Forum Settings
Forums
Oct 28, 2013 8:16 AM

Offline
Joined: Aug 2009
Posts: 17346
I dont think the CAPTCHA thing will help in any way since when I refresh my page it redirects me to my panel,list,profile or whatever I was trying to go to, so what exactly is the point of having it if I that have no idea from hacking/whatever can work around it simply by refreshing the page?
 
Oct 28, 2013 12:08 PM

Offline
Joined: Sep 2011
Posts: 3237
I don't understand what is taking so long, just restrict what sites you can upload images from and that should be safe enough. If some douchebag wants to upload a gore image he/she will probably find a way to do it regardless. That's what moderators are for, to find and ban those people. Don't want to sound like a spoiled brat but its been how many months now since the DDoS attack?
 
Oct 28, 2013 12:27 PM

Offline
Joined: Jul 2010
Posts: 968
How can I get my signature picture back?!?
 
Oct 28, 2013 1:56 PM

Offline
Joined: Jul 2009
Posts: 5263
When [img]?
 
Oct 28, 2013 2:56 PM

Offline
Joined: Dec 2012
Posts: 525
I think people are getting impatient with these disabled codes; myself included.
 
Oct 29, 2013 3:11 AM

Offline
Joined: Feb 2011
Posts: 360
I can deal with the disabled bbcode, but other changes are breaking updating clients. For some reason the site will no longer let me refresh my list in ANY mobile client. I can still update if the list is current (apparently that works through the API), but if I try refreshing it fails to load the new list. This is apparently IP based, if I disconnect from Wifi and refresh on cellular I can now load my list.

This either needs to be fixed, or MAL needs to develop an actual usable mobile site. Updating lists are next to impossible from a mobile browser.

Apparently I update too much, so it triggered additional protections and now it's blocking me. I"m getting really close to finding an alternative, because I'm not about to stop reading manga but I need a reliable site to update my list on.
 
Oct 29, 2013 8:39 AM

Offline
Joined: Jul 2013
Posts: 1067
horaaay! gambatte ne, Xinil!
 
Oct 29, 2013 6:46 PM

Offline
Joined: Jun 2008
Posts: 3916
Virtual_BS said:
I noticed the login page is now blocked by a CAPTCHA.
This would be great if it wasn't also blocking MAL Updater from connecting to my list :(
I got that also. I was wondering if that was something MAL put up or someone is trying to slip in by a different way. Something like this needs to be broadcasted big time. Given the recent infiltration, I'm now leery of anything that shows up without notice.
And as someone said, I just refreshed my screen and it disappeared.
What if the Hokey Pokey is what it is all about?

 
Oct 30, 2013 2:14 AM

Offline
Joined: Nov 2010
Posts: 2649
i havent seen the captcha yet.. but is all this new stuff the reason why i cannot connect to my list on the MAL app on my phone?
 
Oct 30, 2013 3:01 AM

Offline
Joined: Jan 2010
Posts: 468
Never get captcha..but do we even need them?? o,o
BTW...I can't wait for img BBcode alive again....want to update my signature.

And! My anti-virus sometime say it detect a virus from this site. Currently I'm using ABP to minimum the risk, still it say..."Virus has been detect from MAL"..What???
Modified by AoiMizu, Oct 30, 2013 10:21 AM

 
Oct 31, 2013 3:58 PM

Offline
Joined: May 2012
Posts: 1693
its working just now..

 
Nov 1, 2013 10:30 AM

Offline
Joined: Jul 2012
Posts: 2652
Dark_Messiah said:
its working just now..
same man wow
 
Nov 2, 2013 10:06 AM

Offline
Joined: Aug 2013
Posts: 1337
Yay [img] finally works <3
 
Nov 2, 2013 10:25 AM

Offline
Joined: Jun 2013
Posts: 1254
Are you sure???
 
Nov 2, 2013 10:26 AM
Offline
Joined: Jul 2012
Posts: 9417
you can tell that the img is still doesnt work
 
Nov 2, 2013 10:29 AM

Offline
Joined: Jun 2013
Posts: 1254


nope... doesn't look like it works...
Modified by rodac, Nov 2, 2013 3:56 PM
 
Nov 2, 2013 12:17 PM

Offline
Joined: Oct 2013
Posts: 544
they're just re-enabling [ color] and [ url ] tags,well that's better than nothing
 
Nov 3, 2013 4:44 AM

Offline
Joined: Jun 2008
Posts: 15757
Anyway it really is taking them too long to figure a way to re-enable [img] back. After so much time they can't find a way to solve the weakness they had? Maybe there is no solution to this specific little weakness or maybe they found a way but it needs a lot of process to get it working?
It would be nice if Xinil told us which of these scenarios is currently occurring.
 
