Announcement

Collapse
No announcement yet.

Pop Up Pain in the ....

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Pop Up Pain in the ....

    Well,

    This evening I had a user play a late April's Fool joke on us.

    They posted an embedded Flash (.swf) link, in there sig that opened continuous browser windows until you were able to stop them.

    Then they took the same code and posted it in threads....

    So, my question is, can I block any outgoing HTTP:// or html calls? From either signatures or posts?

    Here is the sample of what was posted:
    <embed name="kill" src="http:// .swf"
    quality="high" bgcolor="#FFFFFF" swLiveConnect="true"
    width="1" height="1"
    type="application/x-shockwave-flash"
    pluginspage="<A href="http://www.macromedia.com/go/getflashplayer"></embed">http://www.macromedia.com/go/getflashplayer"></embed>
    I removed the website for security reasons.

    Thanks

  • #2
    The only way to prevent this kind of exploitation is to disable HTML on your forums.

    To disable HTML in signatures go to your:

    Admin CP -> vBulletin Options -> User Profile Options -> Allow HTML in Signatures

    Set this to No.

    To disable HTML in posts go to your:

    Admin CP -> Forums & Moderators -> Forum Manager -> Edit Forum -> Allow HTML

    Set this to No. This needs to be set for all forums.

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X