• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Possible Script Expliot

redfoxnudetoons

Banned
Banned
Well.... This doesn't look to good....

Over the course of the weekend @ MFF I noticed a pile of adds for a new firefox addon, that resembles the one that made FA unstable a few years back that allowed 9999 thumbnails per page. This new one is about as bad, may be worse, and is actually up and running already with 10,542 downloads as of this second.
 
Last edited:

Vibration

New Member
Well.... This doesn't look to good....

Over the course of the weekend @ MFF I noticed a pile of adds for a new firefox, much like the one that made FA unstable a few years back that allowed 9999 thumbnails per page. This new one is about as bad, may be worse, and is actually up and running already with 10,542 downloads as of this second.

Sorry, I'm rather confused here. Advertisements for a new version of Firefox are causing instability in FA? If there's a new version of Firefox, I don't think you can prevent people from downloading it. Or are you talking about downloading the ads?

Is this an XSS type exploit or something? Could you please provide more information so that, in the interim while FA admins address the problem, that we end users can take care of safety accordingly (i.e. disable javascript if necessary, etc.)?
 

Aurali

Banned
Banned
Sorry, I'm rather confused here. Advertisements for a new version of Firefox are causing instability in FA? If there's a new version of Firefox, I don't think you can prevent people from downloading it. Or are you talking about downloading the ads?

Is this an XSS type exploit or something? Could you please provide more information so that, in the interim while FA admins address the problem, that we end users can take care of safety accordingly (i.e. disable javascript if necessary, etc.)?

I would advice against too much information... if it really is an exploit. Giving too much information will give someone the opportunity to attack the site. As said before, make sure to contact Yak, Dragoneer, or Tsawolf...
 

Vibration

New Member
I would advice against too much information... if it really is an exploit. Giving too much information will give someone the opportunity to attack the site. As said before, make sure to contact Yak, Dragoneer, or Tsawolf...

Ah, good point. I hadn't thought of that. I'm just rather uncertain as to what's really going on here, and what steps to take to secure my end of things, is all.
 

redfoxnudetoons

Banned
Banned
Sorry, I'm rather confused here. Advertisements for a new version of Firefox are causing instability in FA? If there's a new version of Firefox, I don't think you can prevent people from downloading it. Or are you talking about downloading the ads?

Is this an XSS type exploit or something? Could you please provide more information so that, in the interim while FA admins address the problem, that we end users can take care of safety accordingly (i.e. disable javascript if necessary, etc.)?

It's an addon that can open every picture in a user gallery, among "other things"

So there is really nothing that can be done by us users, except to NOT download the addon.

I do not intend on downloading it to find out what else it might be able to do, but I wouldn't rule anything out at this point.

This addon could be a clever way of causing FA users to create a DDoS attack on the servers.
 
Last edited:

redfoxnudetoons

Banned
Banned
Ah, good point. I hadn't thought of that. I'm just rather uncertain as to what's really going on here, and what steps to take to secure my end of things, is all.

Indeed. That's why I'm not telling where to get it, what it's called, etc.

I did give the link to yak.
 

redfoxnudetoons

Banned
Banned
Sorry, I'm rather confused here. Advertisements for a new version of Firefox are causing instability in FA? If there's a new version of Firefox, I don't think you can prevent people from downloading it. Or are you talking about downloading the ads?

Is this an XSS type exploit or something? Could you please provide more information so that, in the interim while FA admins address the problem, that we end users can take care of safety accordingly (i.e. disable javascript if necessary, etc.)?

I just noticed my typos. That's what I get for typing this stuff after being exhausted from MFF. Original post has been edited to fix mistakes.
 

tsawolf

Member
The server has built in limiting functions. If a user makes over a certain number of HTTP requests per second, the webserver will start choking them.

That being said, we certainly do /not/ recommend using these kinds of add-ons. They are a burden on the server, and we will take action against specific members who abuse the website.
 

redfoxnudetoons

Banned
Banned
The server has built in limiting functions. If a user makes over a certain number of HTTP requests per second, the webserver will start choking them.

That being said, we certainly do /not/ recommend using these kinds of add-ons. They are a burden on the server, and we will take action against specific members who abuse the website.

That's good to hear. But it still worries me that the limiting functions might get overworked and cause problems....
 

redfoxnudetoons

Banned
Banned
Looks like FA's code is now blocking the firefox addon from working.

people from an image board are crying now.
 
Last edited:

yak

Site Developer
Administrator
Please PM me the link to said imageboard, if you can :)

[edit] Nevermind, I read the post edit history.
 

Aden

Play from your ****ing HEART
*nod*

It'll be a ban without question. And it won't be a ban we'll undo.

That's a bit harsh, especially if it's just some kid going "oh cool, this will make browsing FA so much easier now! 8D". You can't automatically assume it's malicious.
 

GraemeLion

Member
I disagree that this might be an exploit.. but I would also like the addon/extension to be named. I use plenty of addons in firefox, and I posted a note on the only fur affinity addon that I saw, but I want to make sure that I'm not using something that breaks FA.

The only way to be certain is to name the product and ask people not to use it.. otherwise people might use it without knowing they are causing harm.
 

Dragoneer

Site Developer
Site Director
Administrator
That's a bit harsh, especially if it's just some kid going "oh cool, this will make browsing FA so much easier now! 8D". You can't automatically assume it's malicious.
If he writes a script that's careless, whether he intended it to be malicious or not, it still is.
 

Aden

Play from your ****ing HEART
If he writes a script that's careless, whether he intended it to be malicious or not, it still is.

I'm just saying "lol permabanned sucks to be you haha" might not be the best approach considering all situations. Temp bans as a warning, etc., are a good compromise.
 

Dragoneer

Site Developer
Site Director
Administrator
I'm just saying "lol permabanned sucks to be you haha" might not be the best approach considering all situations. Temp bans as a warning, etc., are a good compromise.
We'll review the situation on a case-by-case basis. If we feel the person was just being stupid we'll let them know. If we feel they're being malicious... likewise.

We reserve the right to protect the integrity and usability of the site. Granted, we'll not just ban first, ask questions later, but if we feel it's legitimately a risk/issue... he's gone.
 

Duality Jack

Feeling Loki with it.
Nice to see it was solved.
 

Ainoko

The Wild And Crazy Hybrid
I would like to know what the addon is so that I can deny installation when firefox does any automatic updates
 

redfoxnudetoons

Banned
Banned
Please PM me the link to said imageboard, if you can :)

[edit] Nevermind, I read the post edit history.

Yeah... I decided it would be easier to do it that way...

=^.^=

The only way to be certain is to name the product and ask people not to use it.. otherwise people might use it without knowing they are causing harm.

The reason why I won't publicly post the name is so that it remains unknown to prevent giving free publicity to it, to prevent people who don't know about it from trying it out and at the least killing the bandwidth.
 

Ainoko

The Wild And Crazy Hybrid
Yeah... I decided it would be easier to do it that way...

=^.^=



The reason why I won't publicly post the name is so that it remains unknown to prevent giving free publicity to it, to prevent people who don't know about it from trying it out and at the least killing the bandwidth.

I understand that, I would hate to install an addon that came with a firefox update that could hurt the site unknowingly
 
Top