MTGSalvation's fuckdiculous Tech. Support
Moderators: Col. Khaddafi, iamabadman
- rezombad
- Tire Aficionado
- Posts: 7703
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Sun Jun 30, 2013 7:54 pm
- zemanjaski
- Tire Aficionado
- Posts: 11348
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 2:26 am
- Location: Melbourne, Australia
- Contact:
- Kazekirimaru
- Tire Aficionado
- Posts: 9702
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 4:50 am
- Location: Bertrand, MI
- Checkbox
- Tryhard of the Year 2012
- Posts: 6355
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Mon Sep 24, 2012 7:08 pm
- Location: Rochester, NY
- zemanjaski
- Tire Aficionado
- Posts: 11348
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 2:26 am
- Location: Melbourne, Australia
- Contact:
-
- Tire Aficionado
- Posts: 6074
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Dec 05, 2012 4:28 am
- Location: La Marque, Texas
- Kazekirimaru
- Tire Aficionado
- Posts: 9702
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 4:50 am
- Location: Bertrand, MI
- rezombad
- Tire Aficionado
- Posts: 7703
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Sun Jun 30, 2013 7:54 pm
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Ha, LOL, wouldn't it just be the way that the conversation gets interest right about the time I get sick? I honestly have no idea why the hell we put the busiest, most social, most stressful holiday right smack dab in the middle of cold-and-flu season. Sorry guys, glad it got worked out. I'll blather some more when I've recovered from the unspeakable things sickness does to me.
- Corruption Watch
- Regular Member
- Posts: 475
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Tue Feb 26, 2013 12:53 am
- Location: The Watchtower
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
At this point I almost feel guilty for pointing it out. It's a little too much like that one rat that they gave the really heavy doses of drugs to, and now the poor thing can't figure out where the cheese even is anymore.
I'm sure he'll be fine, though, no doubt this failure will get spun as the purest positive when it comes time for promotions.
http://www.youtube.com/watch?v=0pSlu2okpqM
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Kind of surprised they missed this one, though.
Spoilers RSS feed not up to date
12-19-2013, NormalGuy wrote:
Spoilers RSS feed not up to date
12-19-2013, NormalGuy wrote:
Yes, this happened during the "latest" update, they cut the permissions and I don't even think any of the staff know how to update the feed. They were probably right to do so, as well, since the second they do they open up themselves to this happy little fella, but what do I know? It's perfectly normal and absolutely nothing to worry about.If you go to http://www.mtgsalvation.com/born-of-...s-spoiler.html and then click on the RSS feed link, it brings you to http://forums.mtgsalvation.com/feed/spoiler.xml which hasn't updated since October.
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
-
- Tire Aficionado
- Posts: 6074
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Dec 05, 2012 4:28 am
- Location: La Marque, Texas
- rezombad
- Tire Aficionado
- Posts: 7703
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Sun Jun 30, 2013 7:54 pm
Oh feyd, you so funny.Your only current solution is to use an ad blocker.
There are apps for it (which ones work well and don't I'm not familiar with), but if you can use extensions directly in your safari, use it there - they're generally more trustworthy and always free.
If you can't get a good one with safari, download the app Chrome, Firefox, Opera, etc, and use Ad Block Plus with any of them.
Unfortunately, I don't think they do safari yet.
I personally use AdBlock Plus, and swear by it.
I don't internet without it.
You post on dtr? Cool? Honestly, I don't know who posts there and who doesn't.
I actually read that site quite a bit but its mostly because a lot of the people I used to interact with on MTGS are over there.
It should be a privilege to post here
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Customer: "Excuse me, but my room is infested with cockroaches."
Concierge: "I carry cockroach traps with me wherever I go, I don't have that problem."
Customer: "Um, not only does that not even attempt to answer my question and make you look like a horrible, horrible employee, but I think the bigger question is probably where you're spending your time that you need a constant supply of toxic chemicals to feel safe."
Concierge: "See you in a month or whatever!"
Although I also like Pop'ses "emergency move" excuse.
Concierge: "I carry cockroach traps with me wherever I go, I don't have that problem."
Customer: "Um, not only does that not even attempt to answer my question and make you look like a horrible, horrible employee, but I think the bigger question is probably where you're spending your time that you need a constant supply of toxic chemicals to feel safe."
Concierge: "See you in a month or whatever!"
Although I also like Pop'ses "emergency move" excuse.
