Login

Silverthorn · 04-26-2013, 03:17 PM

I have looked at the code that deals with avatar-uploading. Basically, it goes like this:

Upload to LFE
- Let a user specify an image-file to upload it
- Transfer and store the file on the server (if necessary, replace the old one with the new)
- Perform a few calculations (especially image size so that it'll be displayed correctly all over the place and auto-resize / throw an error in case the dimensions are larger than acceptable)
- Update the respective entry in the database
Use an external host
- Follow the link specified
- Because of security-reasons, PHP cannot get image-data from a non-local place. Hence, download it and run the same calculations as in local mode
- Update database-entry and delete the downloaded copy from the local server

You probably see the problem: either way requires write-permissions. The verification-process is, according to my understanding, impossible to do remotely. And even if there was a way, that'd require me to edit the PHP-files. Which I can't. WHICH NOBODY CAN! TEH APOCALYPSE!!

YinYin · 05-15-2013, 04:20 PM

Okay now that the 403 is getting more frequent and I suspect it is still some ddos disguised as a crawler I asked my own webhost how they deal with this kind of stuff.
First of all they have scripts running that auto ban IPs upon huge request amounts. I can only hope LFEs webhost has that too or else you should really consider paying someone else for this in case you can. If you somehow cannot get out of the contract or anything we seriously need to set up our own scripts to catch this stuff. Cause it's a real shame if you have to pay for nothing.

AmadisLFE · 05-27-2013, 03:36 AM

LFE needs a better antivirus system in think so that it cannot be hacked

MH-Razen · 05-27-2013, 08:40 AM

it doesnt need a better antivirus, it needs a softwareupdate. Problem is neither BluePhoenix or me got the time to rebuild the mainsite.

Everybody with suggestions for that problem is welcome.

YinYin · 05-27-2013, 11:29 AM

Host the mainsite elsewhere so the forum doesn't go down because of it.

AmadisLFE · (This post was last modified: 06-01-2013, 10:10 AM by AmadisLFE.)

yeah well but if we cant stop LFE from being hacked then LFE will do unknown errors right

Edit:
well Simoneon's name was marked on may 22 why

Electric2Shock · 06-01-2013, 12:38 PM

(05-27-2013, 03:36 AM)Amadis Wrote: LFE needs a better antivirus system in think so that it cannot be hacked

Viruses do not hack web hosts.

Gespenst · (This post was last modified: 06-01-2013, 12:56 PM by Gespenst.)

(05-27-2013, 08:40 AM)MH-Razen Wrote: Everybody with suggestions for that problem is welcome.

i suggest if you or bp dont have time, ask other lfe mods or admins who knows knows about this web rebuild thing and make them available to make it, Also you need person who have time and that person must be honest with no bad influence to lfe.

Som1Lse · (This post was last modified: 06-01-2013, 01:02 PM by Som1Lse.)

(06-01-2013, 12:38 PM)Electric Shock Wrote: Viruses do not hack web hosts.

As a matter of fact they can.
Say a computer gets infected with a virus that checks a server for instructions.
It might be instructed to keep connecting to a web server and thus overloading it.
That is the basic premise behind a bot net, that are a major player in DDoS attacks.
You are however right that it is not LFE that needs the antivirus software, but the computer that gets infected.

Gespenst · 06-01-2013, 01:18 PM

Indeed virus can affect almost everything. If not straight to to they can go around.
What if lfe could get replacement, like use other forum before lfe will be fixed?
Use lf2 official forum.

Login
Username:
Password:	Lost Password?
	Remember me