Author |
Message |
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Mon Jan 26, 2009 5:32 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
Maybe then it would be an idea to wait until 1st Feb just in case there is an official release in which there are other changes.
As you say not long to go so must be worth the short wait to see.
Jim
|
|
Back to top |
|
|
Dog Cow Board Member
Joined: 18 Nov 2008
Posts: 378
|
Posted: Mon Jan 26, 2009 5:34 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
I asked Kellanved if there is a chance it will be officially released. I am still awaiting his answer.
|
|
Back to top |
|
|
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Mon Jan 26, 2009 5:54 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
In Firefox if you select "Tools">"RefControlOptions the you will see what is in the image below.
Click the "Edit" and select to Block
Images are in reverse order.
Jim
Edit
Dave.
Why are images uploaded via your Attachment mod always very poor quality?
Description: |
|
Filesize: |
33.04 KB |
Viewed: |
1706 Time(s) |
|
Description: |
|
Filesize: |
47.9 KB |
Viewed: |
1692 Time(s) |
|
|
|
Back to top |
|
|
Dog Cow Board Member
Joined: 18 Nov 2008
Posts: 378
|
Posted: Mon Jan 26, 2009 7:00 pm Post subject: Probability of phpBB 2.0.24 release |
|
|
Kellanved wrote: | So, to sum my off-the-record speculation up: extremely unlikely. |
|
|
Back to top |
|
|
roadhog Board Member
Joined: 18 Nov 2008
Posts: 96 Location: Central Texas
|
Posted: Mon Jan 26, 2009 10:30 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
Jim,
I don't see "RefControlOptions" on my "Tools" menu.
Dog Cow,
Are you reasonably sure that the correct parameter would be:
network.http.sendRefererHeader;0
rather than:
network.http.sendSecureXSiteReferrer;false
If we pick the wrong one, we will assume that we have the problem licked, when, of course, we might not. IOW, I'm messin' with stuff that I don't fully understand, here.
Wait a minute, I'm always messin' with stuff that I don't fully understand - in this case, I'm messin' with stuff that I don't understand at all.
I'm thinking that maybe I'd better just make the code changes to those php files, that you posted about, and be done with it, (hopefully).
|
|
Back to top |
|
|
Sylver Cheetah 53 Board Member
Joined: 17 Dec 2008
Posts: 426 Location: Milky Way
|
Posted: Tue Jan 27, 2009 7:09 am Post subject: Re: The Final phpBB 2 Security Error |
|
|
This is why I say we have to test it live on our boards and try to hack ourself.
roadhog wrote: | Jim,
I don't see "RefControlOptions" on my "Tools" menu. |
Me neither.
_________________ Image link
My Forum || My Blog
phpBB2 forever! |
|
Back to top |
|
|
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
|
Back to top |
|
|
Dog Cow Board Member
Joined: 18 Nov 2008
Posts: 378
|
Posted: Tue Jan 27, 2009 3:06 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
roadhog wrote: |
If we pick the wrong one, we will assume that we have the problem licked, when, of course, we might not. |
Let's do a test then.
This web site will tell you what referrer was sent to it: http://www.whatismyreferrer.com/index.php
So if you click it now, you should see phpbb2refugees.com is the referrer. We can now adjust that setting in Firefox and see which one will disable it completely.
Conclusion: it does indeed appear to be true that setting config option network.http.sendRefererHeader to equal zero disables Firefox from sending the referrer information.
|
|
Back to top |
|
|
dogs and things Board Member
Joined: 18 Nov 2008
Posts: 628 Location: Spain
|
Posted: Tue Jan 27, 2009 3:19 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
Hm, according to Dog Cow's link my site's sends it's referrer despite the fact that according to the settings of Jim's add-on no referrer should be sent.
My first guess is that I'm missing something, allthough it looks like I did things right: Installed the add-on, blocked my site from sending referrers, posted Dog Cow's link on my board and clicked on it.
_________________ phpBB2 will never die, I hope! |
|
Back to top |
|
|
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Tue Jan 27, 2009 4:29 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
Quote: | What is my referrer?
Referrer: -
IP: 79.69.6.109
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Host Name: 79-69-6-109.dynamic.dsl.as9105.com
Request Method: GET
Query String: - |
No referrer sent.
The add on gives the ability to spoof a referrer as well.
Quote: | What is my referrer?
Referrer: http://phpbb.com
IP: 79.69.6.109
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Host Name: 79-69-6-109.dynamic.dsl.as9105.com
Request Method: GET
Query String: - |
Jim
|
|
Back to top |
|
|
dogs and things Board Member
Joined: 18 Nov 2008
Posts: 628 Location: Spain
|
Posted: Tue Jan 27, 2009 5:31 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
How did you do it?
I put my site in the proper place, indicate referrers should be blocked and that should be it. Or not?
_________________ phpBB2 will never die, I hope! |
|
Back to top |
|
|
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Tue Jan 27, 2009 5:38 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
dogs and things wrote: | How did you do it?
I put my site in the proper place, indicate referrers should be blocked and that should be it. Or not? |
How do you mean you put your site in the proper place?
Just click the link above and see what it says. Do not copy the link to your site - no need.
Jim
|
|
Back to top |
|
|
roadhog Board Member
Joined: 18 Nov 2008
Posts: 96 Location: Central Texas
|
Posted: Tue Jan 27, 2009 5:43 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
Excellent Jim!
Got it. Thank you sir.
Dog Cow,
Thanks for the link - that's mighty handy. I appreciate your checking it out, and verifying that it works, too.
|
|
Back to top |
|
|
dogs and things Board Member
Joined: 18 Nov 2008
Posts: 628 Location: Spain
|
Posted: Tue Jan 27, 2009 5:47 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
I mean that I added my site to the add-ons list of site's that should be blocked from sending referrers.
After doing that I posted a topic on my board that includes the link Dog Cow placed, I clicked on that link and that topic's url appeared where you show an empty referrer.
_________________ phpBB2 will never die, I hope! |
|
Back to top |
|
|
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Tue Jan 27, 2009 5:52 pm Post subject: Re: The Final phpBB 2 Security Error |
|
|
Nope.
That is for you to specify what referrer you want to send to those sites when you connect to them and not what you want the site to send.
I left that panel blank.
If I wanted to I could add this site and tell it that I want my connection to appear to have come from phpbb.com. Get the idea?
Jim
|
|
Back to top |
|
|
|