YCM needs more Security

[J-Max]

[Link removed for security reasons]

 

This may look like Random Numbers to you but these are actually security vunerbilities on the Forum. Any one of these could be used by a Malicious Hacker to install something nasty. It's bad enough that Members want to KEEP Attachments. Know how easy it is to put a Trojan or Worm filled file as an Attachment?

 

I'm asking YCMaker to please consider patching up these obvious vunerbilities. We saw what kind of damage can be done with just a Fake Login page. Imagine if YCM was DDosed?

[Enma Ai]

we need to close alot of those open ports, and get a newer security system or something

 

good snooping J-Max

[Amaterasu]

I agree. I was thinking this for a while but kept it hushed because I was waiting for a mod to bring it up. Glad you found something while under cover there. I even thought about making a clone YCM website as a backup. (for the card making only.)

[Yoshiman™]

report that site dude! THATS A VIOLATION OF THE INTERNET LAW

[Catman25]

It's a good idea to be safe, but why would you take your time to hack a child forum?

[Lemniscate]

This is horrible.

YCM is very vulnerable.

We definitely need heightened security.

[J-Max]

Some people are just pathetic like that. Also this is a call to Ban Attachments forever. Files can have Trojans.

[Enma Ai]

report that site dude! THATS A VIOLATION OF THE INTERNET LAW

 

Actually not if the tuts have "This is for learning purposes Only" that means the maker of the tut is not the one getting in trouble, and the person using it may not even be part of the site

[Guest Star]

It's a good idea to be safe' date=' but why would you take your time to hack a child forum?

[/quote']

 

Probably because YCM has over 200,000 members and nearly 2,000,000 posts. They'd probably think they're cool for taking down such a large forum.

 

Some people are just pathetic like that. Also this is a call to Ban Attachments forever. Files can have Trojans.

 

Is it even possible to literally ban attachments?

[Enma Ai]

yes YCMaker can stop the post of attachments

[J-Max]

Star, Attachments can be disabled, it's as simple as that. I think it's in the Admin CP.

[Guest Star]

Star' date=' Attachments can be disabled, it's as simple as that. I think it's in the Admin CP.

[/quote']

 

If attachments can be disabled, and they are against the rules anyway, why haven't they been disabled already? All they're doing (if they are against the rules) is causing spam, as people use them, and members flame the fact that they're using attachments.

 

I say just get rid of them.

[moneypony]

maybe YCMaker could add a javascript remind that pops out when it notices the url bar doesn't say the correct url

or much more simpler,add something that reminds them that if the address bar doesn't say "insert correct one here" then they shouldn't enter the password

YCMaker could also make it(if possible) to give us the option to set a list of IPs that can access the account,making it near impossible for someone to hack it

To extend security,the quickest way of getting the password is phishing,with the idea above,it should be much harder,the 2nd method would usually be random password genrating,forcing,etc...

so if we extend it to 5 guesses AND it will lock your account until you click on the link that was sent to your email,that way,you are notified someone is trying to hack your account,it may get annoying if people try to login to your account and locking it,which is why it should tell the IP address of the place it was trying to log in either to mods/admin only or both.

(^ This would be very hard to code so i won't be surprised if it wasn't added)

 

as for Banning Attachments,i recommend that you make a thread for good places places to upload your images (Tinypic,Photobucket,Imageshack,etc..),files that security scan before letting it able for other people to download (MediaFire,4Shared),

 

i hope this doesn't count as advertising,i didn't give the links or anything but if it counts as it,i would like to know because i don't want to have my warning level raised

 

EDIT:attachments aren't banned,they just can't be used to post cards in the CC section for some reason...

(because i am too lazy to click on the thumbnails is NOT a valid reason)

but i do get annoyed if it's a Bitmap i have to download

[J-Max]

[align=center]This would also solve a possible Trojan Threat (Surprised no-one has tried it yet) But this is about the Security issue. I understand that most of this is Behind the scenes Backdoor stuff that no member can see, but this is what Hackers thrive on, a Open Window to get in. Let's just say that YCM is like this:

I'm not joking, think of a Hacker like that cocky looking mouse.[/align]

[moneypony]

so we should close those open windows/ports w/e?

can you name some pros (other than blocking out hackers) and some cons about doing that?

[J-Max]

The Pros are infinite. This will close the doors on any Hacking attempts. No Cons either, this is just some hoiles that need filling.

[moneypony]

The Pros are infinite. This will close the doors on any Hacking attempts. No Cons either' date=' this is just some hoiles that need filling.

[/quote']

 

so we just need to make this site a solid block of cheese and we don't have to worry about hack attempts any more(other than phishing)

 

besides,i am not even sure how you can hack with these holes

[J-Max]

The Holes are like a Backdoor to a Bar. If you ca\n sneak in and run off with somethign then you;re a Winner. Also Hackers can do almost everything a Admin can with these exploits, Just think, one of them Lines of text could be a gateway to the Admin CP

[Legend Zero]

1. I fully support this and agree totally.

2. That mouse is'nt as cocky as you think.

[Bloodrun]

Star' date=' Attachments can be disabled, it's as simple as that. I think it's in the Admin CP.

[/quote']

 

If attachments can be disabled, and they are against the rules anyway, why haven't they been disabled already? All they're doing (if they are against the rules) is causing spam, as people use them, and members flame the fact that they're using attachments.

 

I say just get rid of them.

 

Because YCMaker said, "NO U!"?

 

Anyway, J-Max, I have to ask that you seize the public talk of "hacking" because you are only stirring up useless trouble.

[J-Max]

No Bloodrun. Open Ports? Did you see how many there was? I'm standing my ground here, With that kind of vunerbility YCM could easily be DDosed

[NuclearLight]

I agree completely we must get much more security around her i am tired of being hacked!

[Bloodrun]

No Bloodrun. Open Ports? Did you see how many there was? I'm standing my ground here' date=' With that kind of vunerbility YCM could easily be DDosed

[/quote']

 

-.-"

 

It's been that way for 3 years.

 

There is no point in "hacking" YCM lol.

You can "stand your ground" but even a smart leader knows when to publicly preach, and when to fight behind closed doors.

[NeoDemonX]

keep us updated ok

[∮.Ғσяgσттeи.SσℓÐιєя.∮]

Yes, i believe extra security is needed.

That thread in the Hack forum, is just incredible.