Forum glitch?

Discussions about everything else
Post Reply
User avatar
EvilGrins
Godlike
Posts: 7103
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA
Contact:

Forum glitch?

Post by EvilGrins » Mon Jun 01, 2020 5:43 am

This has been popping up a lot recently in my AVG warnings. Only when I'm on this forum, started about a week ago.

Not sure why. Even other forums using the same theme as this one haven't done this.
Attachments
wtfClip0002.png
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758

User avatar
OjitroC
Godlike
Posts: 1627
Joined: Sat Sep 12, 2015 8:46 pm

Re: Forum glitch?

Post by OjitroC » Mon Jun 01, 2020 12:00 pm

Nothing to do with this forum. The site you are trying to connect to - observerzparadise.com - is currently down (or blocking all/certain connections). When I try to connect it to it, I get a warning from my antivirus/malware - it is probably suspicious enough to stay away from it.

User avatar
Feralidragon
Godlike
Posts: 5197
Joined: Wed Feb 27, 2008 6:24 pm
Personal rank: Work In Progress
Location: Liandri

Re: Forum glitch?

Post by Feralidragon » Mon Jun 01, 2020 1:15 pm

It may have to do with this forum actually, since most images displayed in this forum aren't stored at ut99.org, but are instead loaded from remote sites.

Take Evilgrins signature image for example, its URL is actually: http://ic.pics.livejournal.com/evilgrin ... 82_640.png
and not ut99.org.

It's the same reason why while this forum uses HTTPS, it will still display a warning in this very topic for example saying you're not secure, because Evilgrins' signature is loaded remotely using HTTP.

So, it may happen that there's a user or a post with an image from that site, which is very likely the case given that the full URL that Evilgrins is showing is actually an image URL.
And it's only a matter of identifying which, which can be done by Evilgrins himself (by checking what thread he's seeing at the time he gets this warning) or Shade by checking the database for post or signature entries from that domain.

This is why many forums either do not allow images, or only show images that are hosted in the forum itself, as a way of protecting users from potential attacks and from getting spied on.
For example, as a malicious user I could post an image to retrieve your IP address, the browser you're using, etc, something Higor's signature, for example, exposes (albeit only to yourself in his specific case), but which in the case of a malicious user could be used to know every IP address from almost every user in this forum, by them just viewing your post or signature.

In a more extreme case, I could also use it to set cookies on your side, or to even send you a malicious Javascript for your browser to execute if your browser is vulnerable to such attacks.
Until a few years ago, browsers would execute anything that looked like Javascript successfully, when they shouldn't (not sure if they still do, never looked much into that since).

User avatar
OjitroC
Godlike
Posts: 1627
Joined: Sat Sep 12, 2015 8:46 pm

Re: Forum glitch?

Post by OjitroC » Mon Jun 01, 2020 1:59 pm

Feralidragon wrote:
Mon Jun 01, 2020 1:15 pm
It may have to do with this forum actually, since most images displayed in this forum aren't stored at ut99.org, but are instead loaded from remote sites.

Take Evilgrins signature image for example, its URL is actually: http://ic.pics.livejournal.com/evilgrin ... 82_640.png
and not ut99.org.

It's the same reason why while this forum uses HTTPS, it will still display a warning in this very topic for example saying you're not secure, because Evilgrins' signature is loaded remotely using HTTP.

So, it may happen that there's a user or a post with an image from that site, which is very likely the case given that the full URL that Evilgrins is showing is actually an image URL.
And it's only a matter of identifying which, which can be done by Evilgrins himself (by checking what thread he's seeing at the time he gets this warning) or Shade by checking the database for post or signature entries from that domain.

This is why many forums either do not allow images, or only show images that are hosted in the forum itself, as a way of protecting users from potential attacks and from getting spied on.
For example, as a malicious user I could post an image to retrieve your IP address, the browser you're using, etc, something Higor's signature, for example, exposes (albeit only to yourself in his specific case), but which in the case of a malicious user could be used to know every IP address from almost every user in this forum, by them just viewing your post or signature.

