toddlajoie
Member
Before Todd stops trying and pays someone else to make his poll for him?
How many licks does it take....
- Thread starter toddlajoie
- Start date
Signed-In Members Don't See This Ad
Signed-In Members Don't See This Ad
toddlajoie
Member
Could it really have been that simple? We can't use the "#" in our poll responses?
Or are ya'll just messin' with me...
ed4copies
Local Chapter Manager
Todd, please understand I don't understand ANY of this----I can tell you what has worked for MEE. I am old and cantankerous!! I will continue to try things until one works-----OR I will ask Jeff and he is kind enough to tolerate answering me!!
"Special symbols" are a no-no!!
"Special symbols" are a no-no!!
Last edited:
After the great malware infestation of 2012, I hired a security specialist to analyze our vulnerabilities and make us safe. One of this things he did was to put a piece of software in front of our web server that rejects all sorts of special character strings that hackers use to attempt "SQL Injection Attacks".
That's a technique where the hacker puts a certain string of characters into text boxes, hoping that the database will respond to them as if they were valid commands, and yield control of the database and web site to the bad guy. Then they load malware, which they hope will spread to users.
So we have extremely sensitive filtering, and depending on where the special characters are in a post or poll, and what else is in the surrounding text boxes, the filter will trip and you see the "forbidden" page. That's all that shows to not give the hacker any clues as to what he did.
The filter has stopped millions of attempts (automated robots work on sites at the direction of hackers) to hack us, some of which could have been very successful and very disastrous. We use other pieces of software as well. We run a filter that blocks known spammer registrations and for fun I just checked the log and in the last 12 months it has blocked 398,000 bogus registration attempts, most from automated spambots.
Once I know about a certain issue, I ask Tyler to look at the text, and write an exception to the rule since we know that's something legitimate. Sometimes, loosening a rule will make us vulnerable, so we don't, and I try to handle the occurrences with the same advice Ed gave; Loose the special characters, especially in post titles.
Ain't that fascinating :tongue:
Tyler is looking at this specific issue now.
That's a technique where the hacker puts a certain string of characters into text boxes, hoping that the database will respond to them as if they were valid commands, and yield control of the database and web site to the bad guy. Then they load malware, which they hope will spread to users.
So we have extremely sensitive filtering, and depending on where the special characters are in a post or poll, and what else is in the surrounding text boxes, the filter will trip and you see the "forbidden" page. That's all that shows to not give the hacker any clues as to what he did.
The filter has stopped millions of attempts (automated robots work on sites at the direction of hackers) to hack us, some of which could have been very successful and very disastrous. We use other pieces of software as well. We run a filter that blocks known spammer registrations and for fun I just checked the log and in the last 12 months it has blocked 398,000 bogus registration attempts, most from automated spambots.
Once I know about a certain issue, I ask Tyler to look at the text, and write an exception to the rule since we know that's something legitimate. Sometimes, loosening a rule will make us vulnerable, so we don't, and I try to handle the occurrences with the same advice Ed gave; Loose the special characters, especially in post titles.
Ain't that fascinating :tongue:
Tyler is looking at this specific issue now.
ed4copies
Local Chapter Manager
It was actually all a sinister plot to intimidate my means of communication!!!!! He figured without the exclamation point, I would no longer be able to type!!!!!!!
As you can see, it did slow me down significantly!!!!!!!!!!!!
As you can see, it did slow me down significantly!!!!!!!!!!!!
mbroberg
IAP Activities Manager, Emeritus
Must we be in fear of losing our CAPS as well? :tongue:
toddlajoie
Member
Thanks for the explanation Jeff. I certainly wouldn't spend any time trying to make an exemption, I can live without special symbols, and it is in no way worth opening up a vulnerability. This was the first I had heard of this issue, so your explanation never would have crossed my mind. The reasoning is very sound, and I understand completely, and now I'll be aware of this if something similar happens in the future...
Now to figure out how to post images in the polls... Anyone have any helpful hints, links to tutorials, longwinded explanations (my specialty) or just plain bad advice?
Is it just putting the photo's URL in image tags?
Now to figure out how to post images in the polls... Anyone have any helpful hints, links to tutorials, longwinded explanations (my specialty) or just plain bad advice?
Is it just putting the photo's URL in image tags?