Fornits
Treatment Abuse, Behavior Modification, Thought Reform => The Troubled Teen Industry => Topic started by: Anonymous PHPBB Tester on October 25, 2007, 11:48:58 PM
-
Parents: Although some of you might not understand the technical details behind this, it's how a notorious industry shill performs acts of trickery. Your kids, assuming you haven't sent them to some hellhole, might be a great source of info for exploits like this and forums in general...
Make a post. Immediately after you have made it, click Edit Post.
Now leave that window open! Do everything else in a new window.
Now you or someone else can make a reply. If you have created that edit-this-post window from BEFORE someone else has replied to you, you can edit the post in that window WITHOUT the "edited by" message showing up once you're done. I'm not sure if this is on a time limit or what. It probably is.
Edited by me after CTD's reply.
-
Parents: Although some of you might not understand the technical details behind this, it's how a notorious industry shill performs acts of trickery. Your kids, assuming you haven't sent them to some hellhole, might be a great source of info for exploits like this and forums in general...
Make a post. Immediately after you have made it, click Edit Post.
Now leave that window open! Do everything else in a new window.
Now you or someone else can make a reply. If you have created that edit-this-post window from BEFORE someone else has replied to you, you can edit the post in that window WITHOUT the "edited by" message showing up once you're done. I'm not sure if this is on a time limit or what. It probably is.
ding ding ding we have a winner.
-
Ok something is definitely up.
This actually did work before.
I'd love to know the details of this.
HEY RANDALL COOK! Are you behind this one?
Randall Cook: Fuck no you looser!
-
It worked for me..
-
Don't you know the magician's code?
You are ruining it for everyone.
-
Yeah, well, yanking wizards out from behind curtains is what we do here at Fornits. I'll bet dimes to dollars they've hired an "expert" here. My guess is Randall Cook, because he's the only PHP/forum coder I can name who's fucked enough to do it.
-
Ok something is definitely up.
This actually did work before.
I'd love to know the details of this.
HEY RANDALL COOK! Are you behind this one?
Randall Cook: Fuck no you looser!
The way it works is this. I (or theoretically an admin) can edit my post without a trail before a reply is posted in the same thread (does not have to be quoted reply). It doesn't matter though, we're moving to SMF anyway. We were thinking of modifying phpbb but just figured it would be easire to wait until we switch to SMF.
-
test #1 NO EDIT..
test # 2 added..
-
I'm an admin, and I'm masturbating right now.
Who am i?
-
It's not a matter of speed, it's a matter of opening the window. I think. It worked in the Web Development forum where I tried it.
-
following the directions as posted in the OP will allow you to alter your post without leaving a time stamp.
Stoopid motha fookas for fornits now?
bleh.. I'd be willing to pay for something better.
-
Nice try at covering your butts.. the posts were altered, they always have been and I just provided the evidence. now instead of trying to make me look like the one doing it, why not do your jobs and plug the hole so it cant happen to other people. There is a hole in your system and no one is going to feel safe posting sensitive information until you get this fixed. Especially if they work for the industry.
Fix the fucking problem...dont do it for me, fools.. do it for the information you may get from disgruntled employees who may want to post here
Do your jobs and secure the database!!
-
I'm an admin, and I'm masturbating right now.
Who am i?
I really don't want to know, especially if you are actually an admin.
-
Look at theWho play victim!!! :rofl:
-
It's not a matter of speed, it's a matter of opening the window. I think. It worked in the Web Development forum where I tried it.
It's not a matter of speed[/color]. see here:
http://wwf.fornits.com/viewtopic.php?p=290448#290448 (http://wwf.fornits.com/viewtopic.php?p=290448#290448)
I know that since I looked it up in the PhpBB manual.
-
It's not a matter of speed, it's a matter of opening the window. I think. It worked in the Web Development forum where I tried it.
It's not a matter of speed[/color]. see here:
http://wwf.fornits.com/viewtopic.php?p=290448#290448 (http://wwf.fornits.com/viewtopic.php?p=290448#290448)
I know that since I looked it up in the PhpBB manual.
Look. The Who actually presented pretty solid evidence that posts were modified. He would have had to immediately modify his post after posting it knowing full well at the time that somebody would quote him and be writing a reply before he hit submit (for the edit). That is highly unlikely (however not impossible). From a techincal standpoint, TheWho actually has a point. Only admins could have edited his posts without leaving an edit stamp after somebody else (anne bonnie in this case) quoted him. (unless, he wrote "i am an industry whore" immediately after posting but before anne hit submit.). He would have had to know that somebody would have quoted and replied to him.
