milkytiptoe
commented
10 years ago I'll look in to it asap.
Closed mackdesignarts closed 10 years ago
milkytiptoe
commented
10 years ago I'll look in to it asap.
milkytiptoe
commented
10 years ago Reply again if it happens again and link the thread if you can.
mackdesignarts
commented
10 years ago Will do. It happened to me, I'm niggy, so I was the only one reporting it.
mackdesignarts
commented
10 years ago I looked at your namesync coffee script source and read the headers sent by post to rm and sp.. I noticed that you can only remove a posters namesync by IP.. whoever did this found a way to remove and block my sig even after switching IP, clearing browser cache and reloading etc.. I doubt highly this was a browser or client attack, he's cleary hacking your namesync php API. Another thing is, he's using the thread IP, "t" I think it was from your POST vars.. so I can still post with sig in other threads just not in the one he blocked me in. Seems pretty ingenious. Please keep me posted if you make any changes for security, I've talked about it with other posters and we'd like to know the outcome, thank you!!
bstats
commented
10 years ago It could be the pre-insertion thing again...
nokosage
commented
10 years ago Can you recall the thread number that this occurred in for you?
mackdesignarts
commented
10 years ago no but it was on /b/ and the incident occurred just on or around 18:59pm EST.. I would assume the call was made to the /rm.php route and in some way was able to circumvent the IP filter you have set up.
mackdesignarts
commented
10 years ago Try thread number 539171713
According to my history thats where i was at the time. Anonymous heaven poster doing it
nokosage
commented
10 years ago Okay, thank you Niggy. It seems your posts (ID posting Niggy_####.jpg images, I assume), if any, are no longer in the database, and logs show that there are many more calls to rm.php than necessary.
rm.php has been temporarily disabled.
If it begins to happen again, let us know immediately.
Someone has found a way to delete a posters sig in a specific thread and revert it back to Anonymous. Similar to the rm.php POST from the namesync dashboard command to delete a posters name in the thread history. Except he is able to do it by blocking the name, and not relying on IP address. I switched my IP several times and still could not post with my sig. If I changed my name, I could post again and see the new name, but then he copied that name and blocked it too.. maybe also using a regex equation to block variants.