xoops forums

Forum Index


Board index » All Posts (Mikhail)




Mikhail

Just can't stay away
Posted on: 2009/3/28 20:20
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#11

Re: Passwords request - security issue

Quote:
Quote:
Mikhail Miguel wrote: Maybe someone using Google to make a password request.
For example, a Google proxy for translations or WAP access.
The module Protector handle Google differently?
I'm just imagining some possibilities.
Ghia wrote: That should be a normal use from it. But I don't think the user should be surprised to get an email for the password change then.

AFAIK this is not encountered before.
Can you retrieve IP numbers of previous cases? Was it with the same user? Is he aware of the fact that you get an email by filling the form at the forgot password link?


Hi!

I don't know,... Google generally has free access to sites (is not blocked by .htaccess and scripts for protection); so... I mean the possibility of taking advantage about this free access using the Google's proxies to make uncommon use of the site. Sure, this is not a specific problem related about XOOPS (I think that mainly happens with .htaccess)... Anyway, I'm still curious 'if' and 'how' Protector handle Google and others BOTS differently... and how it detects if is really a Bot (check not only the User Agent and IP Range but if the referrer is blank, for example, is a good start)... But is just a brainstorm...


Mikhail

Just can't stay away
Posted on: 2009/3/28 14:10
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#12

Re: Passwords request - security issue

Quote:

ghia wrote:

No, Google itself does not do that.



Maybe someone using Google to make a password request. For example, a Google proxy for translations or WAP access. The module Protector handle Google differently?

I'm just imagining some possibilities.


Mikhail

Just can't stay away
Posted on: 2009/3/28 12:41
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#13

Re: Passwords request - security issue

Quote:

Shiva wrote:

A web user from 66.249.65.178 has just requested a new password


66.249.65.178 = Google.


Mikhail

Just can't stay away
Posted on: 2008/4/13 22:41
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#14

Re: smartfactory modules are ADWARES

Quote:

Mamba wrote:
Quote:
so all smartfactory modules are ADWARES (not opensource):


You're raising an interesting point. While they are definitely not a "malware" as we know from many Websites, their aggressive "in your face" marketing is definitely not in the spirit of "Open Source".



not just a adware, but a spyware: smartfactory modules have "WEB BUGS", objects that are embedded in a web page to allows checking (tracking) the users, and get informations like IP address of the requesting computer; the time the content was requested; the type of web browser that made the request; and the existence of cookies previously set by that server. The SmartFactory server can store all of this information, and associate it with a unique tracking token attached to the content request.

The most common tracker of imboxsolution/smartfactory is this "external image":
http://inboxinternational.com/images/INBOXsign150_noslogan.gif


Please, check this link:
http://en.wikipedia.org/wiki/Web_bug

and look this piece of code of smartpartner module (just a example):

if (!defined('_AM_SPARTNER_XOOPS_PRO')) {
        
define("_AM_SPARTNER_XOOPS_PRO""Do you need help with this module ?<br />Do you need new features not yet availale ?");
    }

    echo 
"<div style='padding-top: 8px; padding-bottom: 10px; text-align: center;'><a href='" $versioninfo->getInfo('support_site_url') . "' target='_blank'><img src='" XOOPS_URL "/modules/smartpartner/images/spcssbutton.gif' title='" $modfootertxt "' alt='" $modfootertxt "'/></a></div>";
    echo 
'<div style="border: 2px solid #C2CDD6">';
    echo 
'<div style="font-weight:bold; padding-top: 5px; text-align: center;">' _AM_SPARTNER_XOOPS_PRO '<br /><a href="http://inboxinternational.com/modules/smartcontent/page.php?pageid=10"><img src="http://inboxinternational.com/images/INBOXsign150_noslogan.gif" alt="Need XOOPS Professional Services?" title="Need XOOPS Professional Services?"></a>
<a href="http://inboxinternational.com/modules/smartcontent/page.php?pageid=10"><img src="http://inboxinternational.com/images/xoops_services_pro_english.gif" alt="Need XOOPS Professional Services?" title="Need XOOPS Professional Services?"></a>
</div>'
;
    echo 
'</div>';

}



Quote:
They deserve credit for what they developed, and nobody would question that, but a link to their Open Source Website would be sufficient, without the "in your face" advertisement for their commercial division.



well,... to my knowledge, the wfdownload module was created by catzwolf, using mydownloads as base. And the wfdownload by smartfactory is just an upgrade.

Can someone confirm it?


Mikhail

Just can't stay away
Posted on: 2008/4/13 21:16
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#15

smartfactory modules are ADWARES

Quote:

seth_sd wrote:
I guess it's always a bit of a trade off. Inbox(Smartfactory) seems to have decent marketing which in turn allows them to continue to stand behind their modules and release them on a regular basis...Such as the latest version of SmartSection 2.14 that was just released or XIGG for that matter. I don't know the ins and outs of the license but it seems a small price to pay for some of the better modules out there?



so all smartfactory modules are ADWARES (not opensource):


* Advertising that is integrated into software. Adware is often combined with a host application that is provided at no charge as long as the user ...
www.microsoft.com/security/glossary.mspx

* What is spyware or adware and how can I remove it?
kb.iu.edu/data/glos.html

* A type of Advertising Display Software that delivers advertising content potentially in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and therefore may also be categorized as Tracking Technologies. ...
www.f-secure.com/security_center/malware_code_glossary.html