You think it's easy? Try and do it yourself? I challenge anybody to successfully edit a post without a trail (and get a different post quoted). The only way I can see of to do it is to wait for people to be online that would respond to you with a fairly long post, then submit your edit after they hit quote but before they hit submit on their reply. One problem is that you don't know when the other person is typing so it would be crapshoot and the edited version might get quoted (but you could hypothetically claim the quoted version was altered). I don't see many posts like that around and unless TheWho got it right on the first time i'd have to say it does look like an admin edit from a purely technical standpoint.
I'm probably going to a lot of get shit for this, but from a purely techincal standpoint, it looks like the Who is right... we won't really ever know for sure. The Who does actually have a valid point about staff feeling safe enough to post here (especially with insider info). If an admin did do this it's all the more reason to move to SMF asap.
-
not impossible though.. remember people post like mad all over this forum when things get moving.
Impossible.. no..
still interesting..
either way I don't give a rat's ass. if someone is doing it then it will show up in the database.
-
Actually, I really don't think it's that difficult. I think that it's just a matter of posting the original, then clicking edit and keeping the window open till someone quotes you then submitting the edit.
Wanna test it? Psy, quote this and I'll see if I can do it.
Rachael is an industry whore :D
-
Actually, I really don't think it's that difficult. I think that it's just a matter of posting the original, then clicking edit and keeping the window open till someone quotes you then submitting the edit.
Wanna test it? Psy, quote this and I'll see if I can do it.
ok do it.
-
Nevermind.... maybe he does have a point. But I'll keep experimenting.
-
This thread is serious business.
-
lols.. time to change forums then.
I still think it is possible you just have to be fast and lucky about it.
who knows though.. the who has managed to piss off enough people around here..
anyway we can check the database I'd like to know myself.
-
If TheWho doesn't feel comfortable posting here then he can just stop posting here.
That's also an option, you know.
-
lols.. time to change forums then.
I still think it is possible you just have to be fast and lucky about it.
who knows though.. the who has managed to piss off enough people around here..
anyway we can check the database I'd like to know myself.
Yeah it can be done:
http://wwf.fornits.com/viewtopic.php?t=23754 (http://wwf.fornits.com/viewtopic.php?t=23754)
Try it yourself. It just appears to be a shot in the dark, and you would be risking the edit trail ratting you out.
But at the same time, why the fuck would an admin do something so small and obvious. Something just doesn't fit....
-
I did it!!
I am theWho's daughter.
When he was bent over sucking his own cock, I quickly typed a sentence over his head.
He said he likes the way my hair smells.
If you're wondering, yes, he swallows.
-
This thread is serious business.
no shit dude :wink:
-
I'm game,
I will post this and immediately hit the edit button. I will then open another tab and quote myself. I'll wait 30min then apply the edits in the other window to see if the stamp is there.
Ok so I waited 10 mins
-
I'm game,
I will post this and immediately hit the edit button. I will then open another tab and quote myself. I'll wait 30min then apply the edits in the other window to see if the stamp is there.
Let's see
-
Nope didn't survive 10mins, but I have another idea
----------------- end of OP
-
Nope didn't survive 10mins, but I have another idea
----------------- end of OP
Edit stamp test
Nope it just made a duplicate post
-
Nope didn't survive 10mins, but I have another idea
----------------- end of OP
Edit stamp test
Nope it just made a duplicate post
It has NOTHING to do with time.. RTFM! :
4.2.8 (http://http://www.phpbb.com/support/documentation/2.0/#section4_2_8): Editing Posts
Editing posts allows you to go back and fix errors, remove incorrect information, or add new information to your posts. To edit a post, look at the top right corner of your post and click Edit. You will be taken to the posting form to edit your post, and then click Submit to enter it into the database. If you edit a post after it has been replied to, a small message will appear at the bottom of it indicating how many times it has been edited, and when and by whom the last edit occurred.
GAAAH... ppl that don't RTMFM make me insane!!! GAAAH.. *sysadmin flashback*
-
Psy dear, not all "features" are detailed in the MFM, if you get my drift.
-
And isn't it the Who has bragged about having tech people at his company or at least referred to it in the past? I remember him mentioning it before. Also lord forbid something like Phbbb have hacks, loopholes, or otherwise just be shitty software.
I've told you before Psy that I have a buddy who used to play around with fornits in the past. One of his claims was to have gotten into the admin forum and he looked around it for awhile.
So this isn't the most fool proof iron clad shit we are dealing with.
-
Psy dear, not all "features" are detailed in the MFM, if you get my drift.
Yes, but I've tested the edit behavior before extensively. I'm quite sure that phpBB behaves the way it is described in the manual. If that's true, than TheWho has a point. As you pointed out, something doesn't fit, and I'm hoping this will be the last of it. Sadly, it is not possible to check... We're moving to SMF soon and that will resolve any possible problem.
