HuntingNet.com Forums

Page 3 of 4

Show 40 post(s) from this thread on one page

HuntingNet.com Forums (https://www.huntingnet.com/forum/)

- Bowhunting (https://www.huntingnet.com/forum/bowhunting-18/)

- - [Deleted] (https://www.huntingnet.com/forum/bowhunting/233400-deleted.html)

Germ	02-19-2008 06:57 PM

RE: [Deleted]

Quote:

ORIGINAL: MN/Kyle

Quote:

ORIGINAL: Germ

Quote:

ORIGINAL: KansasBBD

What do you do, just Block the IP address?

It's not that easy to block IP's. The developers of thi site need to do most of the work. I have yet to be on when it happens, but do to the volume my guess is they are running java scripts on the server.

So when a legitment user post, it triggers a script that runs and creates all these bogus post.

Sounds like some people have too much time on thier hands?? Glad it's all fixed.

I should show you some things people try to do on our sites. They will try anything to get in. It's user inputs that are easiest to use.

HNI is all user inputs(parameters). Adding a program in a search box that runs on a server. I do not want to show an example, I am sure Justin would skin me alive:D

neb	02-19-2008 06:58 PM

RE: Hey come the hacker antis' !!

Has this happened before on this forum. This is a bad thing.

buckmaster

02-19-2008 07:01 PM

RE: Hey come the hacker antis' !!

Germs a Computer nerd! ( i might pay for that one.... I gotta go check my bank account...[:o])

MN/Kyle

02-19-2008 07:02 PM

RE: [Deleted]

Quote:

ORIGINAL: Germ
I should show you some things people try to do on our sites. They will try anything to get in. It's user inputs that are easiest to use.

HNI is all user inputs(parameters). Adding a program in a search box that runs on a server. I do not want to show an example, I am sure Justin would skin me alive:D

Germ, have you ever thought about becoming a college professor? I have a "Computers in society"class this semester and it flys over my head, what you said makes sense.

Germ	02-19-2008 07:08 PM

RE: [Deleted]

Quote:

ORIGINAL: MN/Kyle

Quote:

Germ, have you ever thought about becoming a college professor? I have a "Computers in society"class this semester and it flys over my head, what you said makes sense.

Every boss I have had describes me as a Nerd without being a Nerd. Yes I talk plain english without all the buzz words. I try to keep it simple.

Germ	02-19-2008 07:15 PM

RE: [Deleted]

Yep without a doubt it's XSS attack or SQL Injection.They have found a way in.

It could be SQL Injection also. HNI needs to run everything in Store Procedures and have parameters defined(size) to stop this.
Ifsomeone is running SQL command in strings inside code, well it's very bad practice. These strings can have commands "Added" on.

buckmaster

02-19-2008 07:17 PM

RE: [Deleted]

DO SOMETHING GERM!!

MOhunter46

02-19-2008 07:21 PM

RE: [Deleted]

Quote:

ORIGINAL: buckmaster

DO SOMETHING GERM!!

Ya,get em Germ!!

KansasBBD

02-19-2008 07:28 PM

RE: [Deleted]

Quote:

ORIGINAL: Germ

Yep without a doubt it's XSS attack or SQL Injection.They have found a way in.

It could be SQL Injection also. HNI needs to run everything in Store Procedures and have parameters defined(size) to stop this.
Ifsomeone is running SQL command in strings inside code, well it's very bad practice. These strings can have commands "Added" on.

Germ for moderator 08'

Germ	02-19-2008 07:29 PM

RE: [Deleted]

I can't, LOL

If I was HNI first thing I would do is take all the SQL statements out of code and use Store Procedures with Paramters. You can set the size of your user input parameters and stop injections.

Guys a moderator/admin cannot fix this, it has to be a developer. It's not HNI fault, it's bad coding practices.

All times are GMT -8. The time now is 01:25 PM.

Page 3 of 4

Show 40 post(s) from this thread on one page