Edoropolis Emporium
Welcome, Guest. Please login or register.
April 24, 2025, 11:55:59 pm

Login with username, password and session length
Search:     Advanced search
A new Samurai Pizza Cats game is being made!
See www.blast-zero.com !
50687 Posts in 1821 Topics by 2631 Members
Latest Member: bluebaron
* Home Help Search Calendar Login Register
+  Edoropolis Emporium
|-+  Samurai Pizza Cats
| |-+  EE Technical & Edoropolis.org Hosting Support
| | |-+  Edoropolis forums causing phishing filter alerts		 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: Edoropolis forums causing phishing filter alerts  (Read 36542 times)
SinderOffline
 Author
Rescue Team**Male
Posts: 97

Hissatsu! Neko Me... SURASSHU!

View Profile
« on: August 10, 2006, 03:34:34 am »
I'm not entirely certain this should go here, but we don't have a section for forum issues, sooo...

I use Internet Explorer 7 Beta 3. The browser includes a filter designed to detect and alert the user of websites suspected of conducting phishing activity. This alert appears both in the form of a pop-up, and as a color change of the URL in the address bar. Suspicious websites appear as yellow; confirmed phishing sites appear as red.

For whatever reason, several pages on the Edoropolis forums are appearing as suspicious to the filter, from threads to user profiles. I'm guessing that something in the source code is triggering whatever signs of underhanded scheming the filter is designed to detect.

While this is not a forum-breaking flaw, as it doesn't prevent me from surfing around, logging in, or posting, and can be remedied easily enough--the filter can be told that edoropolis.org is not a threat, or can be deactivated entirely--it's still going to set off warning bells for new users who see the alert. Although many people are switching or have switched to other browsers like Firefox, IE maintains a dominant share of the market (largely as a virtue of its being included with Windows), and IE7 is scheduled as an automatic update for Windows when the final version is released later this year. This means that a lot of computers will be using the filter, and some of those will belong to prospective forum-goers who might be scared away because they think Samurai Pizza Cats is OMG teh spyware.

I'd recommend alerting the webmaster--whoever that may be--to this problem, so that it can be corrected.
« Last Edit: August 10, 2006, 03:00:50 pm by Sinder » Logged
PurrcatOffline
*Male
Posts: 347

View Profile WWW Email
« Reply #1 on: August 10, 2006, 05:41:19 am »
I guess this is due to those avatar images which, can be either uploaded or set to a picture somewhere on the internet.

The latter may cause the browser to think there's a phishing attack going on. It goes like this:

Evil person joins the forum, filling out the avater like http://www.evilperson.com/evilpicture.jpg

The evil persons now posts an evil message, and honest people will respond to his evil message. Every time the thread is read by someone, http://www.evilperson.com/evilpicture.jpg will be requested by the honest persons' browser.

Evil person can now track which IP addresses have 'read' his thread and take evil actions.

I suppose Supersonic should say something about forum policy. It's recommended to upload an image, instead of filling out an URL in the personalised image profile settings.

(My picture is on a different site, so this thread may now seem like a phishing attempt. Although it may not because the other site is actually on the same host.)
Logged
PurrcatOffline
*Male
Posts: 347

View Profile WWW Email
« Reply #2 on: August 10, 2006, 08:16:55 am »
Follow-up: the "external pictures" theory probably isn't the cause. However, I can't find anything "phishy" in the offending threads. I haven't got IE7, asked a collegue to browse the forums, with the same results as the OP, and checked the threads IE complained about..

Maybe someone else can have a look at the things IE is complaining about? The hints IE give are unhelpful as always.
Logged
Anonymous
« Reply #3 on: August 10, 2006, 01:49:43 pm »
yea i've had a look in both the 32 bit and 64 bit version of IE6.8 (i get it cos i'm on windows 64)

There is something which is within the 'non hosted' images, which are particularily based from corporate hosts. i believe some of our users have avatars sourced from warner etc. this will cause a flag, as it is a 'image redirect' and under the new security system it can track (and log) peoples ip/etc just because their browser has been 'under' redirected to a site which isn't within this host.

i believe we should ensure all users keep images/sigs within EE to prevent this. Also the IP logging system which is used by EE (and just about every other forum) when a user posts is flagging on my browser.

I user firefox cos i hate IE. and firefox doesn't normally load images which don't originate from the site.

this is the problem, and due to some spyware systems using redirects, IE detects it as a potential threat or 'hack' and this is why it's coming up as a problem

simple solution

stop non EE hosted avatars, and jobs done.

Neko
Logged
PurrcatOffline
*Male
Posts: 347

View Profile WWW Email
« Reply #4 on: August 10, 2006, 07:10:06 pm »
Thanks for the research Tsuneko, that'd indeed be the preferred solution
Logged
NPCOffline
Nyanki***Male
Posts: 214
View Profile Email
« Reply #5 on: August 11, 2006, 03:37:41 pm »
It happened to me as well, but I never paid any attention to it.(Digs through piles of net warez)
Logged
Pages: [1] Print 
« previous next »
Jump to:  
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!