|
Title: Avata Post by: big.ecurrency on November 11, 2014, 05:11:08 AM title how long forum will open use avata here ?
Title: Re: Avata Post by: bluemountain on November 11, 2014, 05:36:25 AM If by 'avata' you mean "Avatar" or the picture next to some people's username, then they were partially disabled when the forum got hacked last year (the ability to change/add avatars was disabled).
When the new forum goes live sometime early next year avatars will be re-enabled again Title: Re: Avata Post by: Dare on November 13, 2014, 05:41:54 AM To quote myself from the last time this came up (yes, it's been asked at least this many times; there are currently two Meta threads asking this same question, even):
Any progress? Please turn off this forum! The avatars are the only advantage over a mailing list. This is bitter but true. Give something better a chance. Give up! I'm pretty sure that avatars will be disabled until at least the new forum is out and being used - as theymos has stated it was removed due to an exploit made possible by avatars and though I believe the exploit has been patched he is not keen on restoring the functionality. From what I've heard, pretty much. The exploit involved uploading a php script instead of an image into an executable directory, then using it to put some (slightly) malicious Javascript into the forum's MOTD so that it ran on every page. I followed the troubleshooting and analysis through IRC while it was being fixed immediately after the hack, but it seems that avatars may be disabled for a while anyway. Though the exploit used has been patched, it's been long enough that I suspect new avatars may remain disabled until the new forum software is put into place, but those who had them before the hack like me were able to keep them (though we can't change our avatars either). Official response on the ETA of the new forum: Q: Why doesn't the forum let me add an avatar? A: The forum was hacked some time ago. It is thought that the avatars were used as a means of injecting malicious code into the forum. Even though the vulnerability was patched, the avatars will be disabled until a new forum software (https://bitcointalk.org/index.php?topic=523070.0) is released. Q: So when is the new forum software coming? A: Well, according to theymos, some time after February 2015. <...> Quote When will the software be finished? About one year from now. <...> Title: Re: Avata Post by: Orangina on November 13, 2014, 12:15:19 PM as far as I know , a new version of the forum (update) will be available on February 2015 . and avatars will be available
but not sure , since we skipped the beta test date ??? Title: Re: Avata Post by: Hazir on November 14, 2014, 12:10:56 PM When we will be able to use avatars again they should be available to only high status members I think. Hero and up.
Title: Re: Avata Post by: 1Referee on November 14, 2014, 12:43:55 PM So avatars are used to hack the forum. But I'm wondering how?
If you allow users to just upload .jpg files with certain dimensions, nothing will happen I guess. Title: Re: Avata Post by: hilariousandco on November 14, 2014, 12:57:37 PM When we will be able to use avatars again they should be available to only high status members I think. Hero and up. Why? I can understand disallowing Newbs to have them to limit impersonation, but limiting it to Hero seems a bit extreme. So avatars are used to hack the forum. But I'm wondering how? If you allow users to just upload .jpg files with certain dimensions, nothing will happen I guess. I don't know the full details but I think malicious code was uploaded or implemented somehow. |