Quick note about uploading avatars to the server

[Hoops McCann]

Two days ago, I was reading about a security vulnerability in the forum software over on the SMF forums. Without going into too many details, it involves uploading an avatar to the server which actually isn't a picture, but a file with php code. Over 1,000 sites using SMF 1.1.8 have been hacked already!

To prevent an attack here, I've temporarily disabled uploading avatar images to the server. If you already have an avatar, this doesn't affect you. Once SMF releases a patch to fix this vulnerability, I will install it and re-enable uploading avatars. Thanks.

[Rollergirl]

OK.
I didn't understand any of that, only that you are doing a good job!

[Hoops McCann]

We're patched and upgraded, but apparently there are still some security issues with this, so I'm going keep the uploading of avatars turned off for now. It doesn't seem to directly affect anyone anyway.

The interesting (and somewhat scary) thing is that there is 1 hit in the server logs from one of the IP addresses that I banned that was associated with this attack. So there was at least one, albeit foiled, attempt to hack the site.

[Pottel]

so we are already that popular, dunno if that is a good or a bad sign 

[Mossguitar]

Hi! Is it still not possible to upload avatar images? I'm trying to upload my own pic to my profile, (150x225 pixles), but that ain't working.. :-)

Morten

[ds1984]

Hi! Is it still not possible to upload avatar images? I'm trying to upload my own pic to my profile, (150x225 pixles), but that ain't working.. :-)

Morten

-> upload it first to a hosting image site such as imageshack or another and then in you profile link it to the hosting site instead of uploading it.

I did that and it is working  nice 

I like this pic sooooooooooooooooooo much! If only I could buy an original print of it.

[Hoops McCann]

Hi! Is it still not possible to upload avatar images? I'm trying to upload my own pic to my profile, (150x225 pixles), but that ain't working.. :-)

Morten

er, yes, I need to do the next upgrade first.

[Mossguitar]

So that means I have to wait a bit, then?

The image is on my facebook profile. I just have to link to the URL of that perticular image, and then it should be OK?

[Hoops McCann]

So that means I have to wait a bit, then?

The image is on my facebook profile. I just have to link to the URL of that perticular image, and then it should be OK?

Yes. Profile > Forum Profile Information > "I have my own pic:"

[Hoops McCann]

I finally had a chance to upgrade the forum to 1.1.10. Uploading avatars has been turned back on.

[shangri la 1]

  Nice work Dan. Good to know you are there keeping this great forum running smoothly. 
If we aren't the best MK forum yet - we soon will be.....

[Waterline Man]

I like this pic sooooooooooooooooooo much! If only I could buy an original print of it.
[/quote]

ds1984,
I have this poster with all the Irish gigs from the GH tour framed on a wall at home - its the classic MK pic

[AFknopfler]

Hello, I can't change my avatar. When I upload or put a link to an image I see a "error message".

[Hoops McCann]

Hello, I can't change my avatar. When I upload or put a link to an image I see a "error message".

Can you post a link to the image that you want to use as an avatar here?

[BrianT]

Dan

Can you please tell me what the max size is for an Avatar.

Thanks Brian