Announcement

Collapse
No announcement yet.

Introduction Threads - Security Issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Introduction Threads - Security Issue

    Hi,

    (all names here are made up for the purpose of this post)

    I've just noticed today a method of linking some peoples trackernames to their TI Names.

    If they make a mistake and create their TI name as the same as their Tracker name (lets say its "Sillyuser") then the thread is titled "Introduction for Sillyuser"

    They then realise they have to change names, so they request a name change to "Secondchance"

    They then do everything right and get repped in by a responsible TI Member.

    three weeks later, Secondchance posts a giveaway in the forums. A spy reads it and wonders "who the hell is Secondchance, giving away invites to my tracker" so he looks through their threads for information. By searching for all threads started by Secondchance, he finds His intro post, still titled "Introduction for Sillyuser". The name on the OP is "Secondchance" thus linking the two names together... Therefore the Spy goes back to his tracker and reports that Sillyuser is giving away invites on TI, people get banned etc etc.

    I suggest one of two actions to fix this fault

    1) Make it so nobody except TI Admins can view closed Intro threads (or intro threads older than 4 days)

    2) Change the rules that if somebody makes that mistake, they have to post in their intro thread that they withdraw their request for membership, then they have to create another account with a new name, and creates a new intro thread.

    There may be a better way of fixing it, but i don't know of it, and i believe that you should always offer a solution with every problem.

    Thanks,
    Coldflame
    Last edited by coldflame; December 12, 2009, 05:20 AM.

  • #2
    The easiest way would be if they get their name change then edit the title of their post.
    Born of mortal flesh and blood, she has toiled with understanding cyphers at times so oblique as to defy all understanding, drawing the attention of those so hidden in the shadows that their substance is not even the stuff of legends. Her work, both revered and reviled, continues to this day, as The Exalted.

    Lovin' T-I !!!!

    Custom avatar created by demon. Thank you so much!

    Comment


    • #3
      I agree, this has to be fixed. But please DON'T close the old intro threads for normal T-I members. This is how we catch 80% of our cheaters!

      Upon name change, admins (or the invitee himself, or via a script) should just edit the topic title of the introduction.

      Comment


      • #4
        Can new users edit their thread title? For some reason i remember not being able to - though i tried it just then in this thread and i was able to.

        But yeah, that would work too... as long as people actually do it.

        And good point Archi about not locking the old intro threads away... I didn't really think that one through, but then again, thats what having a discussion is all about. two heads are better than one :)

        Coldflame

        Comment


        • #5
          This is indeed a security issue. I think the most obvious fix is to edit the thread title. However, we get approximately 20 name change requests a day... we must make the name change, then search for their intro, then edit the title, then return to the admincp to continue changing names... imagine how time consuming this then becomes.

          And no, n00bs cannot edit their own thread titles.

          I am going to pass this problem onto Dave. Perhaps a simple programming fix could solve the problem.

          Comment


          • #6
            I no I am a "noob" however it should be possible to add into the field ID somewhere where the user inputs there requested username when signing up and below in red letters you could have it say "Please make sure your username is unique and not the same as trackers you are a part of" something like that.

            It may not solve the problem completely but having it there should cut down the username change requests dramatically.

            Comment


            • #7
              I second this, actually I justed posted a topic on this a few minutes ago only to find that this one was already setup.

              I am removing my topic now.

              Comment

              Working...
              X