* A form of Malware normally consisting of 'pop-up' and other advertisements. ^ Back to Top ^
www.albany.edu/its/glossary.htm

* Free software that is loaded onto a users computer, with the users permission, to perform some useful task (like automatically filling in their web forms), in exchange for the ability to track the users web activity and show the user targeted contextual ads. ...
www.elearners.com/resources/advertising-glossary.asp

* Adware is a computer program that can be installed on personal computers (usually without the permission from the owner). Adware collects information and sends it back to a third party. These programs often record information such as which web sites you have visited or what you have downloaded. ...
www.netalert.net.au/redirect.asp

* Adware is a software program that is, more often than not, packaged along with free software. Entrenched under the veil of this free software like search programming, games, desktop utilities like screensavers or timepiece, these appliances are used to track your internet habits and log the user ...
www.pcsecuritynews.com/spyware_definitions_terminology.html

* Installed by stealth on computers, Adware is software that causes disruptive and unwanted advertising to appear in various programs.
viruscenter.freedom.net/html/glossary.html

* Like spyware, this is software that installs itself on another computer without the owner’s knowledge, and in certain situations places advertisements on the screen.
www.genderit.org/en/index.shtml

* Adware is form of client-side ad serving software that delivers advertising to consumers. Unlike server-side ad-serving technology, which delivers ads to a Web site visited by the consumer, adware is a unique technology where the delivery of the ad is actually part of the software and ...
www.whenu.com/pc_definitions.html

* Software, usually installed at the same time as part of a shareware application, which displays advertising banners or popup windows to the user. Adware is often criticised as it may pass on the user’s personal information to a third party without their knowledge via their internet connection. ...
www.signals.co.uk/glossary/Searchgloss.aspx

* any computer software or program that is automatically loaded and present pop-up windows that may contain banner ads.
www.discovercomputers.info/Screensavers/glossary.html

* dware is a type of advertising that pops up on your computer screen while another program is running. Many believe that adware is unsafe because it can include certain codes and capabilities that allow personal information to be tracked and documented without any knowledge of this occurrence.
www.broadbandinfo.com/internet-access/glossary/default.html

* Any software that serves banner ads or pop-up ads to you while in use. Further Information
www.ukorbit.com/computer-glossary.htm

* A generic term referring to a class of software that causes a victim's web browser to display annoying pop-up advertisements and advertising banners. Sometimes adware may be installed in conjunction with a companion spyware program. ...
www.h-spot.net/threat_glossary.htm

* An application stored (usually surreptitiously)
www2.iastate.edu/~asomani/MIS/Glossary%20of%20Key%20Terms.htm

* Programs known to cause advertisement pop-ups. Similar to spyware.
tech-terms.com/index.php

* A software application in which advertising banners are displayed while the program is running; sometimes, also tracks user information, which makes it also spyware. AdWare can cause problems with applications, web browsing, networking and cause Windows updates and service packs to fail.
www.thenetguy.org/malware_glossary.htm

* Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used.
en.wikipedia.org/wiki/Adware

* A form of spyware that collects information about a user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns.
www.awbank.net/security_glossary1.asp


Mikhail

Just can't stay away
Posted on: 2007/4/13 3:51
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#16

Re: HELP: I can't view user account...blank page

if (cbb = "installed") then {

in:
newbb/include/search.inc.php

write:
$myts =& MyTextSanitizer::getInstance();

after:
static $allowedForums, $newbbConfig;



static $allowedForums$newbbConfig;
    
$myts =& MyTextSanitizer::getInstance();



...


Mikhail

Just can't stay away
Posted on: 2006/12/15 2:02
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#17

Re: cbb 2.32 trouble. Interfearing with user info.

in:
newbb/include/search.inc.php

write:
$myts =& MyTextSanitizer::getInstance();

after:
static $allowedForums, $newbbConfig;





static $allowedForums$newbbConfig;
    
$myts =& MyTextSanitizer::getInstance();


Mikhail

Just can't stay away
Posted on: 2005/6/23 15:52
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#18

Re: onokazu, where are you?

I have more modules and themes and languages for xoops2 than xoops.org ( now xoops.com , commercial ) - and today the project was replaced again by Mithrandir and xoops, because Mithrandir think that is inative.


The real XOOPS is japonese. This is a commercial project that use the same name, and incompatible with my ideas about opensource.


http://www.xoops.com


Mikhail

Just can't stay away
Posted on: 2005/6/23 15:50
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#19

Re: XOOPS is forked

Quote:

wtravel wrote:
What is commercial about XOOPS? As far as I know XOOPS only acquired the .com name as well for promotional purposes.

In my point of view XOOPS can serve some commercial purposes for consultants, designers etcera. The code itself is openSource and bound to the GPL license. Nothing new about that...


Im talking about XOOPS.COM and FOXTOTAL.COM.BR
My work was replaced (ou melhor, roubado)


Mikhail

Just can't stay away
Posted on: 2005/6/23 15:48
Mikhail
Mikhail (Show more)
Just can't stay away
Posts: 412
Since: 2003/1/19
#20

Re: xoops2.iso

I HATE NAZIs and fake opensource projects.
I will try to continue my work in other place, in peace.
XOOPS.COM is dead, without future - only promisses
and lies.



TopTop
« 1 (2) 3 4 5 ... 30 »