v bulletinauthorization.blackapplehost.com ?

speak · 08-01-09, 04:29 PM

when i open some of the threads in the UI section of this forum, i receive a popup saying:

A username and password are being requested by http://vbulletinauthorization.blackapplehost.com. The site says: "You must login to continue viewing this page.-3237"

This popup has a text entry box for username and for password.

for instance,i get this popup when i visit the thread here
http://www.wowinterface.com/forums/s...ad.php?t=25892

i have not entered any information in the box, but i can still post just fine.

i'm using firefox 3.5.1 with addons noscript, adblockplus and a few other minor ones.

blackapplehost.com looks like it's a free webhosting site, and looks like someone might be using it to try and scam some passwords.

Miralen · 08-01-09, 04:35 PM

As a side note, I came to read this post and was hit with a window that popped up that gave me this junk:

A username and password are being requested by http://vbulletinauthorization.blackapplehost.com. The site says: "You must login to continue viewing this page.-3237"

I of course hit cancel and I could still view this thread but anyone else seen this before. I am not sure if its something on my computer or just something from the site here I have never seen if before and it only did it to me here I tried multiple other newer threads and didnt get hit with it. but each time I visit this particular thread I get hit with that message. It comes with a box for my login name and password I assume for this site but I hit cancel each time and am able to view the thread anyways.

speak · 08-01-09, 04:37 PM

yep heres part of the page source for WowAddonUser's signature:

Code:

<img src="http://flashenabled.files.wordpress.com/2008/05/create-a-cool-signature.jpg" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /><br />
<img src="http://vbulletinauthorization.blackapplehost.com/index.php" border="0" alt="" onload="NcodeImageResizer.createOn(this);" />

bad poster! bad!

***Cairenn*** · 08-01-09, 07:16 PM

Thanks for the heads up guys, we've taken care of the account. Sorry about that.

speak · 08-01-09, 09:55 PM

Thanks. and sorry lol, i didnt think the code i posted in this thread would be parsed :O

thanks for editing it out C

AnrDaemon · 08-09-09, 06:48 AM

Originally Posted by Cairenn

Thanks for the heads up guys, we've taken care of the account. Sorry about that.

Well but why script handlers allowed in the forum HTML anyway? Or more precise, if there's any real need for HTML being allowed for regular users?

***Dolby*** · 08-09-09, 07:13 AM

We don't allow html. If you look at the posting rules in each forum "HTML code is Off".

The user had an image in his signature using the [img ] bbcode tag that was put behind a .htaccess/.htpasswd on their server. It happens from time to time. We either have to disallow remote img bbcode or just deal with it when it happens. I don't think many users would be happy with us removing the img bbcode. This is really a security flaw on all browsers end. The browser should see that the image is from a different domain and ignore it if its requesting authentication. Instead it tries to authenticate with the server hosting the image thus asking for a password.

There was no html in his signature. Ofcourse when you look at the source code in your browser it will show html because a browser doesnt know bbcode. The forum software parses the bbcode into "safe" html.

AnrDaemon · 08-09-09, 07:51 AM

Oh, sorry, i misunderstood. Interesting trick.