pouët.net

Go to bottom

pouet 2.0 bugs me beautifull

category: general [glöplog]
Quote:
This is demoscene

I thought this was pouet.
added on the 2014-12-12 23:46:39 by noby noby
Re this fix me beautifull post: judging from the fact that https://www.pouet.net/content/screenshots/64484.gif is returning a 500 error while https://www.pouet.net/content/screenshots/omgwtfbbq.gif returns a plain 404, I'm guessing there's some Apache mod_rewrite gunk that's attempting to redirect the old screenshot URLs but failing.

here's my attempt at the relevant config (untested, so probably equally broken):
Code:RewriteRule /content/screenshots/(\d)\.(png|gif|jpg) /content/files/screenshots/00000/0000000$1.$2 [R=301] RewriteRule /content/screenshots/(\d{2})\.(png|gif|jpg) /content/files/screenshots/00000/000000$1.$2 [R=301] RewriteRule /content/screenshots/(\d{3})\.(png|gif|jpg) /content/files/screenshots/00000/00000$1.$2 [R=301] RewriteRule /content/screenshots/(\d)(\d{3})\.(png|gif|jpg) /content/files/screenshots/0000$1/0000$1$2.$3 [R=301] RewriteRule /content/screenshots/(\d{2})(\d{3})\.(png|gif|jpg) /content/files/screenshots/000$1/000$1$2.$3 [R=301] RewriteRule /content/screenshots/(\d{3})(\d{3})\.(png|gif|jpg) /content/files/screenshots/00$1/00$1$2.$3 [R=301]
added on the 2014-12-14 12:06:27 by gasman gasman
There's already some RewriteRules in place, the problem comes from the fact that the links werent pointing to content.pouet.net as they shouldve.
added on the 2014-12-14 12:53:56 by Gargaj Gargaj
Show added groups thing throws an exception.
added on the 2014-12-15 11:51:05 by sm sm
ninjafix
added on the 2014-12-15 13:54:43 by Tomoya Tomoya
Just wanted to say thanks for adding the same links below reply as below first post, could be telepathy because I thought of asking for it yesterday :) And BB Code syntax checking alerts! Bonus :)

So the only thing left for me to mention is that a search box in footer or something on each page would save me a bunch of time (well, actually an exact browse speed increase of 100%! when I'm "spreading the word" and looking for stuff.

Would be most excellent sirs. :)
added on the 2014-12-16 00:34:33 by Photon Photon
What would be nice is to quote comments on prods like it is to quote posts on bbs posts.
added on the 2014-12-16 21:26:25 by mudlord mudlord
Hm. The occasional "where are you and where did you come from?" when posting. Being seasoned I copy before clicking, I go back, paste, submit, np.
added on the 2014-12-17 21:53:05 by Photon Photon
The site is being hit by a bot running from a Linode service looking for exploits:
Code:li747-39.members.linode.com - - [19/Dec/2014:16:51:36 +0100] "GET /prodlist.php?order='%2bresponse.write(9512624*9773067)%2b'&page=12&platform%5b%5d=1&type%5b%5d=1 HTTP/1.1" 403 516 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" li747-39.members.linode.com - - [19/Dec/2014:16:51:36 +0100] "GET /prodlist.php?page=15&platform%5b%5d=1'%22()%26%25<ScRiPt%20>prompt(988739)</ScRiPt>&type%5b%5d=1 HTTP/1.1" 403 516 "http://www.pouet.net:80/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" li747-39.members.linode.com - - [19/Dec/2014:16:51:36 +0100] "GET /search.php?page=4&type=user&what=WEB-INF/web.xml HTTP/1.1" 403 514 "http://www.pouet.net:80/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" li747-39.members.linode.com - - [19/Dec/2014:16:51:36 +0100] "GET /prodlist.php?page=29&platform%5b%5d=1&type%5b%5d=1 HTTP/1.1" 403 516 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"

I set up a rule to block out that IP and both sent a mail to Linode and visited their support IRC, where I got the following great advice:
Code:[17:06] <akerl> Gargaj: Welcome to the internet
added on the 2014-12-19 17:19:22 by Gargaj Gargaj
maybe a few tweets about it will make them care to check it out
added on the 2014-12-19 17:24:42 by psenough psenough
Their abuse department says they're on the case.
added on the 2014-12-19 17:29:14 by Gargaj Gargaj
Quote:
Thank you for making us aware of this issue, I have gone ahead and relayed this complaint to our client. We will ensure that this matter is resolved.

