AnimeGalleries [dot] NetAnimeWallpapers [dot] ComAnimeLyrics [dot] ComAnimePedia [dot] ComAnimeGlobe [dot] Com


User Tag List

+ Reply to Thread
Results 1 to 4 of 4

Thread: Your site's security SUCKS!

  1. #1
    🐮🔪 Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555's Avatar
    Gil
    16,872.42
    Gender
    Gifts Pig Pig Pig
    Mentioned
    125 Post(s)
    Tagged
    1 Thread(s)
    Latest Post
    06-29-2017 04:31 AM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Jun 2013
    Threads
    702
    Posts
    1,436
    Blog Entries
    389
    Rep Power
    0

    Default Your site's security SUCKS!

    Just ran SmartSniff (a packet sniffer) on my computer, and then logged in to animeforum.com and then looked at the recorded HTTP packets. Here's the payload of the HTTP POST packet (from my login) that it recorded:

    vb_login_username=animedude5555&vb_login_password= ******&vb_login_password_hint=Password&cookieuser= 1&s=&securitytoken=guest&do=login&vb_login_md5pass word=&vb_login_md5password_utf=
    Notice the variable vb_login_password, and notice the asterisks after the equals-sign. I put those asterisks there when posting this thread to the forum, because in its original form it contained my actual password in PLAIN TEXT! My password was NOT encrypted! What the crap?! ANYBODY who had tapped my cable internet line could have intercepted this and gotten my password! And I also use it as the login password for one of my several GMail accounts! You guys trying to get me hacked or something?!

    I know your forum uses HTTP instead of encrypted HTTPS, but that doesn't mean you have to leave the security sucking. You could still make sure that the password field in your forum's software is encrypted. I mean, you could use an encryption algorithm in a PHP script (for server side) and in Javascript (for client side). There's NO EXCUSE, in the modern era of computing, that a password is literally visible to ANYBODY who has managed to eavesdrop on the network packets. That is INEXCUSABLE! I don't know who actually owns the server that animeforum.com is running on, but they need to hire a network technician to implement some form of encryption on the communications link, or hire somebody who knows how to implement encryption on webpages and online scripts to implement encryption in this forum's software.
    Click the banner to visit my website.

    My website is still under construction, so please visit it often to see it as it grows. You may have to press F5 to refresh the page if there's something new that's not showing (in some rare cases, you may have to use Ctrl+F5). If you wish to contact me about my site and are a member of Animeforum, PM me. If you are just a guest visiting Animeforum, please use [email protected]


  2. Likes PictureGuy liked this post
  3. #2
    SPARKLE SPARKLE!!! Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao's Avatar
    Gil
    7,393,553.97
    Gender
    My Mood
    sunshine
    Mentioned
    30 Post(s)
    Tagged
    0 Thread(s)
    Latest Post
    07-11-2017 05:11 AM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Jul 2001
    Location
    Janesville, Wi
    Age
    30
    Threads
    139
    Posts
    3,109
    Rep Power
    1133

    Default Re: Your site's security SUCKS!

    Given we're a lowly anime site the pressing need for SSL never really hit us much. It's coming where we will have to adopt it, sure. And we plan to. So don't worry about that. It will happen probably before the year is over.

    You guys trying to get me hacked or something?!
    That's on you. Every security website on the planet highly recommends not using the same password twice. You choosing to do so is a security risk which you must take responsibility for. I recommend you get a password manager such as Lastpass. This way, you can generate huge, random passwords for each account and never have to worry about it again. At the end of the day you are responsible for you. You can't rely on anybody else to keep you safe online.

    Please reconsider how you choose to report things. There's a difference between constructive criticism and kneejerk yelling. Being rude and assuming will often get you ignored in this world.
    I am Jakiao - The Resident Dw33b / Forum & Chat Admin
    [ Our Rules | Site FAQ ]

    Thinking about asking a question in Site Issues and Questions?
    Be sure to SEARCH FIRST before making a new thread. Chances are, someone already asked!

  4. Likes RunnerNoah liked this post
  5. #3
    SPARKLE SPARKLE!!! Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao's Avatar
    Gil
    7,393,553.97
    Gender
    My Mood
    sunshine
    Mentioned
    30 Post(s)
    Tagged
    0 Thread(s)
    Latest Post
    07-11-2017 05:11 AM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Jul 2001
    Location
    Janesville, Wi
    Age
    30
    Threads
    139
    Posts
    3,109
    Rep Power
    1133

    Default Re: Your site's security SUCKS!

    For the record, SSL is enabled and forced as of this morning.
    I am Jakiao - The Resident Dw33b / Forum & Chat Admin
    [ Our Rules | Site FAQ ]

    Thinking about asking a question in Site Issues and Questions?
    Be sure to SEARCH FIRST before making a new thread. Chances are, someone already asked!

  6. Thanks RunnerNoah, FlashD thanked for this post
    Likes Darkandiel, FlashD liked this post
  7. #4
    Senior Member Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel's Avatar
    Gil
    1,997.04
    Gender
    My Mood
    Bookworm
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    Latest Post
    07-19-2017 09:03 AM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Oct 2008
    Location
    In the wardrobe
    Age
    35
    Threads
    5
    Posts
    316
    Rep Power
    708

    Default Re: Your site's security SUCKS!

    LOL! This is so funny.

    While it's great that you pointed out this flaw... why the frick to you use the same password for a forum that you use for an email. Go change your email password right now. That's the dumbest thing I've ever heard. Forums are not the most secure thing on the internet and never will be. Neither is facebook or Twitter for example. They don't expect you to use the same password that would also be a gateway to your banking details. There's always the chance that someone will hack and download the entire database and upload your usernames and passwords to a malicious website for others to exploit. It's happened to me more than once on various sites, but I don't care because I have different sets of passwords.

    I have a different key for each important thing, then a number of throwaway passwords for forums and things.
    Last edited by Darkandiel; Yesterday at 09:05 AM.

    Not taking sig requests at the moment - sorries


    My Extractions

+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Similar Threads

  1. I swear this site's advertising hates me
    By Nora Kisaragi in forum Site Issues / Questions
    Replies: 0
    Last Post: 02-11-2011, 11:42 AM
  2. Replies: 1
    Last Post: 07-07-2010, 11:27 PM
  3. Site's running slow.
    By Cobra Commander in forum Site Issues / Questions
    Replies: 24
    Last Post: 11-05-2009, 08:57 PM
  4. school sucks home work sucks!!!
    By xssence in forum Miscellaneous Miscellany
    Replies: 61
    Last Post: 05-26-2007, 11:37 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts