# Possible Script Expliot



## redfoxnudetoons (Nov 22, 2009)

Well.... This doesn't look to good....

Over the course of the weekend @ MFF I noticed a pile of adds for a new firefox addon, that resembles the one that made FA unstable a few years back that allowed 9999 thumbnails per page. This new one is about as bad, may be worse, and is actually up and running already with 10,542 downloads as of this second.


----------



## Aurali (Nov 22, 2009)

Contact Yak, now.


----------



## redfoxnudetoons (Nov 22, 2009)

Aurali said:


> Contact Yak, now.



Already did. But I'm also doing it here to for everyone else that I can't think of that needs to know to get a heads up, so I can give the full info to who needs it who is online at the moment.


----------



## Vibration (Nov 22, 2009)

redfoxnudetoons said:


> Well.... This doesn't look to good....
> 
> Over the course of the weekend @ MFF I noticed a pile of *adds for a new firefox*, much like the one that made FA unstable a few years back that allowed 9999 thumbnails per page. This new one is about as bad, may be worse, and is actually up and running already with 10,542 downloads as of this second.



Sorry, I'm rather confused here. Advertisements for a new version of Firefox are causing instability in FA? If there's a new version of Firefox, I don't think you can prevent people from downloading it. Or are you talking about downloading the ads? 

Is this an XSS type exploit or something? Could you please provide more information so that, in the interim while FA admins address the problem, that we end users can take care of safety accordingly (i.e. disable javascript if necessary, etc.)?


----------



## Aurali (Nov 22, 2009)

Vibration said:


> Sorry, I'm rather confused here. Advertisements for a new version of Firefox are causing instability in FA? If there's a new version of Firefox, I don't think you can prevent people from downloading it. Or are you talking about downloading the ads?
> 
> Is this an XSS type exploit or something? Could you please provide more information so that, in the interim while FA admins address the problem, that we end users can take care of safety accordingly (i.e. disable javascript if necessary, etc.)?



I would advice against too much information... if it really is an exploit. Giving too much information will give someone the opportunity to attack the site. As said before, make sure to contact Yak, Dragoneer, or Tsawolf...


----------



## Vibration (Nov 22, 2009)

Aurali said:


> I would advice against too much information... if it really is an exploit. Giving too much information will give someone the opportunity to attack the site. As said before, make sure to contact Yak, Dragoneer, or Tsawolf...



Ah, good point. I hadn't thought of that. I'm just rather uncertain as to what's really going on here, and what steps to take to secure my end of things, is all.


----------



## redfoxnudetoons (Nov 22, 2009)

Vibration said:


> Sorry, I'm rather confused here. Advertisements for a new version of Firefox are causing instability in FA? If there's a new version of Firefox, I don't think you can prevent people from downloading it. Or are you talking about downloading the ads?
> 
> Is this an XSS type exploit or something? Could you please provide more information so that, in the interim while FA admins address the problem, that we end users can take care of safety accordingly (i.e. disable javascript if necessary, etc.)?



It's an addon that can open every picture in a user gallery, among "other things"

So there is really nothing that can be done by us users, except to NOT download the addon.

I do not intend on downloading it to find out what else it might be able to do, but I wouldn't rule anything out at this point.

This addon could be a clever way of causing FA users to create a DDoS attack on the servers.


----------



## redfoxnudetoons (Nov 22, 2009)

Vibration said:


> Ah, good point. I hadn't thought of that. I'm just rather uncertain as to what's really going on here, and what steps to take to secure my end of things, is all.



Indeed. That's why I'm not telling where to get it, what it's called, etc.

I did give the link to yak.


----------



## redfoxnudetoons (Nov 23, 2009)

Vibration said:


> Sorry, I'm rather confused here. Advertisements for a new version of Firefox are causing instability in FA? If there's a new version of Firefox, I don't think you can prevent people from downloading it. Or are you talking about downloading the ads?
> 
> Is this an XSS type exploit or something? Could you please provide more information so that, in the interim while FA admins address the problem, that we end users can take care of safety accordingly (i.e. disable javascript if necessary, etc.)?



I just noticed my typos. That's what I get for typing this stuff after being exhausted from MFF. Original post has been edited to fix mistakes.


----------



## tsawolf (Nov 23, 2009)

The server has built in limiting functions. If a user makes over a certain number of HTTP requests per second, the webserver will start choking them.

