Notice: We request that you don't just set up a new account at this time if you are a previous user.
If you used to be one of our moderators, please feel free to reach out to Chris via the facebook Outerlimits4x4 group and he will get you set back up with access should he need you.
Recovery:If you cannot access your old email address and don't remember your password, please click here to log a change of email address so you can do a password reset.

poll security

General Tech Talk

Moderators: toaddog, TWISTY, V8Patrol, Moderators

can you influence this poll in a big way?


yes
18
50%
no
18
50%
 
Total votes: 36

Posts: 571
Joined: Tue Nov 19, 2002 3:56 pm
Location: New York

poll security

Post by zzzz »

Just wanted to prove a point and see if anyone can influence this poll.
After some discussion about how secure they can be.

I have had a quick look at how outerlimits board has the polls implemented and it looks to me like it is pretty good. :D

So vote for either yes or no and see if you can make the totals jump significantly.

:)

P.S - Hope this is cool with the admins, if not feel free to delete it.

cheers

Z
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

there you go i made no = 100% :lol: by being the first and only vote so far

without the admins adjusting it, cause we know they will be fair.

so cmawwn... try it out ;)
hands and mums dont count!!!
Posts: 2979
Joined: Mon Feb 24, 2003 7:03 pm
Location: Melbourne

Post by robbie »

unless you have access to the database in phpbb, then you can't change the way you vote ..

from what I have seen when I used to run it
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

a WHOPPING 19 votes so far

SO CMAWWWN

let me know, how do y'all intend to influence the voting and who is doing it cmawwn?

the 10 that voted yes....

and to be truly influenced im talking about over 1000 votes, none of this 8 votes crap. like 8 votes is gunna influence a poll :lol: :roll: STONERS!
hands and mums dont count!!!
Posts: 571
Joined: Tue Nov 19, 2002 3:56 pm
Location: New York

Post by zzzz »

Someone has managed it - and if it isn't the admins then that is pretty cool :)

If it is one of the admins then it is lame :D

So, fess up if you were the one...
Posts: 402
Joined: Sun Oct 20, 2002 3:55 pm
Location: Changing Nappies Round 2.

Post by The Master »

Only one person has that sort of power.

That one person would be me. :lol:

Hmmm.
Posts: 3614
Joined: Sat Nov 02, 2002 9:02 am
Location: Gold Coast

Post by 83 lux »

Carl wrote:Only one person has that sort of power.

That one person would be me. :lol:

Hmmm.


Nice work
HOOLAY Wish i could buy boggers for my DH bike
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

Carl wrote:Only one person has that sort of power.

That one person would be me. :lol:

Hmmm.



AWWW i said the admins shouldnt CHEAT!!

BUT i wanna see spice change it so CMAWWWN

nobody but carl and he is god on the site!!

so someone else?

anybody?
hands and mums dont count!!!
Posts: 2979
Joined: Mon Feb 24, 2003 7:03 pm
Location: Melbourne

Post by robbie »

bj: no one can do it - they are sh!t talkers ;)

its coded well
Posts: 9393
Joined: Tue Oct 29, 2002 11:51 am
Location: Brisbane

Post by antt »

hmmm, someone seems to have voted more than once 8) :finger:
Posts: 9393
Joined: Tue Oct 29, 2002 11:51 am
Location: Brisbane

Post by antt »

jeeze bj, you must be getting slack in your old age, i thought you would have booted this to chit-chat a looooooooong time ago :finger:
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

antt wrote:jeeze bj, you must be getting slack in your old age, i thought you would have booted this to chit-chat a looooooooong time ago :finger:


actually this thread is my baby, so i dont mind being hypocritical.

any OTHER posts not on about the poll, WILL BE REMOVED FORCEFULLY and a letter will be written to your mum :finger:
hands and mums dont count!!!
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

Carl wrote:Only one person has that sort of power.

