Former Member
inherit
guest@proboards.com
242523
0
Apr 26, 2024 14:22:19 GMT -8
Former Member
0
January 1970
Former Member
|
Post by Former Member on Aug 13, 2019 13:25:14 GMT -8
Forum URL: imdb2.freeforums.net/Hi. Several members have contacted me about this thread: imdb2.freeforums.net/thread/182317There are 20 likes on the OP of that thread, but more than one of the members who are listed as having liked that post deny doing it, despite it showing in their activity log as well. Can someone look into this, please? Thanks. -John
|
|
Former Member
inherit
guest@proboards.com
256583
0
Apr 26, 2024 14:22:19 GMT -8
Former Member
0
January 1970
Former Member
|
Post by Former Member on Aug 13, 2019 13:27:43 GMT -8
Can you share the username of the members who are experiencing this issue?
|
|
Former Member
inherit
guest@proboards.com
242523
0
Apr 26, 2024 14:22:19 GMT -8
Former Member
0
January 1970
Former Member
|
Post by Former Member on Aug 13, 2019 13:31:26 GMT -8
Can you share the username of the members who are experiencing this issue? So far, I've heard from these two: imdb2.freeforums.net/user/2848imdb2.freeforums.net/user/1411I have not tried contacting the other 18 yet, but knowing my members and my forum, it's highly unusual. The thread itself is suspect, given all the "thanks" the OP is posting. Something isn't right there.
|
|
#e61919
Support Manager
154778
0
1
Apr 22, 2024 12:15:24 GMT -8
Michael
19,550
May 2010
wiseowl
|
Post by Michael on Aug 13, 2019 13:35:39 GMT -8
Hi,
If a like is showing on the post then that means the user liked the post, intentionally or unintentionally.
|
|
Former Member
inherit
guest@proboards.com
242523
0
Apr 26, 2024 14:22:19 GMT -8
Former Member
0
January 1970
Former Member
|
Post by Former Member on Aug 13, 2019 13:40:43 GMT -8
Hi, If a like is showing on the post then that means the user liked the post, intentionally or unintentionally. I have no reason to believe 20 people accidentally liked the same post, and the two who contacted me about it are reliable members. At any rate, it seems it was a false alarm. Shortly after starting this thread, I received this PM from my "tech support" guy: Mystery solved. I'm sorry to have brought this up here, but I appreciate your swift attention.
|
|
inherit
249312
0
Nov 2, 2018 14:34:00 GMT -8
bartlesby
110
September 2017
bartlesby
|
Post by bartlesby on Aug 13, 2019 13:43:15 GMT -8
Hello guys.
There's been no breach of security. I have access to the scripting and plugins on Jcarter's site. The reason for the likes was a script I was testing and then removed. I neglected to inform him, for which I apologize. I hadn't expected anybody to suspect a breach in security.
|
|
#e61919
Support Manager
154778
0
1
Apr 22, 2024 12:15:24 GMT -8
Michael
19,550
May 2010
wiseowl
|
Post by Michael on Aug 13, 2019 13:53:04 GMT -8
As a suggestion you may want to consider testing on a dedicated testing forum instead of a live forum. Remember forums are free on ProBoards
|
|
inherit
2671
0
May 14, 2013 14:40:03 GMT -8
Peter
🐺
10,615
February 2002
peter3
|
Post by Peter on Aug 13, 2019 18:05:27 GMT -8
jcarter Out of curiosity, I took a quick glance over the custom JavaScript that has been done and discovered a serious XSS vulnerability in some custom JavaScript done specifically for your forum. Just to make this clear. This vulnerability is not part of the ProBoards software, but a 3rd party JavaScript wrote by you or your dev. Obviously disclosing this in public isn't a good idea for your forum, so please contact me if you wish and I'll be happy to provide the information with proof of concept.
