|
Title: What's wrong with the avatars? Post by: pandalion98 on August 25, 2014, 12:59:20 PM It says "Changing avatars is currently not possible."
What's up? Title: Re: What's wrong with the avatars? Post by: mprep on August 25, 2014, 03:20:03 PM This is what's up:
Q: Why doesn't the forum let me add an avatar? A: The forum was hacked some time ago. It is thought that the avatars were used as a means of injecting malicious code into the forum. Even though the vulnerability was patched, the avatars will be disabled until a new forum software (https://bitcointalk.org/index.php?topic=523070.0) is released. Q: So when is the new forum software coming? A: Well, according to theymos, some time after February 2015. <...> Quote When will the software be finished? About one year from now. <...> Source: https://bitcointalk.org/index.php?topic=703657.0 (https://bitcointalk.org/index.php?topic=703657.0) Title: Re: What's wrong with the avatars? Post by: Dare on August 25, 2014, 05:05:00 PM Additional information on why the avatars were disabled, to quote myself from the last time this question came up:
Any progress? Please turn off this forum! The avatars are the only advantage over a mailing list. This is bitter but true. Give something better a chance. Give up! I'm pretty sure that avatars will be disabled until at least the new forum is out and being used - as theymos has stated it was removed due to an exploit made possible by avatars and though I believe the exploit has been patched he is not keen on restoring the functionality. From what I've heard, pretty much. The exploit involved uploading a php script instead of an image into an executable directory, then using it to put some (slightly) malicious Javascript into the forum's MOTD so that it ran on every page. I followed the troubleshooting and analysis through IRC while it was being fixed immediately after the hack, but it seems that avatars may be disabled for a while anyway. Though the exploit used has been patched, it's been long enough that I suspect new avatars may remain disabled until the new forum software is put into place, but those who had them before the hack like me were able to keep them (though we can't change our avatars either). As mprep said, avatars will remain disabled until the new forum software is released, confirming my guess above. Title: Re: What's wrong with the avatars? Post by: Syke on August 30, 2014, 12:30:20 AM As mprep said, avatars will remain disabled until the new forum software is released, confirming my guess above. To be clear, avatars are not disabled. Changing of avatars is disabled. Title: Re: What's wrong with the avatars? Post by: Dare on August 30, 2014, 05:01:21 AM As mprep said, avatars will remain disabled until the new forum software is released, confirming my guess above. To be clear, avatars are not disabled. Changing of avatars is disabled. Correct, though since my own avatar is next to my post, and I mentioned that in the quote, I'd thought that was rather obvious. ;) Specifically, no new avatars can be uploaded and those who have avatars can't change them. Avatars uploaded before the hack remain, but can only be removed by contacting forum admins. |