That one person would be me. :lol:

Hmmm.


hey carl, out of curiosity do you think you could put it back to normal...

a couple of guys on here think they are pretty l337 and want to show thier SKILLZ BIOTCH3Z!!!!! anyways, yeah if you could put it back to normal or somewhere close, THEN we'd be sweet, and i dont want them to go ahh its done, i wont worry or some other lame excuse. I want to see if anyone (EXCLUDING ADMIN) can modify it DRAMATICALLY as in over 100,000 votes, none of this pansy, i have made 12 votes crapola :lol: :roll: :finger: :D 8)
hands and mums dont count!!!
Posts: 9393
Joined: Tue Oct 29, 2002 11:51 am
Location: Brisbane

Post by antt »

i'll just sign up 100,000 user names :finger:
Posts: 16934
Joined: Sun Oct 20, 2002 6:57 pm

Post by RUFF »

It wasnt me i only just got home from work :shock: :shock:
Posts: 3443
Joined: Tue Oct 29, 2002 10:50 pm
Location: Currently On the Road !!

Post by Dozoor »

So hows it going Bj ? Did carl put it up on both yes and no?
Just as a mtter of interest , one of my boys rekons it could probly be done but would mean creating a email nasty Eg: delivered by email to other putes - writes the site info and action to explorer then activates once only on internet access / I have no idea im old. :roll:
Just wondering of his black art . :shock:
Posts: 5462
Joined: Fri Dec 20, 2002 1:29 pm
Location: Boomba

damn

Post by WICKED »

i did not think i would make the difference.................... :(

life is cool and shyt happens
Posts: 402
Joined: Sun Oct 20, 2002 3:55 pm
Location: Changing Nappies Round 2.

Post by The Master »

I've reset the votes to zero.

Everyone will be able to vote again as I cleared the register of people who have voted for this poll.

The server and database use the following method to prevent multiple votes.

User Name AND user IP. If more than a couple of votes comes from the same IP address, all votes from that IP will be removed.

Goold luck hackers. :finger: Knock yourselves out.

BJ - Tell them to bring it on. :P

Everyone else - I am the only person who can access the database directly. I have set up the firewall to only allow access to the db port from my IP address. That's all the hints you get.

Cheers,

Carl :twisted:
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

Carl wrote:I've reset the votes to zero.

Everyone will be able to vote again as I cleared the register of people who have voted for this poll.

The server and database use the following method to prevent multiple votes.

User Name AND user IP. If more than a couple of votes comes from the same IP address, all votes from that IP will be removed.

Goold luck hackers. :finger: Knock yourselves out.

BJ - Tell them to bring it on. :P

Everyone else - I am the only person who can access the database directly. I have set up the firewall to only allow access to the db port from my IP address. That's all the hints you get.

Cheers,

Carl :twisted:


CHEERS DUDE.. YOU tha man...

lets see what these ricers have got :twisted:
hands and mums dont count!!!
Posts: 1813
Joined: Sun Oct 20, 2002 3:31 pm

Post by Strange Rover »

I guess that one way to do it would be to get on onother BB and get a heap of people over to vote for you.

But I think that a poll like this one would probably stop most of them because to vote they would have to firstly have a look over here. Try to vote - realise that they have to register. Do the registration thing - get the emailed password - come back - logon - and then finally vote. I dont think that many people from another bulliten board would be bothered doing this much work for somebody that they dont know.

If the tuff truck was going to do the internet voting then they would be best using a complicated, time consuming setup where you have to register, get an email, login (maybe do the email thing a couple of times) before you can finally vote.

Something like this would stop a lot of people voting just because it was posted on another BB.

Sam
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

Strange Rover wrote:I guess that one way to do it would be to get on onother BB and get a heap of people over to vote for you.

But I think that a poll like this one would probably stop most of them because to vote they would have to firstly have a look over here. Try to vote - realise that they have to register. Do the registration thing - get the emailed password - come back - logon - and then finally vote. I dont think that many people from another bulliten board would be bothered doing this much work for somebody that they dont know.

If the tuff truck was going to do the internet voting then they would be best using a complicated, time consuming setup where you have to register, get an email, login (maybe do the email thing a couple of times) before you can finally vote.

Something like this would stop a lot of people voting just because it was posted on another BB.

Sam


EXACTLY!!! plus it is fairly secure on here!
hands and mums dont count!!!
Posts: 571
Joined: Tue Nov 19, 2002 3:56 pm
Location: New York

Post by zzzz »

Carl wrote:I've reset the votes to zero.

Everyone will be able to vote again as I cleared the register of people who have voted for this poll.

The server and database use the following method to prevent multiple votes.