In a more extreme case, I could also use it to set cookies on your side, or to even send you a malicious Javascript for your browser to execute if your browser is vulnerable to such attacks.
Until a few years ago, browsers would execute anything that looked like Javascript successfully, when they shouldn't (not sure if they still do, never looked much into that since).
I agree, I've always thought it a bit odd that the forum allowed remotely hosted images to be uploaded or linked to, given the potential dangers you highlight.

I had assumed that EG was trying to upload an image from the site and forgot that he may have just be viewing the image in the Screenshots For Fun thread.

The basic point, though, is that site - observerzparadise.com - is down or otherwise unreachable (it looks like the domain may have expired a couple of years ago but there are conflicting results from various on-line security and whois scans) and may be malicious.

User avatar
Feralidragon
Godlike
Posts: 5197
Joined: Wed Feb 27, 2008 6:24 pm
Personal rank: Work In Progress
Location: Liandri

Re: Forum glitch?

Post by Feralidragon » Mon Jun 01, 2020 2:18 pm

From the URL itself, it seems that the image is from July of 2011, and the name of the image seems to imply a censored low resolution image of something else.
There's also the domain name itself, which is very suspicious.

If I had to guess, based on all this and the type of warning he got (URL blacklist), that the site issue may not have been to serve malicious content necessarily, but rather illegal content instead.
That may be why it got blacklisted, and why it eventually was taken down.

So it's a good thing that the image no longer loads.
Accepting external images, whether you host them yourself or not, has this kind of risk: you cannot control very well what a user will link or upload.
It may not be malicious, but there have been many cases where the user uploaded illegal images, hence why some forums opted to not even host images themselves.

I think Kaal himself (or someone else, I don't recall very well) did this once in the BeyondUnreal forums at one time (I think that's what got him banned there, but I am not 100% sure, it's what I heard at the time).

User avatar
sektor2111
Godlike
Posts: 4558
Joined: Sun May 09, 2010 6:15 pm
Location: On the roof.

Re: Forum glitch?

Post by sektor2111 » Mon Jun 01, 2020 9:33 pm

It's nice to block ALL signatures heading to external URL-s, they are just logging your presence...

User avatar
EvilGrins
Godlike
Posts: 7103
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA
Contact:

Re: Forum glitch?

Post by EvilGrins » Tue Jun 02, 2020 1:40 am

sektor2111 wrote:
Mon Jun 01, 2020 9:33 pm
It's nice to block ALL signatures heading to external URL-s, they are just logging your presence...
Could be easy to lockdown which one it is, this happens on the 1st page of my "Screenshots for Fun" thread.

Although I didn't see anything with that URL when I checked.
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758

User avatar
Feralidragon
Godlike
Posts: 5197
Joined: Wed Feb 27, 2008 6:24 pm
Personal rank: Work In Progress
Location: Liandri

Re: Forum glitch?

Post by Feralidragon » Tue Jun 02, 2020 1:49 am

Found it: viewtopic.php?f=12&t=3434#p32550

It's actually from your last post in that page.
In your post you have "Image", but this is just a placeholder when the actual image could not be loaded, if you right click on it you can copy the URL and also see "view image".

User avatar
EvilGrins
Godlike
Posts: 7103
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA
Contact:

Re: Forum glitch?

Post by EvilGrins » Tue Jun 02, 2020 4:42 am

Eek!
Feralidragon wrote:
Tue Jun 02, 2020 1:49 am
It's actually from your last post in that page.
Fixed.
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758

User avatar
papercoffee
Godlike
Posts: 9637
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.
Contact:

Re: Forum glitch?

