So you can tell your little friends at Fetch, nice try ...... just because I exposed their forum to be riddled with security holes, I didnt expect them to go crying to you to get me banned.
I'm not surprised it caused a tizz but to ban you for demonstrating a flaw rather than saying "Thanks, we take your point, we'll look into it (but please don't do it again!)" seems a bit childish.
I do find it funny that rather than address the issues they would rather just ban people who bring it up.
There are 2 quite simple things you could do that would solve 99% of spam (and in reality it would be 100% as the other 1% would be such a pain in the a..e to get around, no spammer would bother).
You're writing scripts to intentionally spam forums and you're making statements like "I could have easily wrecked the whole thing". Why wouldn't we ban you? Report security issues like normal people, we know you can write scripts, well done, but you surely can't expect to behave like this and not expect a swift reaction? You actively attempt to break the forum so why should you be allowed to use it.
Fetch was set up by one guy as a hobby and was so successful that RW bought him out. He never claimed (to my knowledge) to be a computer whizz so it doesn't surprise me that you have managed to find faults with the site.
RW employ professionals to maintain their site so they should have better controls, but I'm not about to test them out.
You're writing scripts to intentionally spam forums and you're making statements like "I could have easily wrecked the whole thing". Why wouldn't we ban you? Report security issues like normal people, we know you can write scripts, well done, but you surely can't expect to behave like this and not expect a swift reaction? You actively attempt to break the forum so why should you be allowed to use it.
People report issues all the time though Ben. It takes ages to get them fixed, if at all. David's actually pointed out what you need to do to fix some of them but never been replied to.
I don't condone what he did but a least it seems to have made you guys finally sit up and take notice. Perhaps you should pay him to fix them for you rather than banning him?
You're writing scripts to intentionally spam forums and you're making statements like "I could have easily wrecked the whole thing". Why wouldn't we ban you? Report security issues like normal people, we know you can write scripts, well done, but you surely can't expect to behave like this and not expect a swift reaction? You actively attempt to break the forum so why should you be allowed to use it.
If, as Screamy says, RW took any notice of the forumites who point out the issues with the forum, then I'd take your point.
However, there have been problems on here for a very long time, which RW seems happy to pretend to deal with, but in reality ignore.
To have banned DF3 (who has pointed out not only what is wrong with this forum, but how it could be fixed), seems petty and childish.
it seems to me that RW and Fetch need to sort their act out and take what DF did in board - if he can do it, then no doubt some other malicious script kiddy could do the same.
much as I get peed off with RW forums these days, they're still better than Fetch have ever been but neither are floating my boat much these days
Things get changed all the time as well, with no notice at all of what the change is. A few weeks ago something was changed that made the forums unusable on iPhones/iPads. DF3 pointed out it was because the adverts were taking priority over the content and slowing the whole site down. I may have missed it, but I didn't see any feedback on that...the issue was just fixed with no feedback or anything (apologies if I missed the feedback).
Only a small thing but I pointed out an issue with uploading pictures from an iMac. No response, but miraculously it was fixed later on (of course, I only found out it was fixed because I tried it a couple of weeks later).
A quick update by RW on the website bugs area or somewhere would really help I feel.
SuperCaz - whilst I'd never claim to be a computer whizz, I'm an engineering graduate and have been a professional web developer for 14 years
What David did yesterday amounted to little more than pressing "submit" lots of times with some random post content. I don't consider it to be a security breach, but I have blocked his IP address on Fetch, and asked RW to do the same.
I can't speak for RW, but I'm always happy to receive legitimate suggestions for improvements to Fetcheveryone, and I'm first to laugh when people tell me it's clunky or in need of improvement. However, I don't believe that attempting misuse on this scale is appropriate for any user.
Comments
Ah, so are you DF3? I need to know so I can 'hide' you again. Thanks.
How did that get you banned on here?
Oh sh1t - I missed that thread completely and now it's gone.
Who are Fetch and what was it all about - did you short circuit their security procedures?
DF(?), how come you can't spell your surname?
Aah..OK.
I'm not surprised it caused a tizz but to ban you for demonstrating a flaw rather than saying "Thanks, we take your point, we'll look into it (but please don't do it again!)" seems a bit childish.
And obviously one of them isn't just to ban you?!
Oh, Daisy and SR are reunited! I feel a little bit teary....
You're writing scripts to intentionally spam forums and you're making statements like "I could have easily wrecked the whole thing". Why wouldn't we ban you? Report security issues like normal people, we know you can write scripts, well done, but you surely can't expect to behave like this and not expect a swift reaction? You actively attempt to break the forum so why should you be allowed to use it.
Then you were wrong Buttercup.
Buttercup and Daisy aww.......
DF - your DF3 account still appears to be present. Have RW stopped you from accessing it then?
Fetch was set up by one guy as a hobby and was so successful that RW bought him out. He never claimed (to my knowledge) to be a computer whizz so it doesn't surprise me that you have managed to find faults with the site.
RW employ professionals to maintain their site so they should have better controls, but I'm not about to test them out.
People report issues all the time though Ben. It takes ages to get them fixed, if at all. David's actually pointed out what you need to do to fix some of them but never been replied to.
I don't condone what he did but a least it seems to have made you guys finally sit up and take notice. Perhaps you should pay him to fix them for you rather than banning him?
If, as Screamy says, RW took any notice of the forumites who point out the issues with the forum, then I'd take your point.
However, there have been problems on here for a very long time, which RW seems happy to pretend to deal with, but in reality ignore.
To have banned DF3 (who has pointed out not only what is wrong with this forum, but how it could be fixed), seems petty and childish.
+1 with Scream
it seems to me that RW and Fetch need to sort their act out and take what DF did in board - if he can do it, then no doubt some other malicious script kiddy could do the same.
much as I get peed off with RW forums these days, they're still better than Fetch have ever been but neither are floating my boat much these days
You wouldn't test someone's body armour by trying to stab them, then expect them to thank you for it.
Things get changed all the time as well, with no notice at all of what the change is. A few weeks ago something was changed that made the forums unusable on iPhones/iPads. DF3 pointed out it was because the adverts were taking priority over the content and slowing the whole site down. I may have missed it, but I didn't see any feedback on that...the issue was just fixed with no feedback or anything (apologies if I missed the feedback).
Only a small thing but I pointed out an issue with uploading pictures from an iMac. No response, but miraculously it was fixed later on (of course, I only found out it was fixed because I tried it a couple of weeks later).
A quick update by RW on the website bugs area or somewhere would really help I feel.
SuperCaz - whilst I'd never claim to be a computer whizz, I'm an engineering graduate and have been a professional web developer for 14 years
What David did yesterday amounted to little more than pressing "submit" lots of times with some random post content. I don't consider it to be a security breach, but I have blocked his IP address on Fetch, and asked RW to do the same.
I can't speak for RW, but I'm always happy to receive legitimate suggestions for improvements to Fetcheveryone, and I'm first to laugh when people tell me it's clunky or in need of improvement. However, I don't believe that attempting misuse on this scale is appropriate for any user.