User Name AND user IP. If more than a couple of votes comes from the same IP address, all votes from that IP will be removed.

Goold luck hackers. :finger: Knock yourselves out.

BJ - Tell them to bring it on. :P

Everyone else - I am the only person who can access the database directly. I have set up the firewall to only allow access to the db port from my IP address. That's all the hints you get.

Cheers,

Carl :twisted:


Would that happen to be: 2**.*9.69.73
I just put the *'s there to not give away the whole address

Also some more of a hint on how the poll works:

POST /PHP_Modules/phpBB2/posting.php?t=3274 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows XP) Opera 7.0 [en]
Host: www.outerlimits4x4.com
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en
Accept-Charset: windows-1252, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1
Referer: http://www.outerlimits4x4.com/PHP_Modul ... php?t=3274
Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%225d2ef0ce101623cc9eab40afba534eb1%22%3Bs%3A6%3A%22userid%22%3Bi%3A180%3B%7D; phpbb2mysql_sid=e64a8d13fd4283b0656485902fbe5ec8; phpbb2mysql_t=a%3A14%3A%7Bi%3A3292%3Biblahblahblah
Cookie2: $Version="1"
Proxy-Connection: close
Content-type: application/x-www-form-urlencoded
Content-length: 52

vote_id=1&submit=Submit+Vote&topic_id=3274&mode=vote
Posts: 402
Joined: Sun Oct 20, 2002 3:55 pm
Location: Changing Nappies Round 2.

Post by The Master »

If your refering to my IP addres your not even close.

I doubt that the extract from your browser's post will help you much in fooling the system.

Cheers,

Carl
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

Carl wrote:If your refering to my IP addres your not even close.

I doubt that the extract from your browser's post will help you much in fooling the system.

Cheers,

Carl


ROFLMAO
hands and mums dont count!!!
Posts: 9393
Joined: Tue Oct 29, 2002 11:51 am
Location: Brisbane

Post by antt »

hmmmmmmmmmmm, no change yet :roll:

where's all these so called 1337 H4x0r5?????
Posts: 952
Joined: Mon Oct 21, 2002 8:49 am
Location: KILL - SCYTH

Post by 80diesel4play »

This is definitely appealing to all the IT geeks

Explains why I'm posting.... :splat:
80 Series Turbo - the Toy car...
XR6 Turbo - the work car...
XW wagon - the dogs car...
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

I see 9 leet haxxors that are all talk
hands and mums dont count!!!
Posts: 571
Joined: Tue Nov 19, 2002 3:56 pm
Location: New York

Post by zzzz »

Carl wrote:If your refering to my IP addres your not even close.

I doubt that the extract from your browser's post will help you much in fooling the system.

Cheers,

Carl


There was a vulnerability in this php board that obfuscated the IP address of the poster in the first few hex bytes of the address of their avatar image. All you needed to do was convert from hex to decimal and you had a posters id. Maybe that isn't working then, or you posted it from a proxy or something.

The outlimites BB itself looks pretty secure to me.
It is vulnerably to a XSS attacking that could be used to get all the members logins and emails, but is fairly complex for the results returned.

The poll is secure - but the underlying web server is not.

Anyways:

SSH-1.99-OpenSSH_3.1p1.
see here for the exploit - http://www.openssh.org/txt/preauth.adv,

Sendmail 8.11.6/8.11.6; Fri, 4 Apr 2003 08:52:09 +1000.. http://www.auscert.org.au/render.html?it=2815&cid=1

You probably are not too concerned as it is only a web server for the 4x4 forum, but who knows. Thought I would say so as I had been looking at the poll. :D
Posts: 402
Joined: Sun Oct 20, 2002 3:55 pm
Location: Changing Nappies Round 2.

Post by The Master »

Sorry boys, but the server is secure.

Remember the 40 min outage last Monday?

That was for all the latest patches to be installed.

That included SSH and Sendmail.

We also run CHROOT and a very strong firewall / set of iptables rules.

Cheers,

Carl
Posts: 15549
Joined: Tue Oct 22, 2002 9:23 am
Location: Your Mummas House!

Post by bj on roids »

12 people have said they can hack it!

CMAWWWN
hands and mums dont count!!!
Post Reply

Who is online

Users browsing this forum: No registered users and 107 guests