Stop getting hijacked.

https://addons.mozilla.org/firefox/722/

Only turn it on for sites you can trust.

edit: some other security tips which may help:

Tools -> Options -> Privacy -> Cookies

Untick "allow sites to set cookies"
Exceptions
Add the sites you regularly visit. Hotmail, gmail, google, whatever.
Add the following to your block list: ******** *t35* *tinyurl*

or alternatively:
Go to Tools -> Options -> Privacy -> Cookies
Check "Accept Cookies", "only from originating website".
In the drop-down menu for "Keep Cookies" select "Ask every time"

That way, you only get Cookies from Sites you visit, and get asked everytime a site wants to set a cookie. So you can accept Sputnikmusic, but can deny Tribalfusion forever.

Whoa, I did not know about this...


Thanks, mozz!


/installs

You should make this a sticky.

Cool, thanks mossy.

You should make this a sticky.

This should be announced.

Added another thing which may/may not help but certainly can't hurt.

I'm going to be that guy that puts all my faith in one little extension, and not know anything else about scripts. But this is a nice tool, thanks for the recommendation. I'm "defenseless" otherwise. EDIT: I don't know if it's the noScript that's doing it, but when I edited this post, it gave the actual ASCII key or whatever for my quotation marks, and I had to add them again. EDIT: and now it won't let me make paragraphs.

"Testing."

The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog.

The quick brown fox jumps over the lazy dog.

EDIT: I didn't get any ASCII stuff when I edited this, niobium.

Alright, now it should be good ""

Good? Good.

I'm going to be that guy that puts all my faith in one little extension, and not know anything else about scripts. But this is a nice tool, thanks for the recommendation. I'm "defenseless" otherwise. EDIT: I don't know if it's the noScript that's doing it, but when I edited this post, it gave the actual ASCII key or whatever for my quotation marks, and I had to add them again. EDIT: and now it won't let me make paragraphs.
Weird, I think that may have been something on your end, though it seems to be fixed now.

I had this, but it pissed me off so I got rid of it.

Adblock > Life

After posting for a year + on TOTSE, I've learned never to touch/look at or even be tempted to click tinypic/tinyurl/masked links

edit: Good forum leadership shown by Amanda though.

Cheers!

I can do all that in my Mozilla browser, without a fancy extension.

I added a second way for Cookie control that I usually use. So I have a better overview when and who wants to set cookies.

what exactly would that do??

EDIT: Meaning the extension.

You can configure which sites are allowed to execute JavaScripts, and which sites not.Chad hijacked accounts by using JavaScripts before

/downloading

thanks for explaining that damrod

Posting to inform you that all the javascript is used on sputnikmusic.com. and that my site doesn't read or set cookies - sputnikmusic.com does.

The javascript on the sputnikmusic.com page redirects you to my page, but it also ads your cookies to the url. The script reads them from the url, not from the actual cookies.

A friendly informational post.

Everybody get this and use it if you want to continue to use sputnik.

People need to understand how XSS attacks work. Using no script will not help you if you enable it and click an XSS jacked link. Google XSS or go to wikipedia. They are not hard to understand. They do not take alot of talent to create and only lamers with no real skills would use XSS attacks. But they are nevertheless very dangerous.

I suggest getting splitlink. It will decode and process links. Right click a link you are not sure of and check it. If it looks suspicious avoid it. Many XSS attacks will encode a URL so that the real exploit is hidden with 'weird' characters.

Well I don't think any of us were under the impression that Chad has any real skills, but a lot of us (me, for example) know next to nothing about computers and it's gotten to a stage where even when you avoid all malicious links you can still be hacked. As far as I'm concerned, people who click a cookie-stealing link brought the problem on themselves, but several people now have been hacked while merely browsing the site.

Well I don't think any of us were under the impression that Chad has any real skills, but a lot of us (me, for example) know next to nothing about computers and it's gotten to a stage where even when you avoid all malicious links you can still be hacked. As far as I'm concerned, people who click a cookie-stealing link brought the problem on themselves, but several people now have been hacked while merely browsing the site.

There are other forms of XSS attacks, links are just one kind. If a server had been compromised than it should be completely wiped down and reinstalled with updated software immediately.

I do not know who Chad is sorry.

Oh yeah, Chad's our hacker. We've been through masked links, tinyurl, fake emails, forced redirects, all that. I guess we just have to grin and bear it until someone figures out a solution.

Oh yeah, Chad's our hacker. We've been through masked links, tinyurl, fake emails, forced redirects, all that. I guess we just have to grin and bear it until someone figures out a solution.

You contact the vendor of the forum software and tell them someone has found an exploit. And than they issue a patch and you patch it. It's not rocket science.

You contact the vendor of the forum software and tell them someone has found an exploit. And than they issue a patch and you patch it. It's not rocket science.

I'm under the impression that vBulletin has provided several patches for this board already. Whether or not they've helped, I don't know.

I'm under the impression that vBulletin has provided several patches for this board already. Whether or not they've helped, I don't know.

Than they should probably find someone they trust who knows PHP well and customize the forum to make it very hard for people to hack it.