|
|
Former Member
inherit
guest@proboards.com
242523
0
Apr 26, 2024 14:22:19 GMT -8
Former Member
0
January 1970
Former Member
|
Post by Former Member on Aug 13, 2019 18:07:55 GMT -8
jcarter Out of curiosity, I took a quick glance over the custom JavaScript that has been done and discovered a serious XSS vulnerability in some custom JavaScript done specifically for your forum. Just to make this clear. This vulnerability is not part of the ProBoards software, but a 3rd party JavaScript wrote by you or your dev. Obviously disclosing this in public isn't a good idea for your forum, so please contact me if you wish and I'll be happy to provide the information with proof of concept. Thanks. bartlesby
|
|
inherit
2671
0
May 14, 2013 14:40:03 GMT -8
Peter
🐺
10,615
February 2002
peter3
|
Post by Peter on Aug 19, 2019 4:32:58 GMT -8
jcarter, Just letting you know there has been no communication between yourself or the person you tagged, and I'm not going to go out of my way to make contact. This really should have been sorted the day I posted. I understand people get busy, but tagging someone in the hopes they see it is not a good way to solve the issue. The only reason I am updating you here is because your forum is pretty active, and your members will be the victims. The chances of someone finding it might be near zero, but why take the risk when it has been reported? The vulnerability was not difficult to find, and I'm not a security specialist. So if I found it, am sure someone with some motivation could also find it. It's disappointing when things like this are ignored / passed along and not took serious. Whereas at the end of the day this could effect your whole forum.
|
|
Former Member
inherit
guest@proboards.com
242523
0
Apr 26, 2024 14:22:19 GMT -8
Former Member
0
January 1970
Former Member
|
Post by Former Member on Aug 19, 2019 13:32:02 GMT -8
jcarter, Just letting you know there has been no communication between yourself or the person you tagged, and I'm not going to go out of my way to make contact. This really should have been sorted the day I posted. I understand people get busy, but tagging someone in the hopes they see it is not a good way to solve the issue. The only reason I am updating you here is because your forum is pretty active, and your members will be the victims. The chances of someone finding it might be near zero, but why take the risk when it has been reported? The vulnerability was not difficult to find, and I'm not a security specialist. So if I found it, am sure someone with some motivation could also find it. It's disappointing when things like this are ignored / passed along and not took serious. Whereas at the end of the day this could effect your whole forum. I had forgotten about this. Thanks for the reminder. Your assistance in this matter is greatly appreciated. Please PM the details of the vulnerability to me and we'll get it patched up. Thank you, Peter. -John
|
|
#e61919
Support Manager
154778
0
1
Apr 22, 2024 12:15:24 GMT -8
Michael
19,550
May 2010
wiseowl
|
Post by Michael on Aug 19, 2019 13:40:06 GMT -8
jcarter , Just letting you know there has been no communication between yourself or the person you tagged, and I'm not going to go out of my way to make contact. This really should have been sorted the day I posted. I understand people get busy, but tagging someone in the hopes they see it is not a good way to solve the issue. The only reason I am updating you here is because your forum is pretty active, and your members will be the victims. The chances of someone finding it might be near zero, but why take the risk when it has been reported? The vulnerability was not difficult to find, and I'm not a security specialist. So if I found it, am sure someone with some motivation could also find it. It's disappointing when things like this are ignored / passed along and not took serious. Whereas at the end of the day this could effect your whole forum. I had forgotten about this. Thanks for the reminder. Your assistance in this matter is greatly appreciated. Please PM the details of the vulnerability to me and we'll get it patched up. Thank you, Peter . -John You should probably PM him yourself. Please see that this is taken care of promptly.
|
|
Former Member
inherit
guest@proboards.com
242523
0
Apr 26, 2024 14:22:19 GMT -8
Former Member
0
January 1970
Former Member
|
Post by Former Member on Aug 19, 2019 14:15:47 GMT -8
I had forgotten about this. Thanks for the reminder. Your assistance in this matter is greatly appreciated. Please PM the details of the vulnerability to me and we'll get it patched up. Thank you, Peter . -John You should probably PM him yourself. Please see that this is taken care of promptly. Done. Thanks.
|
|