i know that the internet is a secure as my wallet.

    AMP i like to disassociate myself form what you said about me.(Damn i need a better firewall):D

    Ok i guess i can live to accept it and find it assuming.


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    Ok, but you are objecting to it being shown TO YOU?

    I mean, its like a mirror whoever looks at the thread sees their own ip reflected at them.

    Um I am really having difficulty understanding why you would obect to someone showing you an image with your ip in it... seriously I cant think why that would bother anyone...
    Originally posted by Fisty:
    I was pointing out this was covered already, there was no need to start a seperate post.

    I can but only hope someday I shall be as eloquent as you m'lord.

    I know and you were right ... if a touch unnecessarily uncivil, thats all. :)

    DeV.


  • Closed Accounts Posts: 49 trunks


    And thats your ip and os in that attachment tbh.

    what IP address is it showing *.*.222.4 yea


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Originally posted by trunks
    what IP address is it showing *.*.222.4 yea

    Yeah, but that's because the attachment is the hard-coded image, and not the source code which generated it.

    Just like a normal php page, you can only retrieve the page it generates, and not the source code.

    Anyone could be much more surruptitious.

    I, for example, could replace the innocent little picture in my sig, with a script which generates an identical picture, but while doing it, rapes your browser for all the info it can get, as well as attempting to pull cookies from your browser, to retreive a list of usernames and md5-encrypted passwords to link to that IP, while also instructing a second thread to perform a quick port scan on your machine.

    :)

    Anyone who thinks they're anonymous when connected to any network is kidding themselves.


  • Closed Accounts Posts: 49 trunks


    cool
    this is the orginial
    http://www.danasoft.com/vipersig.jpg


  • Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    remind me never to annoy you Seamus


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    While Seamus is undoubtedly "leet" ... access to cookies is restricted to cookies that belong to the ip/domain that is doing the accessing.

    so while www.boards.ie can access your login cookie www.badseamus.com cant.

    He'd have to get his script onto our server in the first place in which case snarfing peoples cookies is really not the biggest problem we have!

    I'm not saying you cant act the muppet with headers etc but that its not as straight forward as all that.

    The general gist of Seamus's post is bang on though.

    DeV.

    ps: (in all of this I bow to the superior knowledge of web security or lack there of of ecksor and regi and others. Seamus would be one of the others, this post is to clarify rather then correct :) )


  • Closed Accounts Posts: 2,196 ✭✭✭Littletinyman


    What if some smartey haxor was standing behind you, looking over your shoulder at Oj's sig, taking in all the IP/OS/ISP information? WHAT THEN? Down with this sort of thing


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Originally posted by DeVore
    ps: (in all of this I bow to the superior knowledge of web security or lack there of of ecksor and regi and others. Seamus would be one of the others)

    Heh, yah right :)

    I actually couldn't do most of what I said, but I know it could be done, and a few quick web crawls and an hour or two later, I might be able to hack out something like it. But I also bow to the superior knowledge of regi and ecksor. :)

    I'm pretty sure there's some way of fooling a browser into giving you it's cookies, but that'd be a discussion for another time. ;)
    Encrypted passwords would be fairly useless anyway :), I was just trying to give an idea of what is possible, so people would leave Lenny alone, and consider the tameness of his sig :)

    (Smilie overload alert)


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    I'm pretty sure there's some way of fooling a browser into giving you it's cookies, but that'd be a discussion for another time.

    If you could demonstrate that you would be on the 9 O'Clock news.

    This *has* been done before (when browser were even more insecure then now) but afaik there are no known exploits for this or Hotmail and many other sites would be unviable.

    DeV.


  • Moderators, Music Moderators, Recreation & Hobbies Moderators Posts: 9,389 Mod ✭✭✭✭Lenny


    Thanks seamus
    I knew it would only be a matter of days before a topic like this would arrive, sure I've gotten a few pms about it already. haha
    Its only a sig and is harmless, the only thing I see is my own ip, os etc. so TAKE IT :)


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Originally posted by DeVore
    If you could demonstrate that you would be on the 9 O'Clock news.

    Hmmm....

    /me goes off to decompile IE, while simultaneously trying to avoid arrest

    :p

    I am neither "leet", nor anything approaching "someone in the know". I know nothing.

    I find out today I fail a networks exam (all theory though tbh), and then a guy in work tries to argue with me that Linux is less secure than Windows NT because it's a "mish-mash of different programs" and he's done a server admin course on Linux. Then he admits that he knows nothing about Windows administration.

    The funny thing about computers is that no matter how much you *think* you know about something, either you don't know that much, or there's always someone who knows *way* more than you do. This is one of the first lessons I learned when I signed up for boards.ie :)

    I think I'll stop rambling now and go and start studying again :/

    (Save it for your blog seamus)


  • Advertisement
  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Originally posted by seamus
    But I also bow to the superior knowledge of regi and ecksor. :)

    FWIW, I have raised this issue with the other admins before, and I do recognise that it is a valid grievance. If I had my way you lot wouldn't be able to embed images from servers that weren't under our direct control.

    puppyshotgun320.gif

    (and people who had 100 word signatures trying to show how clever they are who make posts like 'lol' and 'haha pwned' would get banned for a week per offence).


  • Closed Accounts Posts: 5,500 ✭✭✭Mercury_Tilt


    This post has been deleted.


  • Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    Originally posted by ecksor
    FWIW, I have raised this issue with the other admins before, and I do recognise that it is a valid grievance. If I had my way you lot wouldn't be able to embed images from servers that weren't under our direct control.

    puppyshotgun320.gif

    (and people who had 100 word signatures trying to show how clever they are who make posts like 'lol' and 'haha pwned' would get banned for a week per offence).


    See! And you lot call *ME* evil.... better the DeVvie you know then the DeVvie you dont... :)


    DeV.


  • Subscribers Posts: 9,716 ✭✭✭CuLT


    Oh everyone "calls" you evil Dev, we know who's wearing the pants on boards tho 0_o .


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    *shrug*

    I was outnumbered 4 to 1.


  • Registered Users, Registered Users 2 Posts: 1,722 ✭✭✭Thorbar


    Oh everyone "calls" you evil Dev, we know who's wearing the pants on boards tho 0_o .

    Well it isn't amp anyway. ww)


  • Advertisement
  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    I'm with ecksor on this one. It took users on my forums over a year to get avatars, and when I gave them avatars I took the bbcode in their signatures away. Give with one hand, take away with the other. You guys can't be trusted. :)

    adam


  • Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    I'm not suggesting that users not have avatars or the ability to embed images, I just don't want a web bug facility.

    http://www.privacyfoundation.org/resources/webbug.asp


  • Subscribers Posts: 4,419 ✭✭✭PhilipMarlowe


    Using mozilla firebird... right click and hit 'block images from this server'
    Then at least you won't be able to see it...


  • Registered Users, Registered Users 2 Posts: 11,446 ✭✭✭✭amp


    Originally posted by Thorbar
    Well it isn't amp anyway. ww)

    lol. It's funny cos it's true.


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Originally posted by ecksor
    I'm not suggesting that users not have avatars or the ability to embed images, I just don't want a web bug facility.
    Meant to say img code. Took the bbcode at the same time. Don't have time to go chasing sig abuse.

    adam


  • Advertisement
Advertisement