Angel: Eve. So, I guess we should, I don't know, talk? Eve: About what? Angel: About what happened back there with us. Eve: Angel, it's not like this is the first time I've had sex under a mystical influence. I went to U.C. Santa Cruz.

'Life of the Party'


Buffistas Building a Better Board ++

Do you have problems, concerns, or recommendations about the technical side of the Phoenix? Air them here. Compliments also welcome.


tommyrot - Jul 28, 2005 6:22:57 pm PDT #59 of 4671
Sir, it's not an offence to let your cat eat your bacon. Okay? And we don't arrest cats, I'm very sorry.

google jrubin3546@aol.com

see anything interesting?

eta:

especially [link]

I'm seeing an interesting new attack on my website where the attacker is hoping to exploit unchecked fields in a "web to email" form. The attack works by assuming a field used in an email header (such as the "From:" address or the "Subject:") is passed unchecked to the mail subsystem. Appending a newline character and a few more carefully crafted header lines with a BCC list and a spam message body might trick the underlying mail system into relaying spam for the attacker.

eta²: do I get a cookie?


§ ita § - Jul 28, 2005 8:23:09 pm PDT #60 of 4671
Well not canonically, no, but this is transformative fiction.

Hmmph. I'm way too tired to see if they could be hitting our e-mail Admins page too.

Thanks for the lead, tommy.

Tomorrow.


Eddie - Jul 28, 2005 11:44:02 pm PDT #61 of 4671
Your tag here.

Huh... that's kinda neat in an EVIL way.

Well, one easy fix would be to add a checkbox to both of those pages that says:

[] I am not a Buffybot.

If the box is not checked, then they're a bot. Poor man's CAPTCHA.

I've never used it, but this looks promising and fairly trivial to implement. Note that the author (rightly so) points out that CAPTCHAs are not friendly for the visually impaired, so that may be a consideration.

Edit: I just tried it out and it's very trivial to use. Pretty cool, too. However, IE doesn't render the image properly, 'cause IE isn't standards compliant. Too bad. There are other alternatives if you wish to explore this further.


DXMachina - Jul 29, 2005 1:50:11 am PDT #62 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

google jrubin3546@aol.com

Just got one from bergkoch8@aol.com which is funny because the next hit was to this story.

bergkoch8@aol.com is the other bcc address we saw.


§ ita § - Jul 29, 2005 4:05:14 am PDT #63 of 4671
Well not canonically, no, but this is transformative fiction.

I fucking hate CAPTCHA. I have 20-20 vision, and one time in four I find myself getting them wrong.

I'm going to tweak the script later today, to see what grounds we can toss these attempts on.


DXMachina - Jul 29, 2005 4:15:10 am PDT #64 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

I fucking hate CAPTCHA.

Totally agree with this. The post tommy linked to has suggestions for blocking it.

You should probably look at the "E-mail Admins" form, too.


§ ita § - Jul 29, 2005 4:21:05 am PDT #65 of 4671
Well not canonically, no, but this is transformative fiction.

I *think* the E-mail admins form hasn't been used, because we'd get a copy of the e-mail to us. But I'll doublecheck.


DXMachina - Jul 29, 2005 4:31:04 am PDT #66 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

Yeah, I didn't think it had, but reading that stuff on the other site, it seems like a potential target.


Topic!Cindy - Aug 01, 2005 5:46:34 am PDT #67 of 4671
What is even happening?

I just changed my profile address. I hardly ever check my netscape account these days, and there's been a few times that I haven't seen Buffista mail until after it has lingered in my inbox for days on end.

Will updating the profile change it for all board records tied to my registration? (I want it to be changed across the board).

Also, DX, I want to change my address for the Somervillains list, as well. I have a link somewhere in my bookmarks, and will go look at that first, to see what I have to do, but thought I'd give you a heads up, just in case you need notification.

--Thanks


DXMachina - Aug 01, 2005 5:55:07 am PDT #68 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

Will updating the profile change it for all board records tied to my registration?

Yup.

Let me know if you have any problems with changing your address on the Somervillains list.