| Author |
Topic: Display of where the Members & Visitors Are Located |
John Floyd
From:
R.I.P.
|
Posted 21 Jan 2010 10:09 am |
|
http://www.revolvermaps.com/
I would like to see this added to the SGF, be interesting to see Where the computers are that are on the forum. Its a nice graphic Display of where The Present and Past Visitors are located.
I've had it on the Dekley forum now for almost a week. Its also nice to see if there are any China Visitors, Since thats where the latest outbreak of viruses, Spyware and malware is coming from.
To see it working go to:
http://dekleyforum.com/
Look on the left side panel below the main memu. |
|
|
|
b0b
From:
Cloverdale, CA, USA
|
Posted 21 Jan 2010 10:33 am
|
|
Pretty cool. Wiz, do you see any security problem with code like this?
| Code: |
<script type="text/javascript" src="http://ja.revolvermaps.com/p.js"></script>
<script type="text/javascript">rm2d_ki101('8','256','128','0n48UNdYcyK','ff0000',0);</script> |
The function loads a Flash movie onto the page from their server.
_________________
-𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video |
|
|
|
Jon Moen
From:
Canada
|
Posted 21 Jan 2010 6:02 pm
|
|
| Bob, wouldn't it have to grab the IP addresses from your server? |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 21 Jan 2010 9:13 pm
|
|
| b0b wrote: |
Pretty cool. Wiz, do you see any security problem with code like this?
| Code: |
<script></script>
<script>rm2d_ki101('8','256','128','0n48UNdYcyK','ff0000',0);</script> |
The function loads a Flash movie onto the page from their server. |
Yeah, cross-site scripting issues. This needs a lot of investigating before you try to use someone else's Flash script and JavaScript includes.
Also, requiring membership and using my blocklists already keeps scamming Africans away from our forum. It would be trivial to send you my Chinese-Asian Blocklist, or any other blocklist I publish (Russian-Soviet, Exploited Servers, Lacnic). I now have all blocklists in iptables format, for direct use in your Linux APF rules.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Bo Borland
From:
South Jersey -
|
Posted 25 Jan 2010 4:22 am
|
|
| wow.. should we even be looking at that page? |
|
|
|
b0b
From:
Cloverdale, CA, USA
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 25 Jan 2010 12:02 pm
|
|
If you have a website and can read your raw access logs, you will be shocked by the number of exploit attacks sent to probe your server every day. Most are targeting third party web applications and Web 2.0 interactive programs. Unless one is prepared to vet every line of code, one should not run untrusted applications on their web server.
Even trusted applications are found to have vulnerabilities. Responsible vendors or consortiums will get to work and release patched updates when exploit code is revealed. Coppermine Gallery is so frequently targeted it would make your head spin. Wordpress is a big target, as is PHPbb. In fact, most of the commonly installed PHP web applications and admin panels have been targeted for specific upload vulnerabilities, over the past few years. Unless you, or your web host keeps their software fully up to date, as soon as updates are available, your site can be hacked and malware or links to malware will be installed, without your knowledge.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
