New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Feedback & Suggestions
This discussion has been closed.
Comments
Yeah mail seems to be an issue again.
Not getting any mails anymore from LET, since about 14:00 GMT June 2nd, 2014.
Instead of:
>
Can we go back to the old "This thread cannot be found" ?
Well I'm pretty sure they keep the thread and just hide it now. So we actually don't have permission to do that.
That makes sense.
So, here's some first-hand feedback:
When you're banned, there's no way to tell you're banned; except to find one of your posts, and examine that your avatar is now a "no" symbol. Someone who didn't know what this means, would have literally no way of knowing they were banned.
What being banned currently does:
What being banned currently does not do [ which is misleading ] :
Perhaps, at the very least, it should send one email with the "You were banned for XY" where either X and/or Y would be set, where X = reason for ban, and Y = time in which the ban would be lifted [ if ever ]. Most forum software will send this email, and often show you a more meaningful message when you attempt to sign in.
@GoodHosting: you always receive a PM (which results in an e-mail) if you are banned. If you did not, let me know and I'll ask the person that banned you to send one in the future.
@mpkossen, do you get my PM?
I'd love to see some kind of a system implemented that'd check if members are actually using an image when using the image tag.
See this post for example: lowendtalk.com/discussion/comment/566551/#Comment_566551
He used the image tag to make the viewer's browser visit the sites of Namecheap, HostGator, DigitalOcean and NameSilo under his referral link, registering a referral cookie on the viewer's browser so that if/when they register on any of those sites, they'll be registered under his referral.
This is clever use of the tag but still very abusive, especially when given the fact that the post is located on the first page of one of the most active threads right now.
I dont see it in the source or on the page.
Oh?
That's just a side-effect of allowing HTML, and the HTML being allowed is very very very nice frankly. I think it's just one of those things that might need to be moderated, not coded out; or else it'll make it pretty hard to do some of the nicer styling stuff that makes guides / tutorials much easier to read.
And as I suggested, just make sure that the image tag is actually used for images and nothing else (check the content type header or something.)
I can think of a lot of ways off the top of my head to get around that, such as having a custom link like http://example.com/?http://mybadwebsite.com/?r=12345 ; wherein I served a picture of a bowl of Jello to all ranges of IPs owned by LowEndTalk, but served the proper URL to anyone else...
Etc.
Sure, and even in your example what you are doing is showing an actual image which is exactly what the image tag is for, unlike in the post I linked to earlier.
Yeah. that definitly is dirty. good find.
iFrame Test
Image Test
Frame Test
onEvent Test (mouse over these)
1
2
Evil Error Clause
Evil image source
Evil Base64 Source
I couldn't add the below in the same post, or CloudFlare flagged the entire post; but the above were sourced from OWASP. If you see Google or any are not dead links / broken images, then that's bad.
They all show dead / broken to me though, so looks like Vanilla filtered them all.
I've commented out the code in that post so it shouldn't impact anyone else, but it's still there to review.
we should just report him at the ref urls he was been hiddenly spreading. i doubt that it is allowed.
Yea that would be a good idea.
damn, i was thinking of doing the same. that's one reason why forums have evolved to generally not include raw HTML in posts.
Really Fancy Heading
But without HTML I can't do fancy things like this.
Which reminds me, can we have a thread that's not listed on the homepage ( and not indexed ) but we won't get into trouble testing out HTML on? I don't want to screw up anyone's existing threads, but I wanted to test a few layout options for my upcoming tutorial series.
Things like that blue.png workaround, since you can't use the HTML style tag; it seems to work on most browsers, but it's still a pretty big workaround all in all. I'd like to have the buttons CSS3 animations respected as well, but need to do more testing to get around the lack of .hover annotation.
I believe I replied? If not, please reply in the PM and I will :-)
Anybody I find with a signature that writes cookies, has tracking pixels in it, or any other weird stuff will immediately loose it and be put in the naughty group.
Great that you keep an eye out for this but by the time that you spot someone he already made a ton of refferal "clicks" without anyone's consent.
Perhaps you could do a image check in the signatures, like.. that every signature using the img tags gets scanned if the url actually ends with an image extension, that would be a simple way of fixing it.
Again, there are lots of ways around that too. Such as URLs like: http://example.com/forward.php/lolapicture.png That, without any special .htaccess or anything; will go to the PHP file; so it's not as if it's hard.
Maybe just permanently banning anyone who attempts anything like this should do the trick.
Yea you're right. in that case @rds100 's idea would be the best and most effective solution. people would think twice b4 risking their account.