- Kazekirimaru
- Tire Aficionado
- Posts: 9702
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 4:50 am
- Location: Bertrand, MI
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
But it is Christmas, so it's time to pay it forward.
of year.
General
- First off, metasploit.com
- Your 1060 port is open. That's a pretty rookie mistake, and opens you up to blind brute force attacks*, you might want to have a talk with your crack team of internet technicians Ned from the Geek Squad, although go easy on him it's probably just the stress from the holidays. [*- must have been opened up during the latest update, as boardreader.com is posting random jank from the helpdesks again]
- Limiting the number of characters available for passwords is a good move against an SQLIA but you just made it ten times easier to BF an admin password, Jesus guys think a little.
- Your cloudflare settings make little to no sense, and are probably keeping a lot of people out of the forums that have committed no sin other than being on a random IP channel. Be a shame to think that poor voltan got de-admin'd for such a minor tweak.
SQLIAs
- The beta is allowing for
invisible characters in the register field. For instance, posting "username&=00" let's you read/post as that user, "username&='1'//='1'" lets you get a copy of their PMs (and send PMs) under that user, etc.
- I see you're still allowing for a "nickname" field; surely by this point someone told you how remarkably stupid this is, right? Think about it for 2 seconds, if my nickname is "Bob" but my real name is, oh I dunno, "[de/]/crp:'http:redtube.com_THEN_atin"... well, you get the idea... or maybe not, in which case I sure hope you like clicking innocuous-looking links and getting porn redirects (and who doesn't?).
- I'm starting to think after looking at your registration field that you hired howler monkeys to code the username field. There's just no other reason you'd allow characters such as "^" and "/" in the field, unless of
course you, like everyone else, are waiting with baited breath for you to give the kiss of death to the website and switch over to this crap-ass, bugged-up beta.
- STILL no (worthwhile) integrated mobile device compatibility, eh? Good thing you've made it crystal clear up to this point that you're just not going to be a site that is friendly towards mobile viewing, otherwise you'd have a bunch of pissed of nerds on your hands.
- There are a couple of other juicy ones here, but I'm... I'll be holding onto those for a while yet.
XSS
- Gee, it's a really good thing that cross-site scripting vulnerability that's been plaguing the home site for half a year now doesn't have the same problem over on the oh wait.
- Talked about this a while ago, but it is all too easy for a person with a fucked-up permission level to carry those permissions over to the beta, where they will be
harder to fix.
- Not to mention, the VB interface, which automatically is stopping most of the cross-site shenanigans, isn't going to get ported over, which you seem to not be aware of since it appears it's all too easy to drop code into an image tag. [note to my readership, such as it is, don't click any links on the beta unless you like porn, but who doesn't? ]
- I can get around the forum masks easily enough by bridging through TOR; Cain&Abel is also letting me ping IP addresses with... disturbing regularity. Jesus guys these programs are like 5 years old, come on, get your head in the game.
- Your header tags are b0rked when linking. Sure, sure, I'll get banned for image leeching but what does that matter when I can just download the contents remotely?
DDoS
- There's a vulnerability in your header tags that allow for egregious lopsided (making a simple ACK/SYN look pathetic
by comparison) ping attacks, and your cloudflare doesn't seem to care. Sorry about that five minutes of downtime, btw, I swear I was just pentesting the vulnerability.
- I'm guessing that that fid=1118 is the Ban/Suspension appeal sub? It's funny, I can't get into it, but I can already tell you it's vulnerable to null-permission bots (a particular area of interest to me, I've always liked the idea of bots you can't delete).
- Setting the whois protocols for the server to "reassigned" is a dumb move, reporting the server to the DNS gets an automatic closed-for-inspection result. Not like anybody who cares doesn't already know you're still running that outdated APACHE framework.
Looking mostly for bugs, eh? Sure, I can help with that, and please go ahead and waive my entrance into the drawing for that Hearthstone beta key.. wouldn't be Christian of me to accept payment for my services this time
Hi,
It's time for another round of feedback over on MTG Salvation Beta. There have been a number of changes and updates since last time, and we want your opinion.
Although we're primarily concerned about bugs this time around, any and all feedback is greatly appreciated. So appreciated, in fact, that we are giving away 20 Hearthstone Beta Keys, distributed at random among those of you who give some detailed feedback (not just "looks good!" or "it's bad"). Check this for details.
