Notice: We request that you don't just set up a new account at this time if you are a previous user.
If you used to be one of our moderators, please feel free to reach out to Chris via the facebook Outerlimits4x4 group and he will get you set back up with access should he need you.
If you used to be one of our moderators, please feel free to reach out to Chris via the facebook Outerlimits4x4 group and he will get you set back up with access should he need you.
Recovery:If you cannot access your old email address and don't remember your password, please click here to log a change of email address so you can do a password reset.
poll security
Moderators: toaddog, TWISTY, V8Patrol, Moderators
poll security
Just wanted to prove a point and see if anyone can influence this poll.
After some discussion about how secure they can be.
I have had a quick look at how outerlimits board has the polls implemented and it looks to me like it is pretty good.
So vote for either yes or no and see if you can make the totals jump significantly.
P.S - Hope this is cool with the admins, if not feel free to delete it.
cheers
Z
After some discussion about how secure they can be.
I have had a quick look at how outerlimits board has the polls implemented and it looks to me like it is pretty good.
So vote for either yes or no and see if you can make the totals jump significantly.
P.S - Hope this is cool with the admins, if not feel free to delete it.
cheers
Z
a WHOPPING 19 votes so far
SO CMAWWWN
let me know, how do y'all intend to influence the voting and who is doing it cmawwn?
the 10 that voted yes....
and to be truly influenced im talking about over 1000 votes, none of this 8 votes crap. like 8 votes is gunna influence a poll STONERS!
SO CMAWWWN
let me know, how do y'all intend to influence the voting and who is doing it cmawwn?
the 10 that voted yes....
and to be truly influenced im talking about over 1000 votes, none of this 8 votes crap. like 8 votes is gunna influence a poll STONERS!
hands and mums dont count!!!
antt wrote:jeeze bj, you must be getting slack in your old age, i thought you would have booted this to chit-chat a looooooooong time ago
actually this thread is my baby, so i dont mind being hypocritical.
any OTHER posts not on about the poll, WILL BE REMOVED FORCEFULLY and a letter will be written to your mum
hands and mums dont count!!!
Carl wrote:Only one person has that sort of power.
That one person would be me.
Hmmm.
hey carl, out of curiosity do you think you could put it back to normal...
a couple of guys on here think they are pretty l337 and want to show thier SKILLZ BIOTCH3Z!!!!! anyways, yeah if you could put it back to normal or somewhere close, THEN we'd be sweet, and i dont want them to go ahh its done, i wont worry or some other lame excuse. I want to see if anyone (EXCLUDING ADMIN) can modify it DRAMATICALLY as in over 100,000 votes, none of this pansy, i have made 12 votes crapola 8)
hands and mums dont count!!!
So hows it going Bj ? Did carl put it up on both yes and no?
Just as a mtter of interest , one of my boys rekons it could probly be done but would mean creating a email nasty Eg: delivered by email to other putes - writes the site info and action to explorer then activates once only on internet access / I have no idea im old.
Just wondering of his black art .
Just as a mtter of interest , one of my boys rekons it could probly be done but would mean creating a email nasty Eg: delivered by email to other putes - writes the site info and action to explorer then activates once only on internet access / I have no idea im old.
Just wondering of his black art .
I've reset the votes to zero.
Everyone will be able to vote again as I cleared the register of people who have voted for this poll.
The server and database use the following method to prevent multiple votes.
User Name AND user IP. If more than a couple of votes comes from the same IP address, all votes from that IP will be removed.
Goold luck hackers. Knock yourselves out.
BJ - Tell them to bring it on.
Everyone else - I am the only person who can access the database directly. I have set up the firewall to only allow access to the db port from my IP address. That's all the hints you get.
Cheers,
Carl
Everyone will be able to vote again as I cleared the register of people who have voted for this poll.
The server and database use the following method to prevent multiple votes.
User Name AND user IP. If more than a couple of votes comes from the same IP address, all votes from that IP will be removed.
Goold luck hackers. Knock yourselves out.
BJ - Tell them to bring it on.
Everyone else - I am the only person who can access the database directly. I have set up the firewall to only allow access to the db port from my IP address. That's all the hints you get.
Cheers,
Carl
Carl wrote:I've reset the votes to zero.
Everyone will be able to vote again as I cleared the register of people who have voted for this poll.
The server and database use the following method to prevent multiple votes.
User Name AND user IP. If more than a couple of votes comes from the same IP address, all votes from that IP will be removed.
Goold luck hackers. Knock yourselves out.
BJ - Tell them to bring it on.
Everyone else - I am the only person who can access the database directly. I have set up the firewall to only allow access to the db port from my IP address. That's all the hints you get.