...
added on the 2014-12-19 17:31:38 by Gargaj Gargaj
They did respond, sure. The problem is that it takes 24h for them to deal with the case and it took 2-3h for whoever was running an exploit to run it. I wouldn't even have noticed if he wouldn't have hit the single-character-search bottleneck.
added on the 2014-12-22 22:29:58 by Gargaj Gargaj
But then, I'm guessing the dude wasn't just running it on Pouet - if they were aiming at Pouet all they would've needed is to look at the source.
added on the 2014-12-22 22:30:41 by Gargaj Gargaj
clicking the button to vote for the logos, and then logging in on the form I'm presented with leads me back to the front page instead of back to the logo-voting page.
added on the 2014-12-23 14:38:31 by kusma kusma
yeah, looks like typical "clueless" scanning for vulnerabilities (not exploits). Even if you don't know that the source code is available, using typical vulnerability patterns for OGNL (or classic ASP?) and for Java Webapps is usually quite pointless if most URLs end with .php :)

scanning for reflected XSS may make some sense, but as it will exploit the users and not the server, I think it will require manual intervention to make a nice spam post from it.

I assume the guy ran Nikto (or similiar) on a list of URLs it got from crawling the web before, without really looking at what he was scanning - and probably he won't have been able to understand the results anyway.

Probably (if his scanning was deterministic enough or he tried often enough) it might have been hilarious to add some code to the page to handle that first OGNL pattern (i. e. write the result of the multiplication somewhere inside the page) - without actually evaluating the code, just check for regexp and parse out the two factors - and observe what happens (if it automatically tries something more evil, like a real exploit, or if it is really just plain Nikto or similar which will list the OGNL vuln (if it was that) in its report and that's it).
added on the 2014-12-23 16:53:26 by mihi mihi
An url like this:
Code:[ url=- ]--------------------------------------------------------------------------------------------[ /url ]


Generates an odd space in the preview. I can't seem find out why, and it isn't allways the case. The example didn't pop up when I replaced the "-" with an "=" for example.
I ran into it when I posted this url : http://petapixel.com/2015/01/01/projector-brought-forest-turns-nature-glowing-wonderland/ in this prod http://www.pouet.net/prod.php?which=59107. I noticed the space in the word 'wonderland', right after the "o".

Here you can see the space, as seen in Chrome on a 64 bit windows:

BB Image
added on the 2015-01-05 10:34:16 by numtek numtek
2 gifts for NY was born holywars, including insults:
http://www.pouet.net/prod.php?which=64839#c713658

is possible to add "Enhanced Spectrum" platform category or ban AloneCoder as provoker?
added on the 2015-01-05 15:02:57 by g0blinish g0blinish
I can fix Pouet. I can't fix people.
added on the 2015-01-05 15:05:15 by Gargaj Gargaj
imho preventive fix would help.

Indeed, gifts has been created not for glops, only to congrats Scene.
added on the 2015-01-05 15:24:23 by g0blinish g0blinish
I'm working on a solution but as you can imagine it's not as easy as it sounds.
added on the 2015-01-05 15:29:08 by Gargaj Gargaj
anyway subdividing is a way to begin flamewar.
a person banned for provocations at zx.pk.ru.seems he is improving skill...
added on the 2015-01-05 17:11:10 by g0blinish g0blinish
Quote:
subdividing is a way to begin flamewar.

Whut?
added on the 2015-01-05 17:14:22 by Gargaj Gargaj
Quote:
Whut?


2 comments from AlCo:

http://www.pouet.net/prod.php?which=64839#c713511

http://www.pouet.net/prod.php?which=64770#c712928
added on the 2015-01-05 17:30:03 by g0blinish g0blinish

login

Go to top