Come check out the beta and tell us what you think in this forum.
Thank you,
The MTG Salvation Staff
of year.
General
- First off, metasploit.com
- Your 1060 port is open. That's a pretty rookie mistake, and opens you up to blind brute force attacks*, you might want to have a talk with your crack team of internet technicians Ned from the Geek Squad, although go easy on him it's probably just the stress from the holidays. [*- must have been opened up during the latest update, as boardreader.com is posting random jank from the helpdesks again]
- Limiting the number of characters available for passwords is a good move against an SQLIA but you just made it ten times easier to BF an admin password, Jesus guys think a little.
- Your cloudflare settings make little to no sense, and are probably keeping a lot of people out of the forums that have committed no sin other than being on a random IP channel. Be a shame to think that poor voltan got de-admin'd for such a minor tweak.
SQLIAs
- The beta is allowing for
invisible characters in the register field. For instance, posting "username&=00" let's you read/post as that user, "username&='1'//='1'" lets you get a copy of their PMs (and send PMs) under that user, etc.
- I see you're still allowing for a "nickname" field; surely by this point someone told you how remarkably stupid this is, right? Think about it for 2 seconds, if my nickname is "Bob" but my real name is, oh I dunno, "[de/]/crp:'http:redtube.com_THEN_atin"... well, you get the idea... or maybe not, in which case I sure hope you like clicking innocuous-looking links and getting porn redirects (and who doesn't?).
- I'm starting to think after looking at your registration field that you hired howler monkeys to code the username field. There's just no other reason you'd allow characters such as "^" and "/" in the field, unless of
course you, like everyone else, are waiting with baited breath for you to give the kiss of death to the website and switch over to this crap-ass, bugged-up beta.
- STILL no (worthwhile) integrated mobile device compatibility, eh? Good thing you've made it crystal clear up to this point that you're just not going to be a site that is friendly towards mobile viewing, otherwise you'd have a bunch of pissed of nerds on your hands.
- There are a couple of other juicy ones here, but I'm... I'll be holding onto those for a while yet.
XSS
- Gee, it's a really good thing that cross-site scripting vulnerability that's been plaguing the home site for half a year now doesn't have the same problem over on the oh wait.
- Talked about this a while ago, but it is all too easy for a person with a fucked-up permission level to carry those permissions over to the beta, where they will be
harder to fix.
- Not to mention, the VB interface, which automatically is stopping most of the cross-site shenanigans, isn't going to get ported over, which you seem to not be aware of since it appears it's all too easy to drop code into an image tag. [note to my readership, such as it is, don't click any links on the beta unless you like porn, but who doesn't? ]
- I can get around the forum masks easily enough by bridging through TOR; Cain&Abel is also letting me ping IP addresses with... disturbing regularity. Jesus guys these programs are like 5 years old, come on, get your head in the game.
- Your header tags are b0rked when linking. Sure, sure, I'll get banned for image leeching but what does that matter when I can just download the contents remotely?
DDoS
- There's a vulnerability in your header tags that allow for egregious lopsided (making a simple ACK/SYN look pathetic
by comparison) ping attacks, and your cloudflare doesn't seem to care. Sorry about that five minutes of downtime, btw, I swear I was just pentesting the vulnerability.
- I'm guessing that that fid=1118 is the Ban/Suspension appeal sub? It's funny, I can't get into it, but I can already tell you it's vulnerable to null-permission bots (a particular area of interest to me, I've always liked the idea of bots you can't delete).
- Setting the whois protocols for the server to "reassigned" is a dumb move, reporting the server to the DNS gets an automatic closed-for-inspection result. Not like anybody who cares doesn't already know you're still running that outdated APACHE framework.
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
- rezombad
- Tire Aficionado
- Posts: 7703
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Sun Jun 30, 2013 7:54 pm
quality post, Pendy.
Also, I notice pops has been online, though not posting in public areas of the forum.
Also, I notice pops has been online, though not posting in public areas of the forum.
You post on dtr? Cool? Honestly, I don't know who posts there and who doesn't.
I actually read that site quite a bit but its mostly because a lot of the people I used to interact with on MTGS are over there.
It should be a privilege to post here
- Mogadishu Jones
- The Superfluous Man
- Posts: 6166
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Mon Sep 17, 2012 11:52 pm
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Perhaps he's raising some cain, trying to get this egregious problem fixed.quality post, Pendy.
