HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Search
-
Re: How to block this spambot?
-
Re: How to block this spambot?
-
Re: How to block this spambot?
Thank you for these suggestions! In the GDN_Role table, the RoleID of guests is 2. However, there IS a GDN_UserRole with UserID 0 -- it has the RoleID 2 of guest. The Guest role permissions appear to be orthodox -- they can only view profiles and threads. In the GDN_User table, there was no user with UserID 0. When you… -
Re: How to block this spambot?
you might want to see if the problem continues, and take note of discussion id or comment id that is changed by the miscreants and compare against the apache log the ip address from the change log and try to match the times, so you can drill down to what they are doing and see if you can create the same issue based on what… -
Re: How to block this spambot?
Great help here. I woke up this morning to our pockets turned on. A UserInsertID 0 had enabled admin to see pockets and adjusted editing time. Could the same User ID "0" allow for modification of dashboard items. I too completed an migration about a month ago and had UserRole for UserID 0 set to 0 which had very high… -
Re: How to block this spambot?
Update: The advice here helped enormously and I think I've closed the vulnerability. Thanks again for the help, @x00 and @peregrine ! Due to the database import (from the weird old proprietary forums), many threads had an InsertUserID of 0. These threads' OPs (author "Unknown") could be edited simply by accessing…
6 results