WHAT IN THE WORLD IS GOING ON HERE?

[John]

I noticed a thread was missing from the list in the old community...I
looked in the graveyard and the deleted posts...it's not there. So I
did a search for it and found a link for it...Get a load of this...

http://mises.org/Community/forums/t/26453.aspx

I've never seen anything like this before? How did this happen? Does
it illustrate a danger (i.e. possible exploit) on the site??

Here's a URL for a specific post...same thing...

http://mises.org/Community/forums/p/26453/439675.aspx#439675

[David Veksler]

This is not a security hole per se but a clever exploit of the failure of the software to sanitize the HTML:

I deleted 4 other posts with this spam, banned the user, and added a keyword to the spam filter.
441572
441573
441575
441578

<div style="clear: both;"></div>
<div>
</div>
</div>
</div>
<div style="clear: both;"></div>
<div style="height:2000px;"><div style="text-align:center;position:fixed;z-index:2147483647;left:0px;top:0px;height:2000px;width:100%;background:white;"><p align="center"><b>Toprol Xl Metoprolol Succinate - Toprol xl and glass</b></p><p align="center" style="font-size:26px;"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik95mz0Ehz1bZzw5eOb7leP0IZXDfbLhy"><font size="16">Click Here To Enter</font></a></p>
<p align="center"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik95mz0Ehz1bZzw5eOb7leP0IZXDfbLhy"><img src="http://approvedmedsstore.com/ib4jbie5wekx.gif" title="Toprol Xl Metoprolol Succinate" alt="Toprol Xl Metoprolol Succinate"/></a></p>
<p align="center" style="font-size:26px;"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik95mz0Ehz1bZzw5eOb7leP0IZXDfbLhy"><font size="16">Click Here To Enter</font></a></p>
<br/><br/><p align="center">Hypertension, Heart Pain, High Blood Pressure, Tachycardia, Angina, Heart Failure</p><br/><br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>&quot;I set up insulted a corpse-like myself. &quot;I make referred to confused couples as &#39;sell outs&#39;&quot;) and dissentious verbatim expressions toward whites (e. The graduation is based on a investigation made up of self reported statements from dark students enrolled in a historically dark Toprol Xl Metoprolol Succinate: college in the South. &quot; ....

[Stephen Gream]

XSS. Looks like he put CSS into his forum post that either created a
new div and styled it so it covers the entire screen and brings it to
the front. Look at your forum post form and maybe add a filter to
strip out style attributes. He inserted the following div:

<div style="text-align:center;position:fixed;z-index:2147483647;left:0px;top:0px;height:2000px;width:100%;background:white;">

[John]

Should have known. Wheylous called out that hole over a month ago...

http://mises.org/Community/forums/t/25968.aspx?PageIndex=2

So anyways, what happened to the thread with the spam? Can we get it
back?

On Oct 19, 1:12 am, "David Veksler" <her...@gmail.com> wrote:
> This is not a security hole per se but a clever exploit of the failure of the software to sanitize the HTML:
>
> I deleted 4 other posts with this spam, banned the user, and added a keyword to the spam filter.
> 441572
> 441573
> 441575
> 441578
>
> <div style="clear: both;"></div>
> <div>
> </div>
> </div>
> </div>
> <div style="clear: both;"></div>

> <div style="height:2000px;"><div style="text-align:center;position:fixed;z-index:2147483647;left:0px;top:0px;height:2000px;width:100%;background:white;"><p align="center"><b>Toprol Xl Metoprolol Succinate - Toprol xl and glass</b></p><p align="center" style="font-size:26px;"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik..."><font size="16">Click Here To Enter</font></a></p>
> <p align="center"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik..."><img src="http://approvedmedsstore.com/ib4jbie5wekx.gif" title="Toprol Xl Metoprolol Succinate" alt="Toprol Xl Metoprolol Succinate"/></a></p>
> <p align="center" style="font-size:26px;"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik..."><font size="16">Click Here To Enter</font></a></p>

[David Veksler]

I see it here: http://mises.org/Community/forums/197.aspx

But I don't like Paulspam nor do I approve of people wasting money on politics, so I am not going to spend too much time worrying about it.

[John]

Figured it out...the threads you fixed got locked. Could you unlock
this one:

http://mises.org/Community/forums/t/26600.aspx


And this one still has the spam on that last page, page 3...could you
fix that one an unlock it as well?

http://mises.org/Community/forums/t/26619.aspx?PageIndex=3


And for the future, what is it you're doing to remove that spammer's
post? Is it something any mod could do, or does it require backend
access?

[Daniel Sanchez]

I think he pointed out similar exploits in the new community.

-- Daniel

On Wed, Oct 19, 2011 at 1:53 AM, John <verba...@hotmail.com> wrote:

Should have known.  Wheylous called out that hole over a month ago...

http://mises.org/Community/forums/t/25968.aspx?PageIndex=2

So anyways, what happened to the thread with the spam?  Can we get it
back?