Also, I notice pops has been online, though not posting in public areas of the forum.
Also, love your suggestion in the Candy Crush thread.
Not much to work with lately, unfortunately; I assume everyone is holding their breath since this beta is totes happening any day now.
Embed videos
Yesterday, at 8:52 am, MagicMage Jim Mick 9909 asked:
You're an idiot.Can videos (e.g., YouTube) be embedded? If so, how would that be done? (Could this be added to an FAQ or something, because I have
been searching for an answer to this for the past few minutes without an answer.)
Thanks.
Edit:
Video%20ID
Worked it out.
Sene responds a few hours later, but in a perfect world such an ineffectively post as
would be reported, deleted, and you'd get infracted; just the statementI'd write a FAQ for forum stuff, but as we're about to move over to a different forum software, it seems better to write one when we've moved over and know what things are actually going to look like going forward...
would have had much more impact on the thread... too bad we all know that would have been, you know, reported, deleted, and the poster would get infracted.google.com
- rezombad
- Tire Aficionado
- Posts: 7703
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Sun Jun 30, 2013 7:54 pm
In the spirit of christmas i decided to go post your bug report in the thread pendy.
Because were not sure if galspanic and co visit the site, I wanted to make sure theit site was as good as possible.
The post was deleted with 12 hours.
The candy crush issue has not been fixed after over 6 months.
Because were not sure if galspanic and co visit the site, I wanted to make sure theit site was as good as possible.
The post was deleted with 12 hours.
The candy crush issue has not been fixed after over 6 months.
You post on dtr? Cool? Honestly, I don't know who posts there and who doesn't.
I actually read that site quite a bit but its mostly because a lot of the people I used to interact with on MTGS are over there.
It should be a privilege to post here
- Corruption Watch
- Regular Member
- Posts: 475
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Tue Feb 26, 2013 12:53 am
- Location: The Watchtower
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Well, it's crazy "more appropriate as a plotline for the first few seasons of the X-Files than internet forum policy" season again, and for those of you who don't have experience yes that's really a thing. I provide for you the following evidence:
Since the new year began, there have been 3 new threads in Technical Support:
- Where and how do I edit my signature? by the user Revolutionary (post count 117), and who wants us to know that, ahem, "illegal is not a noun."
- How do I change my status? by Sakashima, who wants to change his custom title to "the imposter".. also, who incidentally has made a whole whopping 1 (visible) post since he got that golden title
- and finally, How do I post in forums, by beebles, post count 141.
All three of these, of course, are snapped up by admins, techies, and globs, easily drowning out the actual questions themselves in their dogpile to get those
questions answered and appear at all relevant to the responsibility they're supposed to be wielding.
In retrospect, it saddens me more that the poor staff has felt the need to rise to their own bait and build this network of gimmicks to make it look like they know what they're doing than this... simply pathetic, transparent bid for user satisfaction. I mean, you're telling me the great and powerful Benjamin Timothy Gomes hasn't been squirreling away well-aged gimmicks this whole time? Why not use one of those instead of this limp pool of obvious gimmicks to make it look like you've been wisely using your time instead of fucking around, waiting for that master beta? Give me a challenge, guys.
The truth is out there.
Since the new year began, there have been 3 new threads in Technical Support:
- Where and how do I edit my signature? by the user Revolutionary (post count 117), and who wants us to know that, ahem, "illegal is not a noun."
- How do I change my status? by Sakashima, who wants to change his custom title to "the imposter".. also, who incidentally has made a whole whopping 1 (visible) post since he got that golden title
- and finally, How do I post in forums, by beebles, post count 141.
All three of these, of course, are snapped up by admins, techies, and globs, easily drowning out the actual questions themselves in their dogpile to get those
questions answered and appear at all relevant to the responsibility they're supposed to be wielding.
In retrospect, it saddens me more that the poor staff has felt the need to rise to their own bait and build this network of gimmicks to make it look like they know what they're doing than this... simply pathetic, transparent bid for user satisfaction. I mean, you're telling me the great and powerful Benjamin Timothy Gomes hasn't been squirreling away well-aged gimmicks this whole time? Why not use one of those instead of this limp pool of obvious gimmicks to make it look like you've been wisely using your time instead of fucking around, waiting for that master beta? Give me a challenge, guys.
The truth is out there.