Nov 3, 2013 4:58 AM

Offline
Joined: Feb 2008
Posts: 4260
Can you at least enable images on blogs? I need to update mine and can't because everything is broken.
 
Nov 3, 2013 4:59 AM

Offline
Joined: Mar 2013
Posts: 5834
Veronin said:
Can you at least enable images on blogs? I need to update mine and can't because everything is broken.

I honestly do not know why Blog inserts are disabled if the About Me isn't.
Doesn't make much sense but yeah, I agree.
 
Nov 3, 2013 9:03 AM

Offline
Joined: Feb 2013
Posts: 6629
Sub said:
Veronin said:
Can you at least enable images on blogs? I need to update mine and can't because everything is broken.

I honestly do not know why Blog inserts are disabled if the About Me isn't.
Doesn't make much sense but yeah, I agree.


Blogs open to comments can have the [img] tag exploited by other users. That's why profile comment [img] is disabled as well. "About me" is only able to be changed by the users themselves.

Though I initially had no major complaints because I had no desire to change my sig at the time...I recently did some reorganizing in my photobucket (without thinking ahead) and broke the link...

PRZ TURN ON ;_;




 
Nov 3, 2013 9:07 AM

Offline
Joined: Nov 2010
Posts: 26478
Ntad said:
Though I initially had no major complaints because I had no desire to change my sig at the time...I recently did some reorganizing in my photobucket (without thinking ahead) and broke the link...

PRZ TURN ON ;_;
You should be able to upload another picture with the same name into the same photobucket folder and it should work. I used to do that when I did small changes to my sig which has multiple parts.
 
Nov 3, 2013 9:45 AM
Offline
Joined: Oct 2012
Posts: 13
My Anime-Time decreased bei 0.2 Days... Did they change anything that way?
 
Nov 3, 2013 9:47 AM

Offline
Joined: Feb 2013
Posts: 6629
IntroverTurtle said:
Ntad said:
Though I initially had no major complaints because I had no desire to change my sig at the time...I recently did some reorganizing in my photobucket (without thinking ahead) and broke the link...

PRZ TURN ON ;_;
You should be able to upload another picture with the same name into the same photobucket folder and it should work. I used to do that when I did small changes to my sig which has multiple parts.


Nah, that was my first thought and I tried it, but the url changed even though it was the same picture in the same album.

Anyway, I wiped the code from my signature, so now I have no choice but to wait. I wanted to update it anyway so I'll just work on designing something new in the meantime.
Modified by NTAD, Nov 3, 2013 9:50 AM




 
Nov 3, 2013 5:44 PM

Offline
Joined: Dec 2012
Posts: 525
The staff could at least update us on what's currently being done to fix this issue.. Or if they've even found a way to fix it.
 
Nov 4, 2013 4:06 AM

Offline
Joined: Jun 2011
Posts: 2149
Well...it's been 2 months now...
 
Nov 4, 2013 7:05 AM

Offline
Joined: Jan 2012
Posts: 4736
Last I heard...
The problem is a PEBCAK issue.
The "hacker" is using a password-protected folder on his web server to cause embedded images to pop-up login dialogs.
These login dialogs look nothing like MAL's, yet some less than intelligent users are typing their MAL passwords into them, giving them straight to the "hacker".

If he really wanted to, he could just put his code in the about me, make a few posts on the forum, and these PEBCAKs will give him passwords every time they open his profile page, so allowing BBCode on profiles and not elsewhere doesn't eliminate the risk entirely.

Since Crave are cheap on resources, they won't give us servers powerful enough to allow for a reliable solution, so the staff are stuck with having to develop a workaround that can protect the users from their own stupidity.
 
Nov 4, 2013 9:18 AM
Offline
Joined: Jul 2013
Posts: 1474
Sub said:
Veronin said:
Can you at least enable images on blogs? I need to update mine and can't because everything is broken.

I honestly do not know why Blog inserts are disabled if the About Me isn't.
Doesn't make much sense but yeah, I agree.

What about the ppl with the About me Amazing profile layout's, If they disabled the [img] tag in that section people will go out in a frenzy.

