AnimeGalleries [dot] NetAnimeWallpapers [dot] ComAnimeLyrics [dot] ComAnimePedia [dot] ComAnimeGlobe [dot] Com


User Tag List

+ Reply to Thread
Results 1 to 5 of 5

Thread: Your site's security SUCKS!

  1. #1
    🐮🔪 Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555 is infamous around these parts Animedude5555's Avatar
    Gil
    20,133.22
    Gender
    Gifts Pig Pig Pig
    Mentioned
    125 Post(s)
    Tagged
    1 Thread(s)
    Latest Post
    11-13-2019 08:41 AM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Jun 2013
    Threads
    738
    Posts
    1,507
    Blog Entries
    398
    Rep Power
    0

    Default Your site's security SUCKS!

    Just ran SmartSniff (a packet sniffer) on my computer, and then logged in to animeforum.com and then looked at the recorded HTTP packets. Here's the payload of the HTTP POST packet (from my login) that it recorded:

    vb_login_username=animedude5555&vb_login_password= ******&vb_login_password_hint=Password&cookieuser= 1&s=&securitytoken=guest&do=login&vb_login_md5pass word=&vb_login_md5password_utf=
    Notice the variable vb_login_password, and notice the asterisks after the equals-sign. I put those asterisks there when posting this thread to the forum, because in its original form it contained my actual password in PLAIN TEXT! My password was NOT encrypted! What the crap?! ANYBODY who had tapped my cable internet line could have intercepted this and gotten my password! And I also use it as the login password for one of my several GMail accounts! You guys trying to get me hacked or something?!

    I know your forum uses HTTP instead of encrypted HTTPS, but that doesn't mean you have to leave the security sucking. You could still make sure that the password field in your forum's software is encrypted. I mean, you could use an encryption algorithm in a PHP script (for server side) and in Javascript (for client side). There's NO EXCUSE, in the modern era of computing, that a password is literally visible to ANYBODY who has managed to eavesdrop on the network packets. That is INEXCUSABLE! I don't know who actually owns the server that animeforum.com is running on, but they need to hire a network technician to implement some form of encryption on the communications link, or hire somebody who knows how to implement encryption on webpages and online scripts to implement encryption in this forum's software.
    Click the banner to visit my website.

    My website is still under construction, so please visit it often to see it as it grows. You may have to press F5 to refresh the page if there's something new that's not showing (in some rare cases, you may have to use Ctrl+F5). If you wish to contact me about my site and are a member of Animeforum, PM me. If you are just a guest visiting Animeforum, please use [email protected]


  2. Likes PictureGuy liked this post
  3. #2
    SPARKLE SPARKLE!!! Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao's Avatar
    Gil
    7,393,634.45
    Gender
    My Mood
    sunshine
    Mentioned
    31 Post(s)
    Tagged
    0 Thread(s)
    Latest Post
    02-01-2023 03:50 PM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Jul 2001
    Location
    Janesville, Wi
    Age
    37
    Threads
    140
    Posts
    3,110
    Rep Power
    1139

    Default Re: Your site's security SUCKS!

    Given we're a lowly anime site the pressing need for SSL never really hit us much. It's coming where we will have to adopt it, sure. And we plan to. So don't worry about that. It will happen probably before the year is over.

    You guys trying to get me hacked or something?!
    That's on you. Every security website on the planet highly recommends not using the same password twice. You choosing to do so is a security risk which you must take responsibility for. I recommend you get a password manager such as Lastpass. This way, you can generate huge, random passwords for each account and never have to worry about it again. At the end of the day you are responsible for you. You can't rely on anybody else to keep you safe online.

    Please reconsider how you choose to report things. There's a difference between constructive criticism and kneejerk yelling. Being rude and assuming will often get you ignored in this world.
    I am Jakiao - The Resident Dw33b / Forum & Chat Admin
    [ Our Rules | Site FAQ ]

    Thinking about asking a question in Site Issues and Questions?
    Be sure to SEARCH FIRST before making a new thread. Chances are, someone already asked!

  4. Likes RunnerNoah liked this post
  5. #3
    SPARKLE SPARKLE!!! Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao has a reputation beyond repute Jakiao's Avatar
    Gil
    7,393,634.45
    Gender
    My Mood
    sunshine
    Mentioned
    31 Post(s)
    Tagged
    0 Thread(s)
    Latest Post
    02-01-2023 03:50 PM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Jul 2001
    Location
    Janesville, Wi
    Age
    37
    Threads
    140
    Posts
    3,110
    Rep Power
    1139

    Default Re: Your site's security SUCKS!

    For the record, SSL is enabled and forced as of this morning.
    I am Jakiao - The Resident Dw33b / Forum & Chat Admin
    [ Our Rules | Site FAQ ]

    Thinking about asking a question in Site Issues and Questions?
    Be sure to SEARCH FIRST before making a new thread. Chances are, someone already asked!

  6. Thanks RunnerNoah, FlashD thanked for this post
    Likes Samet Chan, Darkandiel, FlashD liked this post
  7. #4
    Senior Member Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel has a reputation beyond repute Darkandiel's Avatar
    Gil
    2,013.13
    Gender
    My Mood
    Bookworm
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    Latest Post
    06-04-2018 01:47 PM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Oct 2008
    Location
    In the wardrobe
    Age
    42
    Threads
    5
    Posts
    317
    Rep Power
    715

    Default Re: Your site's security SUCKS!

    LOL! This is so funny.

    While it's great that you pointed out this flaw... why the frick to you use the same password for a forum that you use for an email. Go change your email password right now. That's the dumbest thing I've ever heard. Forums are not the most secure thing on the internet and never will be. Neither is facebook or Twitter for example. They don't expect you to use the same password that would also be a gateway to your banking details. There's always the chance that someone will hack and download the entire database and upload your usernames and passwords to a malicious website for others to exploit. It's happened to me more than once on various sites, but I don't care because I have different sets of passwords.

    I have a different key for each important thing, then a number of throwaway passwords for forums and things.
    Last edited by Darkandiel; 07-19-2017 at 09:05 AM.

    Not taking sig requests at the moment - sorries


    My Extractions

  8. Likes Beetlewax liked this post
  9. #5
    Member Samet Chan is on a distinguished road Samet Chan's Avatar
    Gil
    2,176.41
    Gender
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Latest Post
    09-20-2019 06:40 PM
    User Info Thanks / Tagging Info Gifts / Achievements / Awards vBActivity Stats
    Join Date
    Jan 2016
    Location
    Kepler-186F
    Threads
    3
    Posts
    95
    Rep Power
    9
    Gamer IDs

    Gamertag: WindeningMoney Steam ID: SametChan

    Default Re: Your site's security SUCKS!

    Quote Originally Posted by Jakiao View Post
    For the record, SSL is enabled and forced as of this morning.
    Sounds good. They won't brute-force attack and Python to attack will be failed a loaded. This is supported now SSL (HTTPS - LTS) on CloudFlare for free.

    I'm happy now, AF was safe 100%

    I just got wife for AF Mascot Girl...



+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Similar Threads

  1. I swear this site's advertising hates me
    By Nora Kisaragi in forum Site Issues / Questions
    Replies: 0
    Last Post: 02-11-2011, 11:42 AM
  2. Replies: 1
    Last Post: 07-07-2010, 11:27 PM
  3. Site's running slow.
    By Cobra Commander in forum Site Issues / Questions
    Replies: 24
    Last Post: 11-05-2009, 08:57 PM
  4. school sucks home work sucks!!!
    By xssence in forum Miscellaneous Miscellany
    Replies: 61
    Last Post: 05-26-2007, 11:37 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts