TeaChat

That explains it all.

oh dear. I wouldn't be stealing Brandon's info, that guy owns a sword

Proinsias wrote:oh dear. I wouldn't be stealing Brandon's info, that guy owns a sword

Haha! Actually, a friend of mine has a pretty serious sword collection, but I am blade-less.

I believe the attack went something like this. The chat box is an iframe with a basic HTML form in it. It is written in such a way that the username and icon are passed, in clear text, as part of the URL of the iframe (the GET string).This has been abused in the past to impersonate users, and has been improved slightly to include a secret token - in theory, known only to yourself.

The 'attacker' was mostly interested in spamming the chat with a link to his store. Anyone, including myself, who clicked the link for amusement (the guy WAS quite amusing), showed up in the web log of the attacker with a Referrer indicating the URL of the Chat iframe, including the 'secret' token. He could now post as this person quite effortlessly.

Lesson 1: Don't click the links of a spammer, they might be more clever than you give them credit for.

Lesson 2: Don't secure a web session using text that is part of the URL.

Chip, no apology necessary, thanks for looking out.

I was wondering if something like this would happen, those IM's a notoriously easy to mess with. Still can't wait to have it back though.

Thanks for posting.

I too clicked on the link, moderator guinea pig. I immediately got a spyware alert/block. Perhaps this also prevented my name from being used. I sure antagonized "Brandon" and "Ed Krueger" and if they could, I suspect they would have used my ID as well.

To echo what Brandon mentioned, do not click on spammer or suspicious links on the IM ... or on the forum for that matter.

Yeah, TeaChat feels ... different w/o the IM.

If anyone is interested, I have a servicable 2 handed bastard sword available to deal with spammer/hackers. I have a katana as well, but more just for show.

Chip wrote:TeaChat feels ... different w/o the IM.

These are some of the faces I've pulled over the weekend when logging on.

BTW, I obviously "fully" banned the IM spammer member in question.

BTW II, he rejoined today, crafty little fellah. And this time spammed the forum. His links were not clickable due to spam prevention we have in place. However the links were there. His site is infected with spyware and who knows what else.

Which brings me again to this. Only click on links of members you recognize and trust. In the case of this spammer, I don't think anyone in their right mind would have clicked on such obvious spam ... so just use some common sense.

Zensuji wrote:

Chip wrote:TeaChat feels ... different w/o the IM.

These are some of the faces I've pulled over the weekend when logging on.

toki wrote:*sniff* IM *sniff*

Thanks chip.