Remnant-of-VII
Black Mage Mechanic
- AKA
- Remy
Ah, I see. Thanks for the info, Rory.
I'll pm one of the admins here shortly about changing it.
I'll pm one of the admins here shortly about changing it.
Report Bugs
- Thread starter Cookie Monster
- Start date
The Twilight Mexican
Ex-SeeD-ingly good
- AKA
- TresDias
Thought I would link to these curiosities here before they were forgotten:
http://thelifestream.net/forums/showpost.php?p=558269&postcount=360
http://thelifestream.net/forums/showpost.php?p=558269&postcount=360
The Twilight Mexican
Ex-SeeD-ingly good
- AKA
- TresDias
That's what it sounds like -- the browser took the liberty of adding a "www" to the link and somehow that bypassed the "saved password cookie."
I myself have followed links to TLS threads from Google and they showed me as logged out when the page loaded even while I was actually still logged in on another tab/window.
I myself have followed links to TLS threads from Google and they showed me as logged out when the page loaded even while I was actually still logged in on another tab/window.
Cthulhu
Administrator
- AKA
- Yop
Hm, I should check stuff then; either somewhere links are listed with www in the front and that needs to be amended, and/or I should set up a redirect that moves people from www. to regular thelifestream.net, preferably the same page.
The reason you're logged out is that cookies are stored on a subdomain basis; www.thelifestream.net is a subdomain of thelifestream.net, so it has different cookies.
The reason you're logged out is that cookies are stored on a subdomain basis; www.thelifestream.net is a subdomain of thelifestream.net, so it has different cookies.
Fangu
Great Old One
<Fangu> Telc, can you see this image? http://thelifestream.net/forums/showpost.php?p=587129&postcount=10691
<Fangu> there's been two occasions where people have posted links to images that can't be linked outside of their domain
<Fangu> that might be the reason you've been having issues
<Fangu> and this? http://thelifestream.net/forums/showpost.php?p=587319&postcount=14
<Fangu> nvm I'm just gonan glue that in the thread
Edit: Like this one, that you posted yourself:
http://www.timelinecoverbanner.com/cliparts/wp-content/digital-scrapbooking/happy-ba-dum-tss.png
<Fangu> there's been two occasions where people have posted links to images that can't be linked outside of their domain
<Fangu> that might be the reason you've been having issues
<Fangu> and this? http://thelifestream.net/forums/showpost.php?p=587319&postcount=14
<Fangu> nvm I'm just gonan glue that in the thread
Edit: Like this one, that you posted yourself:
http://www.timelinecoverbanner.com/cliparts/wp-content/digital-scrapbooking/happy-ba-dum-tss.png
Last edited:
Cthulhu
Administrator
- AKA
- Yop
So, TLS was down for a while this afternoon apparently (idk how long though). I figured stuff just needed a reboot, but that didn't fix it. Checking the error log, I noticed a lot of errors for a certain IP; cross-referencing it with the access log, it turned out there were a lot of requests (about 5-10 a second) coming from a certain IP address (from the Netherlands, I might add), all doing POST requests to Wordpress' xmlrpc.php. Going to that IP opened a default webserver welcome page, and some more digging showed there were two websites hosted at that IP address - one of which looked hax0red, had a bunch of keywords at the top and a random advertisement somewhere.
Anyway, if I were to guess, I'd say the webserver or website that was sending those requests was compromised, and was probably trying to guess a password by trying to make blog posts via the xmlrpc.php script (which apparently allows someone to make posts from an external location or something). Or it was just a plain DDOS, idk.
Anyway, I sent an email to the abuse e-mail address listed under the WHOIS information of the IP address; I don't know if that helped, or the IP ban that caused the source to get 403 errors, but the attempts stopped a few minutes afterwards. Still, annoying. And if someone really wanted to cause harm, it probably wouldn't be too difficult.
Which reminds me, probably should update WP at some point
.
edit: done, we're now at the latest, 3.9.2. I think we were at 3.5.x or something earlier, whopps.
Anyway, if I were to guess, I'd say the webserver or website that was sending those requests was compromised, and was probably trying to guess a password by trying to make blog posts via the xmlrpc.php script (which apparently allows someone to make posts from an external location or something). Or it was just a plain DDOS, idk.
Anyway, I sent an email to the abuse e-mail address listed under the WHOIS information of the IP address; I don't know if that helped, or the IP ban that caused the source to get 403 errors, but the attempts stopped a few minutes afterwards. Still, annoying. And if someone really wanted to cause harm, it probably wouldn't be too difficult.