Post by papercoffee » Tue Jun 02, 2020 12:59 pm

Feralidragon wrote:
Tue Jun 02, 2020 1:49 am
It's actually from your last post in that page.
In your post you have "Image", but this is just a placeholder when the actual image could not be loaded, if you right click on it you can copy the URL and also see "view image".
EvilGrins wrote:
Tue Jun 02, 2020 4:42 am
Fixed.
Now I understand why I was mentioned and got a notification for this post.

Soooo the "forum glitch" was EvilGrins all along... mhmmm

To fix the problem with pictures in our forum.
Either we make it that you can upload bigger pictures but fewer (or vice versa) or we keep the linking from external sources.

User avatar
OjitroC
Godlike
Posts: 1627
Joined: Sat Sep 12, 2015 8:46 pm

Re: Forum glitch?

Post by OjitroC » Tue Jun 02, 2020 1:45 pm

papercoffee wrote:
Tue Jun 02, 2020 12:59 pm
To fix the problem with pictures in our forum.
Either we make it that you can upload bigger pictures but fewer (or vice versa) or we keep the linking from external sources.
Apart from the security\safety issues highlighted by Ferali (which are, of course, important), the other problem with external hosted images is that the host can disappear or the terms for hosting can change. Looking through threads from the early days of this forum one can see that, for example, imageshack has gone and that a lot of images hosted by photobucket now carry a watermark that considerably reduces their value as images (basically, it's very difficult to make out what is in the pics). The more images become unviewable or difficult to view clearly, the more the discussion around them and about them is devalued.

My view is that the more images that are hosted on the forum the better though, in coming to a decision about this, a number of other factors need to be taken into account.

RocketJedi
Inhuman
Posts: 765
Joined: Wed Mar 12, 2008 7:14 pm
Personal rank: I.T Master
Location: New York
Contact:

Re: Forum glitch?

Post by RocketJedi » Tue Jun 02, 2020 3:21 pm

Feralidragon wrote:
Mon Jun 01, 2020 1:15 pm
It may have to do with this forum actually, since most images displayed in this forum aren't stored at ut99.org, but are instead loaded from remote sites.

Take Evilgrins signature image for example, its URL is actually: http://ic.pics.livejournal.com/evilgrin ... 82_640.png
and not ut99.org.

It's the same reason why while this forum uses HTTPS, it will still display a warning in this very topic for example saying you're not secure, because Evilgrins' signature is loaded remotely using HTTP.

So, it may happen that there's a user or a post with an image from that site, which is very likely the case given that the full URL that Evilgrins is showing is actually an image URL.
And it's only a matter of identifying which, which can be done by Evilgrins himself (by checking what thread he's seeing at the time he gets this warning) or Shade by checking the database for post or signature entries from that domain.

This is why many forums either do not allow images, or only show images that are hosted in the forum itself, as a way of protecting users from potential attacks and from getting spied on.
For example, as a malicious user I could post an image to retrieve your IP address, the browser you're using, etc, something Higor's signature, for example, exposes (albeit only to yourself in his specific case), but which in the case of a malicious user could be used to know every IP address from almost every user in this forum, by them just viewing your post or signature.

In a more extreme case, I could also use it to set cookies on your side, or to even send you a malicious Javascript for your browser to execute if your browser is vulnerable to such attacks.
Until a few years ago, browsers would execute anything that looked like Javascript successfully, when they shouldn't (not sure if they still do, never looked much into that since).
There is a plugin we use on our forums which forces all images to https. They should implement that here.
https://www.vulpinemission.com
Image ROCKET-X8 Server
Image MONSTERHUNT w/ NALI WEAPONS 3 + RX8
Image BUNNYTRACK NY
Image SNIPER DEATHMATCH
Image InstaGib + ComboGib + Jailbreak
Image ROSEBUM ROCKET-X RB

User avatar
EvilGrins
Godlike
Posts: 7103
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA
Contact:

Re: Forum glitch?

Post by EvilGrins » Tue Jun 02, 2020 4:50 pm

OjitroC wrote:
Tue Jun 02, 2020 1:45 pm
problem with external hosted images is that the host can disappear or the terms for hosting can change
Not likely to happen with me, I host all my stuff on livejournal and that site is pretty stable.

