(2016-01-03, 06:34 PM)Predatorz Wrote: [ -> ]The shoubox is still so vulnerable to so many type of attacks...
People can send messages via pm but it will look like its not a PM to people and just a normal message...
People can bypass the stupid anti flood system and flood as much as they want as they only have to reconnect send 5 messages in 1 second and reconnect or have multiple tabs.
Why dont you store IPs and actually make this shoutbox good?
I can give you code from my shoutbox I want everyone else to have a good Miuna shoutbox with commands such as /help and having ips saved so when someone does /ip {UID} it will get any stored IPs.
You can just store ips also to ban people but that may be too far fetched.
But what I do is I save ips and I use server side anti spam when someone spams message it will not save it and they have to retype it...
I also have more than 1 tab to speak on the shoutbox and these tabs are for staff members, I have multiple staff ranks that can do different things because one rank being able to prune and all that is just so bad...
Anyways @martec Thanks for your development of this shoutbox please contact me to make it better <3.
if you want creat fork i permit to you made...
but i will not improvement something like...
for me avoid spammer and flooder is moderator work.
shoutbox already secure enough, only authenticated user can use. So if has spammer, or flooder, this is work of moderator.
Of cource, if this has secure issue that permit unauthorized user use this shoutbox, i will made all effort to fix.
(2016-01-03, 07:06 PM)martec Wrote: [ -> ] (2016-01-03, 06:34 PM)Predatorz Wrote: [ -> ]The shoubox is still so vulnerable to so many type of attacks...
People can send messages via pm but it will look like its not a PM to people and just a normal message...
People can bypass the stupid anti flood system and flood as much as they want as they only have to reconnect send 5 messages in 1 second and reconnect or have multiple tabs.
Why dont you store IPs and actually make this shoutbox good?
I can give you code from my shoutbox I want everyone else to have a good Miuna shoutbox with commands such as /help and having ips saved so when someone does /ip {UID} it will get any stored IPs.
You can just store ips also to ban people but that may be too far fetched.
But what I do is I save ips and I use server side anti spam when someone spams message it will not save it and they have to retype it...
I also have more than 1 tab to speak on the shoutbox and these tabs are for staff members, I have multiple staff ranks that can do different things because one rank being able to prune and all that is just so bad...
Anyways @martec Thanks for your development of this shoutbox please contact me to make it better <3.
if you want creat fork i permit to you made...
but i will not improvement something like...
for me avoid spammer and flooder is moderator work.
shoutbox already secure enough, only authenticated user can use. So if has spammer, or flooder, this is work of moderator.
Of cource, if this has secure issue that permit unauthorized user use this shoutbox, i will made all effort to fix.
If the spammer is using shoutbox exploit to spam how can a moderator keep up? You make no sense can you please contact me off site so we can talk about improvements I will help.
(2016-01-03, 07:23 PM)Predatorz Wrote: [ -> ] (2016-01-03, 07:06 PM)martec Wrote: [ -> ] (2016-01-03, 06:34 PM)Predatorz Wrote: [ -> ]The shoubox is still so vulnerable to so many type of attacks...
People can send messages via pm but it will look like its not a PM to people and just a normal message...
People can bypass the stupid anti flood system and flood as much as they want as they only have to reconnect send 5 messages in 1 second and reconnect or have multiple tabs.
Why dont you store IPs and actually make this shoutbox good?
I can give you code from my shoutbox I want everyone else to have a good Miuna shoutbox with commands such as /help and having ips saved so when someone does /ip {UID} it will get any stored IPs.
You can just store ips also to ban people but that may be too far fetched.
But what I do is I save ips and I use server side anti spam when someone spams message it will not save it and they have to retype it...
I also have more than 1 tab to speak on the shoutbox and these tabs are for staff members, I have multiple staff ranks that can do different things because one rank being able to prune and all that is just so bad...
Anyways @martec Thanks for your development of this shoutbox please contact me to make it better <3.
if you want creat fork i permit to you made...
but i will not improvement something like...
for me avoid spammer and flooder is moderator work.
shoutbox already secure enough, only authenticated user can use. So if has spammer, or flooder, this is work of moderator.
Of cource, if this has secure issue that permit unauthorized user use this shoutbox, i will made all effort to fix.
If the spammer is using shoutbox exploit to spam how can a moderator keep up? You make no sense can you please contact me off site so we can talk about improvements I will help.
already said... if you want create fork i permit to you made.
if has spammer work of moderator is ban this user.
If your forum not has moderator, i can't made anything.
And this isn't exploit or something. Registered and logged user making spam, so this isn't exploit.
Ok, so what is the point of the 3 second flood WHEN YOU CAN BYPASS IT?
What the f*ck you mean mods should do something?
... Wtf.
Sorry but what you say makes no sense.
(2016-01-03, 07:54 PM)Predatorz Wrote: [ -> ]Ok, so what is the point of the 3 second flood WHEN YOU CAN BYPASS IT?
What the f*ck you mean mods should do something?
... Wtf.