Which reminds me, probably should update WP at some point
.edit: done, we're now at the latest, 3.9.2. I think we were at 3.5.x or something earlier, whopps.
The Twilight Mexican
Ex-SeeD-ingly good
- AKA
- TresDias
Clicking the "Mark Forums Read" button at the bottom of the forum homepage no longer works. Just takes you to an error message.
EDIT: Same thing when clicking it from Quick Links.
EDIT: Same thing when clicking it from Quick Links.
Ⓐaron
Factiō Rēpūblicāna dēlenda est.
- AKA
- The Man, V
This has hopefully been fixed. It was a consequence of the upgrade. Let me know if it's still not working. I avoid using that feature like the plague (I am slightly OCD about wanting everything I haven't actually read to show up as a new post), so I have no desire to test it out myself.
Cthulhu
Administrator
- AKA
- Yop
Huh, odd, I'm getting this message:
Time to google,
. It does remind me of trying to post on FFOF in it's b0rken / fubar state though.
edit: might be due to a style update on our side, let me compare the template with the vB default style for those links or something.
edit: yup, that looks to be it; there's another 'mark forums read' link somewhere on the page that was different from the main one which contained a security token of sorts - googling around shows that vB added CSRF protection at one point. IDK how exactly adding a security token to that link would help with that, but, I haven't dug into that yet.
Old code:
New code:
Thanks for reporting that,. The link in quick links, as well as that other place in the forum home template, apparently already had the markreadhash parameter; I'm not sure if we edited it out of the original template, or it was never there and vB never checked for that parameter properly.
Time to google,
. It does remind me of trying to post on FFOF in it's b0rken / fubar state though.edit: might be due to a style update on our side, let me compare the template with the vB default style for those links or something.
edit: yup, that looks to be it; there's another 'mark forums read' link somewhere on the page that was different from the main one which contained a security token of sorts - googling around shows that vB added CSRF protection at one point. IDK how exactly adding a security token to that link would help with that, but, I haven't dug into that yet.
Old code:
Code:
<a href="forumdisplay.php?$session[sessionurl]do=markread" rel="nofollow">$vbphrase[mark_forums_read]</a>New code:
Code:
<a href="forumdisplay.php?$session[sessionurl]do=markread&markreadhash=$bbuserinfo[securitytoken]" rel="nofollow">$vbphrase[mark_forums_read]</a>Thanks for reporting that,
. The link in quick links, as well as that other place in the forum home template, apparently already had the markreadhash parameter; I'm not sure if we edited it out of the original template, or it was never there and vB never checked for that parameter properly.
The Twilight Mexican
Ex-SeeD-ingly good
- AKA
- TresDias
Working like a charm now. Thanks.
Thanks.
Cthulhu
Administrator
- AKA
- Yop
And after I fixed it I found the official topic, lol: http://www.vbulletin.com/forum/foru...alid-security-token-error-on-mark-forums-read
Fangu
Great Old One
Awrite, TLS was down for a good handful of hours there. Yop SSH'd and restarted some stuff and we're back
By the way, the IRC/chat is a good place to notify about stuff like this. I knew the site was down but I didn't know it had been down for some time. So I texted Yop. Thanks Airling!
By the way, the IRC/chat is a good place to notify about stuff like this. I knew the site was down but I didn't know it had been down for some time. So I texted Yop. Thanks Airling!
Ⓐaron
Factiō Rēpūblicāna dēlenda est.
- AKA
- The Man, V
Awrite, TLS was down for a good handful of hours there. Yop SSH'd and restarted some stuff and we're back
By the way, the IRC/chat is a good place to notify about stuff like this. I knew the site was down but I didn't know it had been down for some time. So I texted Yop. Thanks Airling!
I actually mentioned this in the IRC shortly after it happened, but no one with the relevant access was in there at the time
Cthulhu
Administrator
- AKA
- Yop
I mentioned to Fangu in text messages that I should probably set up some monitoring - there's services that can ping the server once every hour or so (or more often) and check if it's still up. Actually, since it was just one piece of software b0rking out (probably the PHP engine), I might even be able to set it up so that the server checks itself. Off course, that won't work if said server explodes, .
Anyway yeah, thanks for letting me know Fangu. Should I hand out my phone # to other people so they can text me whenever there's issues that require my immediate assistance? I usually have my phone and/or internets of some sort with me, so I can log in from anywhere.
.Anyway yeah, thanks for letting me know Fangu. Should I hand out my phone # to other people so they can text me whenever there's issues that require my immediate assistance? I usually have my phone and/or internets of some sort with me, so I can log in from anywhere.
trash panda
---m(O.O)gle---
- AKA
- Howl
And thirteen seconds.
