Admins, hurry up and fix this! The "External image - Proceed with caution!!" Makes every single image sound like it's some evil russian scam image. at LEAST change it to something like "Click to view image" or something that makes it sound less threatening.
Admins, hurry up and fix this! The "External image - Proceed with caution!!" Makes every single image sound like it's some evil russian scam image. at LEAST change it to something like "Click to view image" or something that makes it sound less threatening.
This ^
Still looking for a real white list thread...or a place besides F'd up Bucket to host images that you guys will allow...
Rollback Post to RevisionRollBack
"This may hurt a little, but it's something you'll get used to...."
This is exactly why BBCode was disabled in the first place. It wasn't malicious LINKS, when did that come in this discussion? It's about malicious IMAGES, as citric already said. These IMAGES create pop-ups that ask for your password.
links came into it when I brought up the fact that the whitelist is just going to be a temporary fix and be a major headache for everyone on the forums. they scammers will just implement other methods for the scam. I was saying that this proactive approach may not be the best idea as blacklisting malicious sites as they are found and banning ip's of offenders by policing the forums would be a better approach than crippling the forums and making the community miserable until you fix an issue barely anyone knew about/was affected by. it's causing a lot of the community to get pissed that they cant properly display their mods,tex packs etc. or even use their banners and they have no real say in what site is going on the whitelist or what is going to be excluded because whoever in charge personally doesnt like it. I know the whole "if that many people were pissed etc they would be flaming this thread"... but the majority of people stick to 2 of the forums and dont even know about this.
It's not an IE exploit, it affects all browsers. You didn't see it because we reacted relatively fast and cleaned the majority of it up.
Well, how are you going to fix the problem? I really, REALLY. hope that you don't keep the whitelist. Like everyone says, make a blacklist! I absolutely hate the popular image hosting sites due to adds, wait times, captchas, slow uploads and whatnot. That's why I use majhost.com; it gives me a very very large folder that I can upload as many pics as I need, with near instantaneous upload time and absolutely no adds. It's not very well known, so I suppose you aren't going to add it to the whitelist. Please, for the sake of the forums, switch to a blacklist!!
I don't think you understand or have read my posts, a blacklist does not work. Domains can be changed cheaply and instantly, in the time it takes me to type this post I could have another 20 domains ready to use, it's impossible to maintain a blacklist when we're a target of more than just one persons antics.
I've talked to the developer who sorted this and we're changing the phrasing (from "External Image - Proceed with caution!" to "Click to view image") and I'm also having some more larger sites added to the list, but I'm sorry there is no way we can safely add smaller and personal sites to the list.
We are moving to new software soon and when that happens we will hopefully not need any of this, but for now while we remain with phpbb the whitelist is what we have. If someone has a large number of images in a post they can contact me and I will fix it for them.
I digress...and apologize.. just frustrating as all hell seeing all the broken banners and download links with images broken and appearing untrustworthy like my own while other peoples work just fine. selfish or no I would like to see 4shared.com added to the whitelist as it is a major hostng site a lot of people use and I already pay for for hosting there for file backups and what little I do share.
Why don't we get an option to whitelist a site ourselves once we view an image from that site? Like a little option that says "always show" or something.
If 10+ (maybe 15) people with registered accounts click on the image, says "IMAGE IS SAFE", then the image appears to everyone.
This seems like a very complicated thing that basically requires folks getting hit with whatever malicious script comes with the image.
It seems to me it should just block the script.
*person clicks on image*
"CAN I HAS UR PASWORD PLZ?"
*Not Safe*
It's not any more dangerous then clicking on the images that SAY "External Image - Proceed With Caution". A lot of people have to say that the image is safe in order for it to appear to everyone - And if more people say it's not safe, then it's hidden again, and unable to be marked safe for 42 hours.
I'm going to take a wild guess that every 1 in 1,000,000 images on this forum are malicious ones. I've come across the password-asking box twice total, and clicked cancel both times. I didn't even know it was a scam the first time, I just didn't feel like re-entering my password and username. I can't wait until this is solved, not being able to use majhost is becoming irritating to me.
What would someone do with minecraft forum accounts, really? Just to troll as someone else? Just to cause strife in someone else's life? Just to say they have derp amount of posts on an account they stole/bought? Seriously...
What would someone do with minecraft forum accounts, really? Just to troll as someone else? Just to cause strife in someone else's life? Just to say they have derp amount of posts on an account they stole/bought? Seriously...
A large portion of users have accounts here that share usernames and passwords with minecraft.net, some users even share the same password and username with their Steam accounts. Stealing a forum account can provide the person stealing it with access to both Steam and Minecraft.net accounts, both of which are valuable.
