Forums go BOOM
April 11, 2011 5 Comments
Yeah, EVE’s new shiny went tits-up.
The problem was actually pretty severe, and provided a pretty big hole for people to use. At the core of the issue, the forums were essentially letting users inject HTML, Java, CSS, and maybe even more browser-read code into their signature blocks. Doing this, with a combination of some cookie editing, was able to let savvy internet-users post as anyone they wanted, including moderators, and to actual alter the way any thread on the forum looked.
I’m pretty sure that somewhere, it’s an important rule to not let the user screw with your product. Especially in live, shared environment.
Seems like it was a bad-weekend all around for the games I play this weekend, as LoL was facing bad lag and temperamental up-times itself. Oh well, it gave me time to do that yard-work.
About Shadow
Shadow-war 
Ahhh…yardwork. Still waiting for the remaining snow to melt and then the ground-water level to recede so the 4″ or so of H20 on my lawn will go away 🙂
You’re in the one place where it’s not hot then. I’m in Florida, it was near 90 with 40% humidity. My parents are in Wisconsin, it was in the high 80’s.
I envy your freedom from your own personal green monster.
Oh, so these yard things actually need tending?
It’s a mild 20ºC around here. There’s no snow to thaw, 44% humidity. But I look at my back yard and everything is as it ever was. It’s like it’s frozen in time. How does one tend these things then?
I confess, I know nothing of programming languages. I do know I’ve always disliked big signatures. What ever is the point? Why aren’t Avatars and screen names enough? Maybe it’s because I don’t have a peen, I don’t get this manner of epeen. If I read you correctly the signatures were the main reason for the meltdown. Seems that, in trying to please the egos of everyone they dug their own graves. I say signature blocks should go the way of midi and “Under Construction” banners.
But that’s just me.
To put it in your crazy temperature scale, it was 32 degrees C here. I don’t care if the internet is international, this is AMURICAH!
It is sort of a result of the signature thing, but more than anything, it’s a result of poor QC in coding, and a lack of listening to the testers, because this flaw was found and reported in the BETA of the forums. This was a zero-hour exploit. Signatures aren’t all bad, I include a link to my blog in almost every forum I frequent, and it’s a great way to build a personal touch with any community.
For instance on WHA forums (when I frequented them), someone made a comment about me that I found hilarious, so I included it in my sig. The comment was:
“Not [Shadow-war], I am convinced after reading his cold remorseless posts about doggies, his refined merciless views in general, and finally his lack of any sort of online rage that he is either a murderer or a republican.”
Eh, kind of the same deal here, my general lack of interest in WAR of late, combined with the beautiful 50-something F temperatures here (shut up… this is New England, 50 is AWESOME after the winter…) also resulted in my being outside. Glad you enjoyed it!
But regarding the bug… yeah… anyone who runs a forum should clearly have seen THAT one coming, from miles away. It begs for abuse more than a masochist with an inferiority complex.