Minus this...
papercoffee wrote:
Tue Jun 02, 2020 12:59 pm
Soooo the "forum glitch" was EvilGrins all along... mhmmm
...the pic in question there I did post but it wasn't from livejournal.
Feralidragon wrote:
Mon Jun 01, 2020 1:15 pm
It's the same reason why while this forum uses HTTPS, it will still display a warning in this very topic for example saying you're not secure, because Evilgrins' signature is loaded remotely using HTTP.
Funny thing is that yes, that's true... yet if you open the image's URL in the browser it displays as HTTPS.
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758

User avatar
OjitroC
Godlike
Posts: 1627
Joined: Sat Sep 12, 2015 8:46 pm

Re: Forum glitch?

Post by OjitroC » Tue Jun 02, 2020 6:35 pm

EvilGrins wrote:
Tue Jun 02, 2020 4:50 pm
Not likely to happen with me, I host all my stuff on livejournal and that site is pretty stable.
Indeed and long may it continue to be so (both for your sake and for the continuity of the forum). However that doesn't negate the general principle that it is preferable to host images on the forum rather than externally - presumably no-one foresaw that photobucket would change in the way it has with the consequence that the usefulness of many of the images hosted there and displayed here is now very limited.

User avatar
Feralidragon
Godlike
Posts: 5197
Joined: Wed Feb 27, 2008 6:24 pm
Personal rank: Work In Progress
Location: Liandri

Re: Forum glitch?

Post by Feralidragon » Tue Jun 02, 2020 9:32 pm

EvilGrins wrote:
Tue Jun 02, 2020 4:50 pm
Funny thing is that yes, that's true... yet if you open the image's URL in the browser it displays as HTTPS.
That's because that URL is redirecting to HTTPS, meaning that there is in fact 2 requests going on with that URL: the first one in HTTP, and then the server replies with a redirect response code, and then the browser calls the URL again but in HTTPS.
This type of redirect is a common web server configuration to ensure everyone uses HTTPS.

However, despite the fact that it redirects to HTTPS in the end, the browser doesn't know that, as the first request is effectively performed in HTTP.
So if you simply update your signature to change the "http" to "https" in the URL, for this thread (for example) the browser may finally display it as secure, although this depends on every other image/resource to be loaded in HTTPS as well (I didn't check).

Some browsers go to the extent of being "HTTPS-aware", meaning that some browsers will internally cache the fact that a given domain has HTTPS enabled, and will attempt to do all requests as HTTPS to that domain even if the given URL is HTTP, as an added security measure.

OjitroC wrote:
Tue Jun 02, 2020 6:35 pm
Indeed and long may it continue to be so (both for your sake and for the continuity of the forum). However that doesn't negate the general principle that it is preferable to host images on the forum rather than externally - presumably no-one foresaw that photobucket would change in the way it has with the consequence that the usefulness of many of the images hosted there and displayed here is now very limited.
Yes, self-hosting images solves security issues and ensures that the images are safe and will never go away.
The downside though is the extra bandwidth and storage needed on the web server side.

Of course, at least the bandwidth can be solved by using a CDN for all site resources (especially images), such as Cloudflare (the free plan should be enough).
It may be even set up to cover the entire site, although it's generally preferable to have separate domains for the site itself and the static resources, for some added security (otherwise Cloudflare will see your session cookie and such, as well your login username and password to this forum), and the ability to configure static and non-static content in separate more easily.

This also means that the forum would need to be set up differently to do one of 2 things: restrict images to be locally uploaded images only, or to retrieve the image from the external site and store it locally on post submission (the latter is of course preferable, although that implies some added security concerns as well).

I am not sure if for a forum like this it's worth the trouble, to be honest, although RocketJedi's suggestion of at least forcing HTTPS in every image URL is a good idea.

Post Reply