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
- Kazekirimaru
- Tire Aficionado
- Posts: 9702
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 4:50 am
- Location: Bertrand, MI
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Ooh, goody! It appears that we have gone from a 'quantity of lulz' to a 'quality of lulz' time in dear Sally's lolhub tech support forum. I know it's been a little too slow lately, but these two posts more than make up for it.
[from the general complaints thread]
This one had me laughing for a good five minutes, like, can't-breath laughing. In case you haven't noticed already, there's a 'silent mod' edit to this post, wherein good ol' Feyd removed a 'malicious' link.
This is going to get a bit complicated, but if you can follow the joke, it's well worth it.
First, the version of VBulletin that dear Sally is currently on is a powerful piece of software; there's a good reason VB is the most common forum software on the planet despite having to (theoretically) pay
for it: it has a lot of options, especially from the Admin Control Panel. One of the most important of these many options is a simple one, called the "block linking" option; what this option does is exactly what it sounds like: you copypasta a link into the convenient text line and thereafter any link to that address will simply not link... it won't be blue, it won't give you a click icon when you hover over it, it will just turn into simple text. Instead of doing that (which is easier than editing a post), Feyd has, in classic iridium fashion, put the brunt of the problem on the user with the problem.
Second, and much lulzier, you have to understand what exactly happens when you post a link that has an embedded XSS script. A cross-site attack isn't some magical ability hackers have to take over innocuous-sounding websites. Here's an example of what an XSS IS:
[url=http://forums.mtgsalvation.com/
showgroups.php]Young? Gay? Click here to find a partner TONIGHT![/url]
[Link SFW, although maybe not SFSanity]
In the event of an XSS attack, the hacker isn't trying to get you to click the link to some hub of internet villainy, there's trying to get you to click; the website they're leading you too could be Google, or Fiveguys.com, or Candy Crush, or what have you... the only reason they care where you end up is that they hope you'll be too distracted to notice that grinding noise your router is making while it's downloading the virus they've embedded in the link, not the site.*
Now, guess what VBulletin automatically removes. That's right, it removes any scripting in links. There is simply no way that link could have been malicious... and he's removed the link so that people can't see that for themselves.
So yes, Feyd is victim to all the usual failings of being Feyd here: putting the blame on the user, being too
much of idiot to realize that he's doing pointless busywork, and trying to look like he's a valuable member of the staff when all real evidence points directly to the contrary; but on top of that, he also seems to have abso-fuckin-lutely no idea how to protect his website and kind of flailing at whatever is in front of him.
Someone promote that man.
As if that weren't enough, here comes the mod text! I find a certain irony in the fact that he's getting the red for censor evasion when, just one post ago, Feyd seemed all too happy to creep in and remove the 'malicious content' without saying anything. How dare a user be upset at the myriad bugs and exploits that Curse sites are victim too, amirite?
To be honest, I smell a rat. Sure, Feyd is a self-serving hypocrite,
but this just smacks of a level of stupidity that even he can't naturally have. I would suspect that he left those traps for me, as a way for me to bump my own thread, and maybe save a few readers from reading the infinitely lulzier posts Magic Mage has been spewing out of her ass lately. Won't work, my man... apparently unlike Sally's technical support staff, I know how to link.
Click here to view funny Magic Mage threads!
[from the general complaints thread]
This one had me laughing for a good five minutes, like, can't-breath laughing. In case you haven't noticed already, there's a 'silent mod' edit to this post, wherein good ol' Feyd removed a 'malicious' link.
This is going to get a bit complicated, but if you can follow the joke, it's well worth it.
First, the version of VBulletin that dear Sally is currently on is a powerful piece of software; there's a good reason VB is the most common forum software on the planet despite having to (theoretically) pay
for it: it has a lot of options, especially from the Admin Control Panel. One of the most important of these many options is a simple one, called the "block linking" option; what this option does is exactly what it sounds like: you copypasta a link into the convenient text line and thereafter any link to that address will simply not link... it won't be blue, it won't give you a click icon when you hover over it, it will just turn into simple text. Instead of doing that (which is easier than editing a post), Feyd has, in classic iridium fashion, put the brunt of the problem on the user with the problem.