On Oct 19, 1:12 am, "David Veksler" <her...@gmail.com> wrote:
> This is not a security hole per se but a clever exploit of the failure of the software to sanitize the HTML:
>
> I deleted 4 other posts with this spam, banned the user, and added a keyword to the spam filter.
> 441572
> 441573
> 441575
> 441578
>
> <div style="clear: both;"></div>
> <div>
> </div>
> </div>
> </div>
> <div style="clear: both;"></div>

> <div style="height:2000px;"><div style="text-align:center;position:fixed;z-index:2147483647;left:0px;top:0px;height:2000px;width:100%;background:white;"><p align="center"><b>Toprol Xl Metoprolol Succinate - Toprol xl and glass</b></p><p align="center" style="font-size:26px;"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik..."><font size="16">Click Here To Enter</font></a></p>
> <p align="center"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik..."><img src="http://approvedmedsstore.com/ib4jbie5wekx.gif" title="Toprol Xl Metoprolol Succinate" alt="Toprol Xl Metoprolol Succinate"/></a></p>
> <p align="center" style="font-size:26px;"><a href="http://approvedmedsstore.com/go/jz9w0+xJ9mx+olSgiHd0uNs3rn+jioT9rv7Ik..."><font size="16">Click Here To Enter</font></a></p>

> <br/><br/><p align="center">Hypertension, Heart Pain, High Blood Pressure, Tachycardia, Angina, Heart Failure</p><br/><br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>.<br/>"I set up insulted a corpse-like myself. "I make referred to confused couples as 'sell outs'") and dissentious verbatim expressions toward whites (e. The graduation is based on a investigation made up of self reported statements from dark students enrolled in a historically dark Toprol Xl Metoprolol Succinate: college in the South. " ....

[Peter Sidor]

Another one: http://mises.org/Community/forums/t/26648.aspx

[Peter Sidor]

And please kill the author, too: http://mises.org/Community/user/Profile.aspx?UserID=52292

[Daniel Sanchez]

Killed. I'm deleting the posts too.

-Daniel

[Peter Sidor]

Please kill this user and all posts that he has produced:

http://mises.org/Community/user/Profile.aspx?UserID=52570


P.

[Daniel Sanchez]

The posts were deleted, but I don't know why they exist as they do. Anyway, I deleted the user.

-Daniel

[David Veksler]

FYI, you can run MisesCommunity..[_CleanupSpam] with a userId to ban users.

---
Regards,
David V.

My PGP key: http://rationalmind.net/david/DavidLeoVeksler.txt

[Briggs Armstrong]

I thought we wanted to avoid actually deleting problem users because it will enable them to easily recreate the exact same account and become a problem again. Isn't that the purpose of banning users; to keep them from doing future harm?

[John]

I don't understand...what's the difference between someone recreating
a deleted account and creating a new account? How would banning one
account prevent someone "from doing future harm"?


On Nov 4, 8:45 am, Briggs Armstrong <briggs.armstr...@gmail.com>
wrote:

> I thought we wanted to avoid actually deleting problem users because it
> will enable them to easily recreate the exact same account and become a
> problem again. Isn't that the purpose of banning users; to keep them from
> doing future harm?
>
> On Thu, Nov 3, 2011 at 11:08 PM, David Veksler <da...@rationalmind.net>wrote:
>
> > FYI, you can run MisesCommunity..[_CleanupSpam] with a userId to ban users.
>
> > ---
> > Regards,
> > David V.
>
> > My PGP key:http://rationalmind.net/david/DavidLeoVeksler.txt
>

> > On Fri, Nov 4, 2011 at 11:57 AM, Daniel Sanchez <danberkele...@gmail.com>wrote:
>
> >> The posts were deleted, but I don't know why they exist as they do.
> >> Anyway, I deleted the user.
>
> >> -Daniel
>

> >> On Thu, Nov 3, 2011 at 5:28 AM, Peter Sidor <sidorpe...@gmail.com> wrote:
>
> >>> Please kill this user and all posts that he has produced:
>
> >>>http://mises.org/Community/user/Profile.aspx?UserID=52570
>
> >>> P.
>

> >>> On Sun, Oct 23, 2011 at 5:19 AM, Daniel Sanchez <danberkele...@gmail.com

> >>> > wrote:
>
> >>>> Killed. I'm deleting the posts too.
>
> >>>> -Daniel
>

> >>>> On Sat, Oct 22, 2011 at 12:34 PM, Peter Sidor <sidorpe...@gmail.com>wrote:
>
> >>>>> And please kill the author, too:
> >>>>>http://mises.org/Community/user/Profile.aspx?UserID=52292
>

> >>>>> On Sat, Oct 22, 2011 at 9:28 PM, Peter Sidor <sidorpe...@gmail.com>wrote:
>
> >>>>>> Another one:http://mises.org/Community/forums/t/26648.aspx
>
> >>>>>> On Thu, Oct 20, 2011 at 1:56 AM, Daniel Sanchez <
> >>>>>> danberkele...@gmail.com> wrote:
>
> >>>>>>> I think he pointed out similar exploits in the new community.
>
> >>>>>>> -- Daniel
>

[Peter Sidor]

On a different note, there's a spam comment on this user's page: http://mises.org/Community/members/Marko/default.aspx
from this guy: http://mises.org/Community/members/mackenziehjdg/default.aspx


P.

[Daniel Sanchez]

Deleted and deleted. Also, the user could have gone to his public profile and deleted it himself.

-Daniel

[Peter Sidor]

Yeah, but the spammer account would stay behind... good work!