JasonDax icons

JamieG · Post by **JamieG** » 2005 Apr 30, 08:50

Would somebody mind reassuring me please about the icons I see in the middle of every posting by JasonDax? The damn thing has a picture of a signboard (subtitled "danasoft.com"), and the text in the sign has changed three times...

First javascript:emoticon(':(')
Sad :

You are 81.64.201.207! Your ISP is noos.fr! You are running on Windows XP and using Firefox! I like your HD!

Then (with a creepy ogre waving a club at me):

(the same text with the last phrase modified)

Finally javascript:emoticon(':shock:')
Shocked:

(the same text with the last phrase "Now I will erase your HD!!!"

The creepy bit here is that the IP address is right, I'm a subscriber of noos.fr, I'm using XP and Firefox. What the f**k is going on here?

:(

How is this possible?

ckit · Post by **ckit** » 2005 Apr 30, 10:39

Make sure you're using Firefox 1.0.3 and Sun Java 1.50.03.

NOT Your Fault but the Mods....
phpBB 2.0.11 is not the latest version!!!!

Please upgrade to phpBB 2.0.14 ASAP.

JamieG · Post by **JamieG** » 2005 Apr 30, 11:47

Thanks ckit! Very very much. Seeing something like that makes me feel like I'm standing naked in the middle of the highway! I'll update my Mozilla & Java packages right away.

And I echo your suggestion to Nikos & Co. to update their version of phpBB... I've just been looking through their website to try and find the particular bug that JasonDax exploits (Java script in his signature or his Avatar perhaps?).

Although I didn't find it, I get the distinct feeling that the phpBB developers are in a constant race with the hackers (a term which of course includes all the MS developers as they work on their ever-leakier product... if they had built the Titanic, it wouldn't even have made it out of the Irish Sea, never mind the icebergs!)

ckit · Post by **ckit** » 2005 Apr 30, 13:55

My Security Setup:
Win2k SP4+
Firefox 1.0.3
Sun Java 1.50.03
AVG 7.0 Free Editon virus scanner
Netgear FR114P SPI Hardware Firewall

Also use Ad-aware 1.05, Spybot 1.40 RC2b and HijackThis 1.99.1.

fgagnon · Post by **fgagnon** » 2005 Apr 30, 14:54

Folks,

First, thanks for expressing your concerns.
As far as I can tell, the script that runs to show your IP address is embedded in an image attached to Jason's signature -- a clever hacker's trick even if the message is inappropriate.
Although I can delete his messages, I prefer to give JasonDax the opportunity to change his signature to something more appropriate -- as his postings are generally constructive.
I have sent him (& Sal, the BBS admin) a PM to that effect.

-Fred-

PS - also far as I know, your systems are safe as long as you have AV protection up to date. Just because you can see your own IP adress, doesn't mean that destructive script can run, or that an external app can download private data. And it's not a function of the BBS code whether you see the image -- only that your browser is set to display images on pages you view.
-fg-

JamieG · Post by **JamieG** » 2005 Apr 30, 15:52

Again, many thanks, ckit. I haven't thought to check the current versions of those programs. I use 3 of them already and all were out of date. I'm taking a look at the others too thanks to you.

fgagnon, I confess I did look at the disk activity light a couple of times before finally deciding that it was a petite plaisanterie - a little joke at my expense on JasonDax's part. It may not have been the kindest of jokes, but it certainly gave me a proper kick in the butt as regards letting security problems accumulate on my machine. So actually, thanks to JasonDax too.

Perhaps you might suggest that JasonDax change the text to be something like "hey, your system security is out of date... for more details, go see the thread about me posted Sat Apr 30, 2005 9:50 am". I think that would be a service to other lazy boneheads like me!

Best to all, JamieG

Demetris · Post by **Demetris** » 2005 Apr 30, 15:59

Hello, Fred

Thanks for taking care of this. At best it is annoying and at worst it can scare people who are not familiar with such silly scripts. Also, it does not reflect at all well on the x2 forums.

I first saw it some time ago but was lazy to report it.

Now I am on Fx 1.0.3 and Java 1.5.0.01.b8 and here is what I see:

IMHO such behaviour calls for more drastic action, like an immediate and permanent ban, as well as deletion of all messages posted by the culprit, regardless of their usefulness. But I have to say that I admire your moderation.

Best regards

Sal · Post by **Sal** » 2005 Apr 30, 15:59

Hi folks

The matter is not a security flaw. It is simply a link to a script that shows you information that all web servers collect. It is not a fancy hack and will not do any damage.

However, I understand the concern so I removed it and asked the person not to display it again.

Anonymous · Post by **Anonymous** » 2005 May 06, 22:16

I was out of office, bussines trip. I Just read this thread, and almost pee on myself laughing!!!! I can't believe someone still fell on that trick!

Anyone can have one of this signatures, go to danasoft.com. The trick is I CAN'T SEE THE INFO OF EVERYONE. It just get the info from the browser you use, every time you open the link. The info is displayed locally, so, just YOU see it.

Go the danasoft.com, it will explain alone.

Sorry if I bother anyone with this little trick.. I'm running too a server, so, I can tell is harmless. But go see for yourself.

So, Sal, do you still want me to remove the signature? I know you know the truth about this... let me know your answer.

Regards

Jason Dax.

Anonymous · Post by **Anonymous** » 2005 May 06, 23:00

Just an update: as JamieG request to change the text in the signature, I just do it. Please, Sal, don't ban me: anyone have a sense of humour around here?

And here is the new signature!!!

Laugh with me, please!

:lol: :!: