![[Deleted]](https://www.huntingnet.com/forum/iconimages/bowhunting/deleted_ltr.gif)
[Deleted]
02-19-2008, 06:57 PM
#21
Boone & Crockett
Join Date: Sep 2005
Location: Michigan/Ohio
Posts: 11,682
RE: [Deleted]
ORIGINAL: MN/Kyle
Sounds like some people have too much time on thier hands?? Glad it's all fixed.
ORIGINAL: Germ
It's not that easy to block IP's. The developers of thi site need to do most of the work. I have yet to be on when it happens, but do to the volume my guess is they are running java scripts on the server.
So when a legitment user post, it triggers a script that runs and creates all these bogus post.
ORIGINAL: KansasBBD
What do you do, just Block the IP address?
What do you do, just Block the IP address?
So when a legitment user post, it triggers a script that runs and creates all these bogus post.
HNI is all user inputs(parameters). Adding a program in a search box that runs on a server. I do not want to show an example, I am sure Justin would skin me alive
])
02-19-2008, 07:02 PM
#24
Nontypical Buck
Join Date: Mar 2007
Location: Minnesota
Posts: 4,911
RE: [Deleted]
ORIGINAL: Germ
I should show you some things people try to do on our sites. They will try anything to get in. It's user inputs that are easiest to use.
HNI is all user inputs(parameters). Adding a program in a search box that runs on a server. I do not want to show an example, I am sure Justin would skin me alive
I should show you some things people try to do on our sites. They will try anything to get in. It's user inputs that are easiest to use.
HNI is all user inputs(parameters). Adding a program in a search box that runs on a server. I do not want to show an example, I am sure Justin would skin me alive
02-19-2008, 07:08 PM
#25
Boone & Crockett
Join Date: Sep 2005
Location: Michigan/Ohio
Posts: 11,682
RE: [Deleted]
ORIGINAL: MN/Kyle
Germ, have you ever thought about becoming a college professor? I have a "Computers in society"class this semester and it flys over my head, what you said makes sense.
ORIGINAL: Germ
I should show you some things people try to do on our sites. They will try anything to get in. It's user inputs that are easiest to use.
HNI is all user inputs(parameters). Adding a program in a search box that runs on a server. I do not want to show an example, I am sure Justin would skin me alive
I should show you some things people try to do on our sites. They will try anything to get in. It's user inputs that are easiest to use.
HNI is all user inputs(parameters). Adding a program in a search box that runs on a server. I do not want to show an example, I am sure Justin would skin me alive
02-19-2008, 07:15 PM
#26
Boone & Crockett
Join Date: Sep 2005
Location: Michigan/Ohio
Posts: 11,682
RE: [Deleted]
Yep without a doubt it's XSS attack or SQL Injection.They have found a way in.
It could be SQL Injection also. HNI needs to run everything in Store Procedures and have parameters defined(size) to stop this.
Ifsomeone is running SQL command in strings inside code, well it's very bad practice. These strings can have commands "Added" on.
It could be SQL Injection also. HNI needs to run everything in Store Procedures and have parameters defined(size) to stop this.
Ifsomeone is running SQL command in strings inside code, well it's very bad practice. These strings can have commands "Added" on.
02-19-2008, 07:28 PM
#29
Typical Buck
Join Date: Oct 2007
Location: Kansas baby!
Posts: 708
RE: [Deleted]
ORIGINAL: Germ
Yep without a doubt it's XSS attack or SQL Injection.They have found a way in.
It could be SQL Injection also. HNI needs to run everything in Store Procedures and have parameters defined(size) to stop this.
Ifsomeone is running SQL command in strings inside code, well it's very bad practice. These strings can have commands "Added" on.
Yep without a doubt it's XSS attack or SQL Injection.They have found a way in.
It could be SQL Injection also. HNI needs to run everything in Store Procedures and have parameters defined(size) to stop this.
Ifsomeone is running SQL command in strings inside code, well it's very bad practice. These strings can have commands "Added" on.
02-19-2008, 07:29 PM
#30
Boone & Crockett
Join Date: Sep 2005
Location: Michigan/Ohio
Posts: 11,682
RE: [Deleted]
I can't, LOL
If I was HNI first thing I would do is take all the SQL statements out of code and use Store Procedures with Paramters. You can set the size of your user input parameters and stop injections.
Guys a moderator/admin cannot fix this, it has to be a developer. It's not HNI fault, it's bad coding practices.
If I was HNI first thing I would do is take all the SQL statements out of code and use Store Procedures with Paramters. You can set the size of your user input parameters and stop injections.
Guys a moderator/admin cannot fix this, it has to be a developer. It's not HNI fault, it's bad coding practices.