That being said, we certainly do /not/ recommend using these kinds of add-ons. They are a burden on the server, and we will take action against specific members who abuse the website.


----------



## redfoxnudetoons (Nov 23, 2009)

tsawolf said:


> The server has built in limiting functions. If a user makes over a certain number of HTTP requests per second, the webserver will start choking them.
> 
> That being said, we certainly do /not/ recommend using these kinds of add-ons. They are a burden on the server, and we will take action against specific members who abuse the website.



That's good to hear. But it still worries me that the limiting functions might get overworked and cause problems....


----------



## Dragoneer (Nov 24, 2009)

tsawolf said:


> They are a burden on the server, and we will take action against specific members who abuse the website.


*nod*

It'll be a ban without question. And it won't be a ban we'll undo.


----------



## redfoxnudetoons (Dec 11, 2009)

Looks like FA's code is now blocking the firefox addon from working.

people from an image board are crying now.


----------



## yak (Dec 11, 2009)

Please PM me the link to said imageboard, if you can 

[edit] Nevermind, I read the post edit history.


----------



## Aden (Dec 11, 2009)

Dragoneer said:


> *nod*
> 
> It'll be a ban without question. And it won't be a ban we'll undo.



That's a bit harsh, especially if it's just some kid going "oh cool, this will make browsing FA so much easier now! 8D". You can't automatically assume it's malicious.


----------



## GraemeLion (Dec 11, 2009)

I disagree that this might be an exploit.. but I would also like the addon/extension to be named.  I use plenty of addons in firefox, and I posted a note on the only fur affinity addon that I saw, but I want to make sure that I'm not using something that breaks FA.

The only way to be certain is to name the product and ask people not to use it.. otherwise people might use it without knowing they are causing harm.


----------



## Dragoneer (Dec 11, 2009)

Aden said:


> That's a bit harsh, especially if it's just some kid going "oh cool, this will make browsing FA so much easier now! 8D". You can't automatically assume it's malicious.


If he writes a script that's careless, whether he intended it to be malicious or not, it still is.


----------



## Aden (Dec 11, 2009)

Dragoneer said:


> If he writes a script that's careless, whether he intended it to be malicious or not, it still is.



I'm just saying "lol permabanned sucks to be you haha" might not be the best approach considering all situations. Temp bans as a warning, etc., are a good compromise.


----------



## Dragoneer (Dec 11, 2009)

Aden said:


> I'm just saying "lol permabanned sucks to be you haha" might not be the best approach considering all situations. Temp bans as a warning, etc., are a good compromise.


We'll review the situation on a case-by-case basis. If we feel the person was just being stupid we'll let them know. If we feel they're being malicious... likewise.

We reserve the right to protect the integrity and usability of the site. Granted, we'll not just ban first, ask questions later, but if we feel it's legitimately a risk/issue... he's gone.


----------



## WolfoxOkamichan (Dec 11, 2009)

I'm guessing it's lulz


----------



## Duality Jack (Dec 11, 2009)

Nice to see it was solved.


----------



## Ainoko (Dec 12, 2009)

I would like to know what the addon is so that I can deny installation when firefox does any automatic updates


----------



## redfoxnudetoons (Dec 12, 2009)

yak said:


> Please PM me the link to said imageboard, if you can
> 
> [edit] Nevermind, I read the post edit history.



Yeah... I decided it would be easier to do it that way...

=^.^=



GraemeLion said:


> The only way to be certain is to name the product and ask people not to use it.. otherwise people might use it without knowing they are causing harm.



The reason why I won't publicly post the name is so that it remains unknown to prevent giving free publicity to it, to prevent people who don't know about it from trying it out and at the least killing the bandwidth.


----------



## Ainoko (Dec 12, 2009)

redfoxnudetoons said:


> Yeah... I decided it would be easier to do it that way...
> 
> =^.^=
> 
> ...



I understand that, I would hate to install an addon that came with a firefox update that could hurt the site unknowingly


----------



## redfoxnudetoons (Dec 12, 2009)

Ainoko said:


> I understand that, I would hate to install an addon that came with a firefox update that could hurt the site unknowingly



It doesn't come standard with any update, so your safe.


----------



## Ainoko (Dec 12, 2009)

redfoxnudetoons said:


> It doesn't come standard with any update, so your safe.



OK,


----------