Second, and much lulzier, you have to understand what exactly happens when you post a link that has an embedded XSS script. A cross-site attack isn't some magical ability hackers have to take over innocuous-sounding websites. Here's an example of what an XSS IS:
[url=http://forums.mtgsalvation.com/
showgroups.php]Young? Gay? Click here to find a partner TONIGHT![/url]
[Link SFW, although maybe not SFSanity]
In the event of an XSS attack, the hacker isn't trying to get you to click the link to some hub of internet villainy, there's trying to get you to click; the website they're leading you too could be Google, or Fiveguys.com, or Candy Crush, or what have you... the only reason they care where you end up is that they hope you'll be too distracted to notice that grinding noise your router is making while it's downloading the virus they've embedded in the link, not the site.*
Now, guess what VBulletin automatically removes. That's right, it removes any scripting in links. There is simply no way that link could have been malicious... and he's removed the link so that people can't see that for themselves.
So yes, Feyd is victim to all the usual failings of being Feyd here: putting the blame on the user, being too
much of idiot to realize that he's doing pointless busywork, and trying to look like he's a valuable member of the staff when all real evidence points directly to the contrary; but on top of that, he also seems to have abso-fuckin-lutely no idea how to protect his website and kind of flailing at whatever is in front of him.
Someone promote that man.
As if that weren't enough, here comes the mod text! I find a certain irony in the fact that he's getting the red for censor evasion when, just one post ago, Feyd seemed all too happy to creep in and remove the 'malicious content' without saying anything. How dare a user be upset at the myriad bugs and exploits that Curse sites are victim too, amirite?
To be honest, I smell a rat. Sure, Feyd is a self-serving hypocrite,
but this just smacks of a level of stupidity that even he can't naturally have. I would suspect that he left those traps for me, as a way for me to bump my own thread, and maybe save a few readers from reading the infinitely lulzier posts Magic Mage has been spewing out of her ass lately. Won't work, my man... apparently unlike Sally's technical support staff, I know how to link.
Click here to view funny Magic Mage threads!
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Ahh, this is a classic.
Last night, in response to Togaras' complaints [above], Pops wrote:
I think we've all had to deal with scenarios like the following, which is a direct interpretation of a convo I had a few weeks ago:
Now, let's be clear here: I've heard the first familiar grumblings that some people don't really respect what I'm doing here, and while I'm fine with not being viewed as a paragon of virtue, it does upset me that my detractors aren't learning anything through my words... what I'm teaching here is pretty basic stuff. Customer
service isn't really a difficult thing for most people to grasp, yet it apparently continues to elude Pops (and 99% of the staff) for some reason despite my walls of text on the subject. If, for instance, someone posts two posts chock full of information about their problem, a mod steps in and deletes the most important parts, follows that up with some mod text, and then another mod steps in and asks if they can provide more information because it's not formatted in a way they can easily understand, well... yeah, I'm gonna lulz at that.
What was it Sene said? "Volunteers trying to make the site run smoothly for the users" or something?
@Togaras: while I suspect that this is never going to reach your screen, and wouldn't blame you one bit for ragequitting over this crap, your problem is a known XSS exploit that's been plaguing the site for most of a year now. Firefox, sadly, doesn't have the patch for this built in, so first you
should try Shift+Control+A to see if your add-ons have been fucked with, and while you're there turn on ad-block; if that doesn't work uninstall then reinstall your browser and that'll clear up the problem as long as you don't go back to Sally.
Last night, in response to Togaras' complaints [above], Pops wrote:
...although 'wrote' isn't quite right, considering that earlier that day he made a placeholder statement that he'd check into the issue after work (btw, kudos for, you know, actually doing what you said you'd do this time, Pops! ).What details can you give me about this? Page you're getting it on, source of the ad, etc. Even posting a screen shot would be nice.
I think we've all had to deal with scenarios like the following, which is a direct interpretation of a convo I had a few weeks ago:
service isn't really a difficult thing for most people to grasp, yet it apparently continues to elude Pops (and 99% of the staff) for some reason despite my walls of text on the subject. If, for instance, someone posts two posts chock full of information about their problem, a mod steps in and deletes the most important parts, follows that up with some mod text, and then another mod steps in and asks if they can provide more information because it's not formatted in a way they can easily understand, well... yeah, I'm gonna lulz at that.
What was it Sene said? "Volunteers trying to make the site run smoothly for the users" or something?