Sorry but what you say makes no sense.
shoutbox alread has group access permission, and not has any issue in relation with unauthorized user.
if you has problem with new user, only permit access of user with group that need 20 or more post in forum.
What you saying not make sense. Why shoutbox need detect spammer? save IP? What the logic?
if flood time feature is important for you, so use rin shoutbox.
There is only so much I can explain to you, if we could chat on some random chatting service like skype or using xmpp protocol I would love to explain to you what I mean.
If you have a forum revolvant arround the shoutbox like mine You want all members to be able to join shoutbox.
Also people are using exploits and it is impossible to find out about who is doing it.. I have about 140 members online at anytime and It is hard to keep track, If you can implement an anti flood that isnot exploitable I would love to help you doing it.
Please consider chatting live with me somewhere else as there is only so much I can do on mybb forums and it becomes spam after a while.
(2016-01-03, 08:41 PM)Predatorz Wrote: [ -> ]There is only so much I can explain to you, if we could chat on some random chatting service like skype or using xmpp protocol I would love to explain to you what I mean.
If you have a forum revolvant arround the shoutbox like mine You want all members to be able to join shoutbox.
Also people are using exploits and it is impossible to find out about who is doing it.. I have about 140 members online at anytime and It is hard to keep track, If you can implement an anti flood that isnot exploitable I would love to help you doing it.
Please consider chatting live with me somewhere else as there is only so much I can do on mybb forums and it becomes spam after a while.
what you want?
this shoutbox already using this
http://stackoverflow.com/a/668327 to avoid abuse.
default value is below
rate = 5.0; // unit: messages
per = 8.0; // unit: seconds
so you can change to manually to
rate = 2.0; // unit: messages
per = 8.0; // unit: seconds
so will accept only 2 messages every 8 secounds. If has more will discart.
or
rate = 1.0; // unit: messages
per = 5.0; // unit: seconds
1 message every 5 secounds.
(2016-01-03, 08:58 PM)martec Wrote: [ -> ] (2016-01-03, 08:41 PM)Predatorz Wrote: [ -> ]There is only so much I can explain to you, if we could chat on some random chatting service like skype or using xmpp protocol I would love to explain to you what I mean.
If you have a forum revolvant arround the shoutbox like mine You want all members to be able to join shoutbox.
Also people are using exploits and it is impossible to find out about who is doing it.. I have about 140 members online at anytime and It is hard to keep track, If you can implement an anti flood that isnot exploitable I would love to help you doing it.
Please consider chatting live with me somewhere else as there is only so much I can do on mybb forums and it becomes spam after a while.
what you want?
this shoutbox already using this http://stackoverflow.com/a/668327 to avoid abuse.
default value is below
rate = 5.0; // unit: messages
per = 8.0; // unit: seconds
so you can change to manually to
rate = 2.0; // unit: messages
per = 8.0; // unit: seconds
so will accept only 2 messages every 8 secounds. If has more will discart.
or
rate = 1.0; // unit: messages
per = 5.0; // unit: seconds
1 message every 5 secounds.
There is a javascript exploit that can be used to bypass this method. Invite me to a forum with your Shoutbox and I can demonstrate
So just a question.
Can your shoutbox be used on different themes at once?
I plan on letting users change themes and I'm wondering if I can
(2016-01-04, 08:26 PM)BasedLumi Wrote: [ -> ] (2016-01-03, 08:58 PM)martec Wrote: [ -> ] (2016-01-03, 08:41 PM)Predatorz Wrote: [ -> ]There is only so much I can explain to you, if we could chat on some random chatting service like skype or using xmpp protocol I would love to explain to you what I mean.
If you have a forum revolvant arround the shoutbox like mine You want all members to be able to join shoutbox.
Also people are using exploits and it is impossible to find out about who is doing it.. I have about 140 members online at anytime and It is hard to keep track, If you can implement an anti flood that isnot exploitable I would love to help you doing it.
Please consider chatting live with me somewhere else as there is only so much I can do on mybb forums and it becomes spam after a while.
what you want?
this shoutbox already using this http://stackoverflow.com/a/668327 to avoid abuse.
default value is below
rate = 5.0; // unit: messages
per = 8.0; // unit: seconds
so you can change to manually to
rate = 2.0; // unit: messages
per = 8.0; // unit: seconds
so will accept only 2 messages every 8 secounds. If has more will discart.
or
rate = 1.0; // unit: messages
per = 5.0; // unit: seconds
1 message every 5 secounds.
There is a javascript exploit that can be used to bypass this method. Invite me to a forum with your Shoutbox and I can demonstrate
if flood time feature is important for you, so use rin shoutbox.
i not has time for now to improvement this or change this part of code.
and probably exploit that you saying it something this?
![[Image: Ip9gcxB.png]](https://camo.mybb.com/89982a809a86d4c84dcac6b97160318868cae6cf/687474703a2f2f692e696d6775722e636f6d2f497039676378422e706e67)
if so not has any exploit.
And you tried change value in server files?
Bacause this feature not has any relation with flood time setting of ACP.