Here's a phpBB official site mod's opinion:
If an admin were worried about this, as I recall, phpbb 2 does actually know in the database tables that a moderator edited a post, but doesn't show it if it was a moderator.
Actually, it does not. Not in a plain vanilla phpbb2 installation, anyway. The only time an edit is recorded in phpBB2 is if a user edits their own post after someone else has replied. So an unscrupulous moderator (or admin) could, in fact, edit a post and there would be no trace of that activity.
If a moderator / admin edits a post of a user: no edit history
If a user edits their own post before any replies: no edit history
If a user or moderator or even an admin edits their own post after a reply: edit history is captured and displayed.
It all comes down to trust. You need to trust your moderators, you need to set guidelines as to what is expected or allowed, and you need to enforce those rules. Some of my moderators have taken to correcting spelling or grammer, and while I don't actually think it's appropriate it's never been made into a rule. If users start complaining, I will. But for now they don't seem to mind. We get a lot of international users, and since proper spelling will help when searching for similar issues down the road it does seem like it would help.
MichaelWagner responds:
Hmm...I fear drathburn may be right. I just looked at the tables of a live 2.21 system. The tables only have place for a last edit time and an edit count, in particular no editing user name. So it couldn't be recording a moderator edit. Sorry for the misinformation.
source: http://www.phpbb.com/community/viewtopi ... 5#p2963443 (http://www.phpbb.com/community/viewtopic.php?f=6&t=529453&start=15#p2963443)
-
And smf doesn't have any loop holes or hacks???
Oh lords... B-tards... do yah thing boys.. educate em all..
look man get your head out of the tech manual for ten seconds. Just cause mike wagner says it doesn't mean that is exactly the way it will or won't happen.
Personally I'm pissed that we are going to SMF. the format sucks and I think there are much better options avaliable. I seem to remember offering to pay for a new software on top of it.
BLEH.....
this is the forum style of software I like
www.expatkorea.com (http://www.expatkorea.com)
not only is it highly adaptable the owner of that forum indicated it isn't to costly either and they have a slew of advanced options to choose from. That particular forum doesn't allow guest posting, but it can happen quite easily.
-
It doesn't matter though, we're moving to SMF anyway. We were thinking of modifying phpbb but just figured it would be easire to wait until we switch to SMF.
I can't wait!
-
One problem is that you don't know when the other person is typing so it would be crapshoot and the edited version might get quoted (but you could hypothetically claim the quoted version was altered). I don't see many posts like that around and unless TheWho got it right on the first time i'd have to say it does look like an admin edit from a purely technical standpoint.
I'm probably going to a lot of get shit for this, but from a purely techincal standpoint, it looks like the Who is right... we won't really ever know for sure. The Who does actually have a valid point about staff feeling safe enough to post here (especially with insider info). If an admin did do this it's all the more reason to move to SMF asap.
Who says it was his first attempt? He might have tried 20 times before it worked for all we know. No, I don't believe any admins are editing his posts. I think he's very blatantly trying to discourage staff or anyone else from posting.
The funny part is, as always, a fucking programmie bitching and whining about being called bad, bad names in ascii text on the net. Bwoooohahahaha! Try that again only in real life, you're held captive against your will for an indeterminate period of time and the name calling is done at high volume complete with spit and sweat flying, by everyone around you. And you can't walk away, these people control your ability to use a bathroom, eat, sleep or scratch your ass.
Fucking pussy! You can dish it out to defenceless children but ya just can't take even the shadow of it back at you.
-
....I agree with SC about something being foul. He keeps trying to blame Deborah, Deborah?!?! We all know Deborah always post credible information with sources and when has Deborah ever tolled someone? Who has a vendetta against Deborah because her info is solid and he can't get her to call him a "cunt" or something stupid that he could point to and say "See!!!".
-
I did it!!
I am theWho's daughter.
When he was bent over sucking his own cock, I quickly typed a sentence over his head.
He said he likes the way my hair smells.
If you're wondering, yes, he swallows.
:rofl: :rofl: :rofl:
-
Personally I'm pissed that we are going to SMF. the format sucks and I think there are much better options avaliable. I seem to remember offering to pay for a new software on top of it.
BLEH.....
this is the forum style of software I like
www.expatkorea.com (http://www.expatkorea.com)
not only is it highly adaptable the owner of that forum indicated it isn't to costly either and they have a slew of advanced options to choose from. That particular forum doesn't allow guest posting, but it can happen quite easily.
Well why didn't ya say something before?