Kineta said:
We left the BBcode on profile "About Me"s and club infos due to the trouble users encountered after we disabled them last time. However, we may still need to disable them in the future (and this individual may get your account and remove them anyway), so I suggest backing up the BBcode of any profiles/clubs you may be concerned about.
Modified by BeyondNero, Nov 4, 2013 9:26 AM
 
Nov 4, 2013 10:23 PM

Offline
Joined: Nov 2010
Posts: 2649
its been a month since the last update. it would be nice if they would let us know whats going on. =/ and if there even has been any progress in solving this issue.

i think if nothing has progressed then they should just turn everything back on. sure that leaves those areas back open for hackers but how long do they plan on making the users wait? till they figure things out? its been two months already. and it kind of starting to seem like they wont be back for who knows how long at this rate
 
Nov 4, 2013 11:06 PM

Offline
Joined: Jun 2011
Posts: 2149
Is Xinil still the only coder working on this? Is Crave really that stingy/poor as to not hire more?
 
Nov 5, 2013 3:31 AM

Offline
Joined: Nov 2012
Posts: 1301
There was idea of whitelist image hosts, why it wasnt realised yet? I know other forum which had similar problem and they made whitelist for image hosts.
 
Nov 5, 2013 5:23 PM

Offline
Joined: Aug 2013
Posts: 1337
Keise-chan said:
Are you sure???


Lol, my post was a gag. It should've been obvious that [img] still did not work from my signature.
 
Nov 5, 2013 8:40 PM
elk sensei

Offline
Joined: Oct 2013
Posts: 8111
Xinil said:
Before I mention anything, I want to apologize to everyone for the extended crippling of our bbcode.

If you're not aware, [ img ], [ color ], [ url ], and [ yt ] tags have been disabled for some time. Today we're re-enabling [ color] and [ url ] tags.

There are still issues we're trying to solve for [ img ], and if you're knowledgeable in the web space, please let us know any ideas you have on how to prevent [ img ] tags from loading malicious content from other sites. Our current best idea is a blacklist or whitelist of domains.

We apologize for the inconvenience and hope to have this issue resolved in the near future. Any help we can get will surely enable us to get a fix out faster.


Xinil - is there a way that you could enable some sort of token authentication with images. I know that it could impede performance, but then anything malicious could potentially be blocked.
 
Nov 6, 2013 4:47 PM
Offline
Joined: Nov 2013
Posts: 2
Hello there, i'm new to mal, i have a suggestion. Maybe if users could only put images from for example imagesnack then you would have no worries for malicious threats ever again. I don't know if that idea can be even done, so everyone who want to post some picture of something must first upload to for ex: imagesnack then past the link over here, isn't that the safest possible way, what do you think?
 
Nov 7, 2013 9:51 AM

Offline
Joined: Feb 2008
Posts: 584
I actually tested and this so-called HTTP Auth Injection only comes up if the img src points to the same domain as page.
If the url is external, the http auth dialog does not pop up.

EDIT: according to the article this vulnerability only affects old versions of IE. The question now is, how old? If it's like IE5.5 then the whole MAL site probably wouldn't even render anyway :D

The article: http://tghc.co/hotlinks/
Modified by amcsi, Nov 7, 2013 10:08 AM

 
Nov 8, 2013 1:30 AM

Offline
Joined: Feb 2008
Posts: 584
I would donate.
Although pls, rewrite the code for easier innovation.

 
Nov 8, 2013 5:50 AM

Offline
Joined: Feb 2011
Posts: 217
You can count my donate in for that.
 
Nov 8, 2013 6:49 AM

Offline
Joined: Jan 2012
Posts: 4736
I would not donate.

This site barely works as is, so I'm not sure it would be put to good use.
If they made this site more dynamic and efficient, I may consider it.
 
Nov 8, 2013 8:37 AM

Offline
Joined: Aug 2012
Posts: 10039
DarkMorpher said:
Virtual_BS said:
Last I heard...
The problem is a PEBCAK issue.
The "hacker" is using a password-protected folder on his web server to cause embedded images to pop-up login dialogs.
These login dialogs look nothing like MAL's, yet some less than intelligent users are typing their MAL passwords into them, giving them straight to the "hacker".

If he really wanted to, he could just put his code in the about me, make a few posts on the forum, and these PEBCAKs will give him passwords every time they open his profile page, so allowing BBCode on profiles and not elsewhere doesn't eliminate the risk entirely.

Since Crave are cheap on resources, they won't give us servers powerful enough to allow for a reliable solution, so the staff are stuck with having to develop a workaround that can protect the users from their own stupidity.


Why not raise fund by donation. With so many users, MAL is bound to raise more than enough money to cover new server+other costs each month easily.
I don't think people would donate for a forum
 
Nov 8, 2013 9:44 AM

Offline
Joined: Feb 2008
Posts: 584
I would donate if they were to rewrite the entire site.
I'm pretty sure the code is currently horrible, hence hardly any innovations are happening to the site.