Cheers,
Carl
CHEERS DUDE.. YOU tha man...
lets see what these ricers have got
hands and mums dont count!!!
I guess that one way to do it would be to get on onother BB and get a heap of people over to vote for you.
But I think that a poll like this one would probably stop most of them because to vote they would have to firstly have a look over here. Try to vote - realise that they have to register. Do the registration thing - get the emailed password - come back - logon - and then finally vote. I dont think that many people from another bulliten board would be bothered doing this much work for somebody that they dont know.
If the tuff truck was going to do the internet voting then they would be best using a complicated, time consuming setup where you have to register, get an email, login (maybe do the email thing a couple of times) before you can finally vote.
Something like this would stop a lot of people voting just because it was posted on another BB.
Sam
But I think that a poll like this one would probably stop most of them because to vote they would have to firstly have a look over here. Try to vote - realise that they have to register. Do the registration thing - get the emailed password - come back - logon - and then finally vote. I dont think that many people from another bulliten board would be bothered doing this much work for somebody that they dont know.
If the tuff truck was going to do the internet voting then they would be best using a complicated, time consuming setup where you have to register, get an email, login (maybe do the email thing a couple of times) before you can finally vote.
Something like this would stop a lot of people voting just because it was posted on another BB.
Sam
Strange Rover wrote:I guess that one way to do it would be to get on onother BB and get a heap of people over to vote for you.
But I think that a poll like this one would probably stop most of them because to vote they would have to firstly have a look over here. Try to vote - realise that they have to register. Do the registration thing - get the emailed password - come back - logon - and then finally vote. I dont think that many people from another bulliten board would be bothered doing this much work for somebody that they dont know.
If the tuff truck was going to do the internet voting then they would be best using a complicated, time consuming setup where you have to register, get an email, login (maybe do the email thing a couple of times) before you can finally vote.
Something like this would stop a lot of people voting just because it was posted on another BB.
Sam
EXACTLY!!! plus it is fairly secure on here!
hands and mums dont count!!!
Carl wrote:I've reset the votes to zero.
Everyone will be able to vote again as I cleared the register of people who have voted for this poll.
The server and database use the following method to prevent multiple votes.
User Name AND user IP. If more than a couple of votes comes from the same IP address, all votes from that IP will be removed.
Goold luck hackers. Knock yourselves out.
BJ - Tell them to bring it on.
Everyone else - I am the only person who can access the database directly. I have set up the firewall to only allow access to the db port from my IP address. That's all the hints you get.
Cheers,
Carl
Would that happen to be: 2**.*9.69.73
I just put the *'s there to not give away the whole address
Also some more of a hint on how the poll works:
POST /PHP_Modules/phpBB2/posting.php?t=3274 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows XP) Opera 7.0 [en]
Host: www.outerlimits4x4.com
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en
Accept-Charset: windows-1252, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1
Referer: http://www.outerlimits4x4.com/PHP_Modul ... php?t=3274
Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%225d2ef0ce101623cc9eab40afba534eb1%22%3Bs%3A6%3A%22userid%22%3Bi%3A180%3B%7D; phpbb2mysql_sid=e64a8d13fd4283b0656485902fbe5ec8; phpbb2mysql_t=a%3A14%3A%7Bi%3A3292%3Biblahblahblah
Cookie2: $Version="1"
Proxy-Connection: close
Content-type: application/x-www-form-urlencoded
Content-length: 52
vote_id=1&submit=Submit+Vote&topic_id=3274&mode=vote
Carl wrote:If your refering to my IP addres your not even close.
I doubt that the extract from your browser's post will help you much in fooling the system.
Cheers,
Carl
There was a vulnerability in this php board that obfuscated the IP address of the poster in the first few hex bytes of the address of their avatar image. All you needed to do was convert from hex to decimal and you had a posters id. Maybe that isn't working then, or you posted it from a proxy or something.
The outlimites BB itself looks pretty secure to me.
It is vulnerably to a XSS attacking that could be used to get all the members logins and emails, but is fairly complex for the results returned.
The poll is secure - but the underlying web server is not.
Anyways:
SSH-1.99-OpenSSH_3.1p1.
see here for the exploit - http://www.openssh.org/txt/preauth.adv,
Sendmail 8.11.6/8.11.6; Fri, 4 Apr 2003 08:52:09 +1000.. http://www.auscert.org.au/render.html?it=2815&cid=1
You probably are not too concerned as it is only a web server for the 4x4 forum, but who knows. Thought I would say so as I had been looking at the poll.
Who is online
Users browsing this forum: No registered users and 24 guests