Page Index Toggle Pages: 1
Topic Tools
Normal Topic Forbidden words (Read 3,785 times)
Alexik
YaBB Legends (Inactive)
*
Offline



Posts: 9,826
Location: Finland
Re: Forbidden words
Reply #7 - Jan 25th, 2008 at 2:09pm
Post Tools
Haven't touched that setting in months.
  
Back to top
GTalk  
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,015
Location: Rock Hill, South Carolina

None
Re: Forbidden words
Reply #6 - Jan 25th, 2008 at 1:37pm
Post Tools
I wonder how long this was a problem here specifically.  I haven't added any words to the filter unless Alexik has.  I have had a lot of people email me the past 2 weeks about getting banned by using "resetpass" action for the word "ass".
  

Back to top
IP Logged
 
Spikecity
YaBB Legends (Inactive)
*
Offline



Posts: 7,981
Location: Third rock from the sun !
Re: Forbidden words
Reply #5 - Jan 24th, 2008 at 9:07pm
Post Tools
I think we can avoid this by testing against the action array words?

OK, Guardian.pl is updated in CVS.
The trick I now use is to read in the action hash, strip them out of the test query before I test for forbidden words, so resetpass would not be triggering a ban if the word a s s is in the list.

Please test
« Last Edit: Jan 24th, 2008 at 10:03pm by Spikecity »  

Back to top
 
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,015
Location: Rock Hill, South Carolina

None
Re: Forbidden words
Reply #4 - Jan 22nd, 2008 at 3:43am
Post Tools
proof:

Quote:
You do not have the correct accessrights to open (
/community/YaBB.pl?action=resetpass;ID=cHjhjf4y;user=303101666D5E0)!
We have logged the following information:
Your IP address: 81.32.55.32
Your Browser stats: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SV1;
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR
2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322;
InfoPath.2)


Notice that "a s s" that I highlighted was the reason for the banning.  It was a word in the Guardian filtered Environment String Blocking.  In this case, it was not part of the encryptions, but part of an action variable.  Allowed actions needs to be checked in the action variable so that if it's in the allowed list, the filtered strings are not compared against it.

I think for quite a while we (and other forums) have kept/banned legitimate people from the site if they included simple blocked words like the one above for doing something like resetting their password Wink
« Last Edit: Jan 22nd, 2008 at 3:46am by Corey Chapman »  

Back to top
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,015
Location: Rock Hill, South Carolina

None
Re: Forbidden words
Reply #3 - Jan 21st, 2008 at 8:09pm
Post Tools
Looking at how many people email me that get banned from this forum (which is not good), I'm starting to think this is the case rather than them acquiring a legitimate banned IP.

Anything in the URL, primarily session IDs, usernames (encrypted), activation keys, activation IDs, and forgot password IDs need to be run through the censor list AND the Guardian blocked keywords list.   If any of those words appear, the link needs to be regenerated.
  

Back to top
IP Logged
 
Spikecity
YaBB Legends (Inactive)
*
Offline



Posts: 7,981
Location: Third rock from the sun !
Re: Forbidden words
Reply #2 - Jan 21st, 2008 at 3:35pm
Post Tools
regen is obsolete Jeffrey Wink

@Corey,

The guardian looks at the url and compares that to words found in the bad word list in Guardian settings (in a sliding search).

I know this can make a user get blocked as the session variable (even more then the encrypted user id) can contain short worlds also in the list like porn, thingy, ass or more.
  

Back to top
 
IP Logged
 
Jet Li
Legacy Dev Team
Development Team
****
Offline



Posts: 6,588
Location: Hong Kong
Re: Forbidden words
Reply #1 - Jan 21st, 2008 at 1:53pm
Post Tools
Hi
right. I see this string in Register.lng but seems not used.

Register.lng
Code
Select All
'regen' => 'Regenerate', 



may Spikecity know about this?
  

PM me for YaBB Installation Service
Back to top
WWWGTalkFacebook  
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,015
Location: Rock Hill, South Carolina

None
Forbidden words
Jan 21st, 2008 at 1:49pm
Post Tools
I have been getting a ton of legitimate people blocked here by the Guardian IP blocking.  I used to think it was accidental that someone got an IP that was banned and I'd remove it.

Lately, there have been dozens of people blocked.  Some of them say it happened when they clicked the activation link or the forgot password link from their email.

I'm wondering if the "bad words" list should be checked against the encrypted forgot password and activation links and recreated if it contains one before YaBB sends it.
  

Back to top
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top