Images are back!

[SpikedRocker]

I decided a new thread was necessary to leave the older thread go as we are moving forward beyond the problem that got presented to us.

 

You'll notice anything done before we turned everything off is still there and works. What will and has changed is all posts, PM's, profile messages and signatures from here on out. We've built a whitelist system that will allow you to use the IMG tag and if the domain is in our whitelist system, the image will show up. If the domain is not in the system, it will only display a link. Any images displayed like this are subject to moderators deleting the image and the post all together if we deem it necessary.

 

That is the inherent problem with the type of exploit that was presented to us. We will not be able to fully stop it, really no bit of security measures we implement will stop it 100%. What we are doing is simply giving our users the upper hand. If someone tries to use the exploit, the only way it will work is if you click the link of the image they tried to put on our site. At that point, its your fault more than ours and sorry, but we aren't your babysitters. What we have done is made sure that unsuspecting users won't walk into a trap, they'll do that on their own if they click on it. Which is good internet security advice anyway. This exploit has been known for years apparently (new to myself and many of the other higher ups) as it is mearly used innocently enough to monitor traffic viewing files. It's role in a non-malicious way, is a good way to prove someone would be using/accessing specific files, possibly stealing them. However, in this nature, some people have found this is a pretty simple way to be used maliciously and use it to attack specific targets.

 

So moving on with the details you'll need. Here is the current list of domains we have whitelisted:

• imgur.com
  
• photobucket.com
  
• inara.cz
  
• flicker.com
  
• facebook.com
  
• deviantart.com
  
• tinypic.com
  
• steamusercontent.com
  
• fbcdn.net
  
• steamsignature.com
  
• imageshack.us
  
• screencast.com
  
• rocketleaguestats.com
  
• puu.sh
  
• gyazo.com
  
• gfycat.com
  
• tumbler.com
  
• cubeupload.com
  

We will look to add more to the list in the future, but we feel this is a good start and covers most popular things. If you need something more specific, message myself or a BD about it.

 

Avatars are also back up too!

[XeNo]

Huge thanks to @SpikedRocker @Liam Brown @Revenga for all the work they put into fixing up the images and taking care of the potential problem we might have had.

[Wawa]

Thank you @SpikedRocker @Liam Brown @Revenga!!!!

[Metal]

Thanks all. Im sure it took a while to get this fixed.

Once again. Thank you

[Prez]

Great work guys as always.

[Mandeemoo007]

Thanks for the hard work guys!

[michellec]

Thank you guysss!!

[support my admin app]

Thanks everybody

[xDoodles]

Danks Dad @SpikedRocker

[delirium]

Just a note, it's tumblr not tumbler