@Togaras: while I suspect that this is never going to reach your screen, and wouldn't blame you one bit for ragequitting over this crap, your problem is a known XSS exploit that's been plaguing the site for most of a year now. Firefox, sadly, doesn't have the patch for this built in, so first you
should try Shift+Control+A to see if your add-ons have been fucked with, and while you're there turn on ad-block; if that doesn't work uninstall then reinstall your browser and that'll clear up the problem as long as you don't go back to Sally.
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Uh oh.
The Countdown has Begun
If things go halfway as decently as I expect them to, it's going to be one hell of a Day Zero, people. Stock up on your popcorn now.
The Countdown has Begun
If things go halfway as decently as I expect them to, it's going to be one hell of a Day Zero, people. Stock up on your popcorn now.
- Kazekirimaru
- Tire Aficionado
- Posts: 9702
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 4:50 am
- Location: Bertrand, MI
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Isn't it hilarious? Far as I can figure, the data dumps from the main site over to the beta are getting done in one of two ways: either the main site is set up to data-dump every once in a while automatically, or they're making Ned from the Geek Squad do it on his lunch breaks; either way, that information is basically just getting copypasta'd over without anybody caring about its permissions level, and the admins or that guy named mouser or molester or whatever is retrograding the changes to their 'correct' permissions. Doesn't seem like an efficient way to do it and a whole lot of hidden stuff is getting spewed to the open (where Google is using those beautiful webcrawlers to catch it faster than us humans can, even if we do get lucky enough to see the mistake), but hey, what do I know?
A personal plea from Pendulum
Dear Curse,
I know you're getting a lot of flak for transitioning in
the middle of spoiler season. Admittedly, it probably wasn't a great idea to bring down the hammer right now ['cuz let's face it, best-case scenario everyone ports over during the spoilers and crash the smaller server], but I, for one, realize that if you always hesitated based on user/staff feedback, the transition just wouldn't ever happen. Please, please don't listen to the naysayers; they should be written off as nothing more than scumbags, desiring internet anarchy, and standing in the way of progress. Transition on time, like you said you would... it is imperative you save face here, above all else. Considering the site's long history of lying to its userbase, this is something that becomes evermore important: you need to break from the cycle, and the only way to do that is with the strong-arm tactics we've come to respect from you.
Now, I know you're thinking that I might be disingenuous here, that maybe, just
maybe, I know something you don't, and that I might have an ulterior, malicious motive for urging you so strongly to transition, but rest assured this is not the case. Sure, sure, previous to writing this, I admit I did make a song playlist I titled "The Death Card" which is just a 10-hour remix of the sing-song phrase "na na na na, na na na na, hey-hey-hey, goodbye" over and over again, even gave it a cute little Ace of Spades icon, but rest assured I did this for a reason other than sitting in front of my computer on Jan. 21st and watching the world burn. And yes, I also just put in an order to onlinepopcornorders.com for some of that delicious maple syrup popcorn they make, but that's just because I really like the stuff. Is that a crime?
So in closing, I'm totes serious, please don't delay the transition, again totes-mah-goats serious, you've clearly thought all this through and I trust you. What could possibly go wrong?
Totes-mah-goats-with-
boats serious and not laughing at you in any way,
Pendulum
A personal plea from Pendulum
Dear Curse,
I know you're getting a lot of flak for transitioning in
the middle of spoiler season. Admittedly, it probably wasn't a great idea to bring down the hammer right now ['cuz let's face it, best-case scenario everyone ports over during the spoilers and crash the smaller server], but I, for one, realize that if you always hesitated based on user/staff feedback, the transition just wouldn't ever happen. Please, please don't listen to the naysayers; they should be written off as nothing more than scumbags, desiring internet anarchy, and standing in the way of progress. Transition on time, like you said you would... it is imperative you save face here, above all else. Considering the site's long history of lying to its userbase, this is something that becomes evermore important: you need to break from the cycle, and the only way to do that is with the strong-arm tactics we've come to respect from you.
Now, I know you're thinking that I might be disingenuous here, that maybe, just
maybe, I know something you don't, and that I might have an ulterior, malicious motive for urging you so strongly to transition, but rest assured this is not the case. Sure, sure, previous to writing this, I admit I did make a song playlist I titled "The Death Card" which is just a 10-hour remix of the sing-song phrase "na na na na, na na na na, hey-hey-hey, goodbye" over and over again, even gave it a cute little Ace of Spades icon, but rest assured I did this for a reason other than sitting in front of my computer on Jan. 21st and watching the world burn. And yes, I also just put in an order to onlinepopcornorders.com for some of that delicious maple syrup popcorn they make, but that's just because I really like the stuff. Is that a crime?