-
....I agree with SC about something being foul. He keeps trying to blame Deborah, Deborah?!?! We all know Deborah always post credible information with sources and when has Deborah ever tolled someone? Who has a vendetta against Deborah because her info is solid and he can't get her to call him a "cunt" or something stupid that he could point to and say "See!!!".
I read back over it and I didnt see where Deborah was brought up, except by you.
-
Psy dear, not all "features" are detailed in the MFM, if you get my drift.
Yes, but I've tested the edit behavior before extensively. I'm quite sure that phpBB behaves the way it is described in the manual. If that's true, than TheWho has a point. As you pointed out, something doesn't fit, and I'm hoping this will be the last of it. Sadly, it is not possible to check... We're moving to SMF soon and that will resolve any possible problem.
Here's a phpBB official site mod's opinion:
If an admin were worried about this, as I recall, phpbb 2 does actually know in the database tables that a moderator edited a post, but doesn't show it if it was a moderator.
Actually, it does not. Not in a plain vanilla phpbb2 installation, anyway. The only time an edit is recorded in phpBB2 is if a user edits their own post after someone else has replied. So an unscrupulous moderator (or admin) could, in fact, edit a post and there would be no trace of that activity.
If a moderator / admin edits a post of a user: no edit history
If a user edits their own post before any replies: no edit history
If a user or moderator or even an admin edits their own post after a reply: edit history is captured and displayed.
It all comes down to trust. You need to trust your moderators, you need to set guidelines as to what is expected or allowed, and you need to enforce those rules. Some of my moderators have taken to correcting spelling or grammer, and while I don't actually think it's appropriate it's never been made into a rule. If users start complaining, I will. But for now they don't seem to mind. We get a lot of international users, and since proper spelling will help when searching for similar issues down the road it does seem like it would help.
MichaelWagner responds:
Hmm...I fear drathburn may be right. I just looked at the tables of a live 2.21 system. The tables only have place for a last edit time and an edit count, in particular no editing user name. So it couldn't be recording a moderator edit. Sorry for the misinformation.
source: http://www.phpbb.com/community/viewtopi ... 5#p2963443 (http://www.phpbb.com/community/viewtopic.php?f=6&t=529453&start=15#p2963443)
Psy you are definitely not one to hop on the band wagon (so to speak). Your honesty will pay off for you some day, I guarantee it. It takes guts to stand up against your peers like that, you approached it logically, honestly and with researched data. It would have been so much easier, on you and how people view you here on fornits, if you just threw me under the bus like everyone else and said: “I asked around and all the admins said it wasn’t them so TheWho must be lyingâ€
-
....I agree with SC about something being foul. He keeps trying to blame Deborah, Deborah?!?! We all know Deborah always post credible information with sources and when has Deborah ever tolled someone? Who has a vendetta against Deborah because her info is solid and he can't get her to call him a "cunt" or something stupid that he could point to and say "See!!!".
I read back over it and I didnt see where Deborah was brought up, except by you.
Naw, Hanzo's right. He brought Deborah up here:
Look at my last post (last line) and you will see that it was altered by Deborah again. Up to her old tricks. It says:
“Oh, and one more thing...I am a real stupid asshole.â€
-
Yes, I read back over the posts and I initially did accuse Deborah and I appologize for that assumption....
Sorry Deborah, I know it could have been any one of the admins, I should not have singled you out.
...
-
If TheWho doesn't feel comfortable posting here then he can just stop posting here.
That's also an option, you know.
-
The funny part is, as always, a fucking programmie bitching and whining about being called bad, bad names in ascii text on the net. Bwoooohahahaha! Try that again only in real life, you're held captive against your will for an indeterminate period of time and the name calling is done at high volume complete with spit and sweat flying, by everyone around you. And you can't walk away, these people control your ability to use a bathroom, eat, sleep or scratch your ass.
Fucking pussy! You can dish it out to defenceless children but ya just can't take even the shadow of it back at you.
QUOTE FOR FUCKING REALITY.
-
It's good to see everything has returned to normal at fornits, and theWho is once again the center of attention.
-
I could fix that in about a minute....
-
Nice try at covering your butts.. the posts were altered, they always have been and I just provided the evidence. now instead of trying to make me look like the one doing it, why not do your jobs and plug the hole so it cant happen to other people. There is a hole in your system and no one is going to feel safe posting sensitive information until you get this fixed. Especially if they work for the industry.
Fix the fucking problem...dont do it for me, fools.. do it for the information you may get from disgruntled employees who may want to post here
Do your jobs and secure the database!!
-
Yes, I read back over the posts and I initially did accuse Deborah and I appologize for that assumption....
Sorry Deborah, I know it could have been any one of the admins, I should not have singled you out.
...