What would someone do with minecraft forum accounts, really? Just to troll as someone else? Just to cause strife in someone else's life? Just to say they have derp amount of posts on an account they stole/bought? Seriously...
A large portion of users have accounts here that share usernames and passwords with minecraft.net, some users even share the same password and username with their Steam accounts. Stealing a forum account can provide the person stealing it with access to both Steam and Minecraft.net accounts, both of which are valuable.
Exactly - My steam account has over 100$ worth of games. They could easily play them all without having to spend a dime, or sell the account for quick money.
Minecraft.net accounts...not so much. Maybe 15$ apiece, but that's not as valuable as Steam.
-
View User Profile
-
View Posts
-
Send Message
Admin-
View User Profile
-
View Posts
-
Send Message
Retired StaffThis ^
Still looking for a real white list thread...or a place besides F'd up Bucket to host images that you guys will allow...
"This may hurt a little, but it's something you'll get used to...."
-
View User Profile
-
View Posts
-
Send Message
Curse Premiumlinks came into it when I brought up the fact that the whitelist is just going to be a temporary fix and be a major headache for everyone on the forums. they scammers will just implement other methods for the scam. I was saying that this proactive approach may not be the best idea as blacklisting malicious sites as they are found and banning ip's of offenders by policing the forums would be a better approach than crippling the forums and making the community miserable until you fix an issue barely anyone knew about/was affected by. it's causing a lot of the community to get pissed that they cant properly display their mods,tex packs etc. or even use their banners and they have no real say in what site is going on the whitelist or what is going to be excluded because whoever in charge personally doesnt like it. I know the whole "if that many people were pissed etc they would be flaming this thread"... but the majority of people stick to 2 of the forums and dont even know about this.
Well, how are you going to fix the problem? I really, REALLY. hope that you don't keep the whitelist. Like everyone says, make a blacklist! I absolutely hate the popular image hosting sites due to adds, wait times, captchas, slow uploads and whatnot. That's why I use majhost.com; it gives me a very very large folder that I can upload as many pics as I need, with near instantaneous upload time and absolutely no adds. It's not very well known, so I suppose you aren't going to add it to the whitelist. Please, for the sake of the forums, switch to a blacklist!!
-
View User Profile
-
View Posts
-
Send Message
AdminI've talked to the developer who sorted this and we're changing the phrasing (from "External Image - Proceed with caution!" to "Click to view image") and I'm also having some more larger sites added to the list, but I'm sorry there is no way we can safely add smaller and personal sites to the list.
We are moving to new software soon and when that happens we will hopefully not need any of this, but for now while we remain with phpbb the whitelist is what we have. If someone has a large number of images in a post they can contact me and I will fix it for them.
If you need a good fast host: http://imgur.com
Project Genesis | IP: pgenesis.com
Dedicated Server | Active Staff | Chocolate
Visit our forums at http://www.mcgenesis.net
-
View User Profile
-
View Posts
-
Send Message
Curse PremiumIf 10+ (maybe 15) people with registered accounts click on the image, says "IMAGE IS SAFE", then the image appears to everyone.
This seems like a very complicated thing that basically requires folks getting hit with whatever malicious script comes with the image.
It seems to me it should just block the script.
*person clicks on image*
"CAN I HAS UR PASWORD PLZ?"
*Not Safe*
It's not any more dangerous then clicking on the images that SAY "External Image - Proceed With Caution". A lot of people have to say that the image is safe in order for it to appear to everyone - And if more people say it's not safe, then it's hidden again, and unable to be marked safe for 42 hours.
Image shows up without clicking.
Phishing dialogue box blocked.
Image is safe.
Russian hackers go "OH THEY BLOCKED US"
Russian hackers develop a new phishing box that doesn't get blocked.
Forum is attacked again.
Citric goes "OH NOES"
Citric blocks the new phishing box.
Image is safe.
Russian hackers go "OH THEY BLOCKED US"
Russian hackers develop a new phishing box that doesn't get blocked.
Forum is attacked again.
-
View User Profile
-
View Posts
-
Send Message
AdminA large portion of users have accounts here that share usernames and passwords with minecraft.net, some users even share the same password and username with their Steam accounts. Stealing a forum account can provide the person stealing it with access to both Steam and Minecraft.net accounts, both of which are valuable.
Exactly - My steam account has over 100$ worth of games. They could easily play them all without having to spend a dime, or sell the account for quick money.
Minecraft.net accounts...not so much. Maybe 15$ apiece, but that's not as valuable as Steam.