So in closing, I'm totes serious, please don't delay the transition, again totes-mah-goats serious, you've clearly thought all this through and I trust you. What could possibly go wrong?
Totes-mah-goats-with-
boats serious and not laughing at you in any way,
Pendulum
- Kazekirimaru
- Tire Aficionado
- Posts: 9702
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 4:50 am
- Location: Bertrand, MI
-
- Tire Aficionado
- Posts: 2864
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Mar 28, 2013 6:29 pm
- Location: Boston, MA
I'm not really a techie and only follow approximately 45% of what Pendulum says in this thread, but I do know that if I ever have a company that uses forums, I'm hiring Pendulum if at all possible.
Thanks to NerdBoyWonder for the amazing sig!
Son, I want you to know that no matter what happens between your mother and me, it's all your fault.
- Corruption Watch
- Regular Member
- Posts: 475
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Tue Feb 26, 2013 12:53 am
- Location: The Watchtower
- Kaitscralt
- A frog among toads
- Posts: 21216
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Thu Sep 20, 2012 12:48 am
I have a technical problem... mtgs is banning talk on counterfeits, but counterfeits are the biggest topic of discussion in the game right now, and mtgs is the biggest online forum community for the game, so... something must be broken on a technical level that they aren't allowing it there
some kind of forum glitch bug maybe?
some kind of forum glitch bug maybe?
Standard hobos who play budget garbage should be looked upon with suspicion.
- Corruption Watch
- Regular Member
- Posts: 475
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Tue Feb 26, 2013 12:53 am
- Location: The Watchtower
- rezombad
- Tire Aficionado
- Posts: 7703
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Sun Jun 30, 2013 7:54 pm
pendy's posts always leave me somewhat aroused... on a technical level.
You post on dtr? Cool? Honestly, I don't know who posts there and who doesn't.
I actually read that site quite a bit but its mostly because a lot of the people I used to interact with on MTGS are over there.
It should be a privilege to post here
- Pendulum
- Tire Aficionado
- Posts: 4359
(View: POSTS_VIEWTOPIC /POSTS_VIEWTOPIC_INTO) - Joined: Wed Oct 24, 2012 12:51 am
Oh yeah, this has been going on for some time, although it's not really a glitch. You know those double-underlined auto-links you sometimes get after you've visited a porn site, the ones that just randomly highlight words and if you float the mouse over them you get a little pop-up that's usually NSFW? Well, see, Xenphire's computer got one of those...I have a technical problem... mtgs is banning talk on counterfeits, but counterfeits are the biggest topic of discussion in the game right now, and mtgs is the biggest online forum community for the game, so... something must be broken on a technical level that they aren't allowing it there
some kind of forum glitch bug maybe?
...
somehow...
...
and now every time the word "Chinese&
quot; appears on his screen a little pop-up comes up telling him about exotic beauties that are desperate to meet American Men Males. Naturally, he believes this to be something the MTGS poster has done, and that violates the code of conduct, so he infracts it. A common enough mistake, although correcting the error is something I've had a bit of trouble with; I found a really fat squirrel, it was just huge, like 20 pounds or better, and I trained it to install Avast, but sadly, it balked at what I wanted it to do before it would get the chance to get to the terminal for a few minutes and complete the fix uninterrupted.
@Kaze: fuck yeah, dude! Shelley's popcorn makes a hella sweet maple syrup microwave popcorn, it forms this brittle syrup shell as it cooks and it is seriously, literally better than sex. If you have one of those old school popcorn poppers you can make your own, too, it's as simple as adding some
maple syrup to the popcorn right before you pop it.
Thank you all for your accolades, but sadly, it appears that Curse has decided to push back the transition until Feb. 3rd. This saddens me, as I really thought Curse would finally dispel those rumors that they were wishy-washy, ignorant dullards who left everything in the hands of untrained volunteers on a power trip, but sadly, it looks like they're yet again going to cave to user demand despite my pleas. Truly, it has been a harsh learning experience for me, as I had such faith in them, but it looks like I have a bit of growing up to do.
On the plus side, at least, they've made the amended date the day after Groundhog's Day, which if that isn't poetic justice I don't know what it is.
Who is online
Users browsing this forum: No registered users and 1 guest