This is still the website with the best community I think, and of course the very useful anime list that I still use even though I'm not so active on the forums anymore.

 
Nov 8, 2013 1:16 PM

Offline
Joined: Jan 2013
Posts: 109
Can't we really get back the whole bb code enabled for the Blogs ? I don't have any idea about the issues encountred by the staff but it'd be nice however !

Good luck :D
 
Nov 8, 2013 2:20 PM

Offline
Joined: Feb 2013
Posts: 6629
lupadim said:
DarkMorpher said:
Virtual_BS said:
Last I heard...
The problem is a PEBCAK issue.
The "hacker" is using a password-protected folder on his web server to cause embedded images to pop-up login dialogs.
These login dialogs look nothing like MAL's, yet some less than intelligent users are typing their MAL passwords into them, giving them straight to the "hacker".

If he really wanted to, he could just put his code in the about me, make a few posts on the forum, and these PEBCAKs will give him passwords every time they open his profile page, so allowing BBCode on profiles and not elsewhere doesn't eliminate the risk entirely.

Since Crave are cheap on resources, they won't give us servers powerful enough to allow for a reliable solution, so the staff are stuck with having to develop a workaround that can protect the users from their own stupidity.


Why not raise fund by donation. With so many users, MAL is bound to raise more than enough money to cover new server+other costs each month easily.
I don't think people would donate for a forum


Not everyone comes to MAL for your nonsense the forums...

The site probably generates enough income for maintenance from the posted ads, even if you include the people using adblock. I'm sure that the real issue is the workload.

And if it isn't enough (which I doubt), I wouldn't donate unless the ads were removed or reduced. Most websites that host advertisements do it as a trade-off so that the users can use the services the site provides free of charge. If donations are necessary to keep this ship tidy, then I wouldn't want to be plagued by adds all over my MAL anymore.

And seeing as how the site is owned by Crave, the ads more than likely won't be going anywhere. So that pretty much sums it up for me.




 
Nov 10, 2013 5:27 AM

Offline
Joined: Aug 2013
Posts: 232
is it still broken? the [img] tags? is that why my sig below doesn't show up? i tried to use my sig in other forums and it works, only here it's not.
 
Nov 10, 2013 6:28 PM

Offline
Joined: Aug 2013
Posts: 232
DarkMorpher said:

Yes it is still disabled.


That's a relief, thanks! I thought there's a problem about my sig. I hope they could fix it soon.
 
Nov 10, 2013 8:22 PM
originanime

Offline
Joined: Sep 2011
Posts: 10414
amcsi said:
I would donate if they were to rewrite the entire site.
I'm pretty sure the code is currently horrible, hence hardly any innovations are happening to the site.


I spend a lot of time on MAL so if they ever decided to make donating an option, I would definitely help!
Modified by funkotaku, Nov 10, 2013 8:27 PM
 
Nov 10, 2013 11:42 PM
DB Administrator
Faerie Queen

Online
Joined: Aug 2007
Posts: 5192
We're owned by a private company (CraveOnline - see footer) so we do not accept donations.
Thanks for caring about MAL though, guys :)

Please expect an update on [img] bbcode in the next 24-48 hours.



Open Staff Apps  
Guidelines & FAQ  
Report Abuse  
Listen ♪  

Thanks to 
AnimeboyAnubhab
 
 
Nov 11, 2013 12:17 AM
originanime

Offline
Joined: Sep 2011
Posts: 10414
Kineta said:
Please expect an update on [img] bbcode in the next 24-48 hours.

Looking forward to it!
 
Nov 11, 2013 12:27 AM
DB Administrator
Faerie Queen

Online
Joined: Aug 2007
Posts: 5192
Undim said:
I hope it's written on an embedded image.
Ho ho, that's cute. I might be able to arrange that.



Open Staff Apps  
Guidelines & FAQ  
Report Abuse  
Listen ♪  

Thanks to 
AnimeboyAnubhab
 
 
Nov 11, 2013 12:33 AM
Lover of Lain

Offline
Joined: Aug 2013
Posts: 283
Kineta said:
Undim said:
I hope it's written on an embedded image.
Ho ho, that's cute. I might be able to arrange that.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
Nov 11, 2013 4:00 AM
SetoMary Fanatic

Offline
Joined: Jun 2013
Posts: 5193
 
Top
Pages (29) « First ... « 3 4 [5] 6 7 » ... Last »