W13 Posted September 19, 2006 Share Posted September 19, 2006 For several versions of IPB we've had problems with our server overloading suddenly out of nowhere. We found it out to be some sort of cookie injection hack. Also found this http://marc.theaimsgroup.com/?l=bugtraq&am...8006860&w=2So it would be great to see an improved cookie injection protection system in IPB 2.2 series.W. Link to comment Share on other sites More sharing options...
Stewart Posted September 19, 2006 Share Posted September 19, 2006 Invision Power Board 2.2.0 introduces a 'stronghold' cookie. This cookie is saved alongside the member log in key and contains very specific information about the computer that's being used to access the forum. A stronghold cookie will not work on another computer or even for another user. This means that even if a hacker had your cookie information they would be unable to log in as you because the stronghold cookie check will prevent that.Furthermore, IPB 2.2.0 also takes advantage of "HTTP Only" cookies to prevent javascript from accessing sensitive cookies. This will make it much harder to gain a member's log in cookies and increases security against XSS attacks.Already present in the Security Enhancements in IPB2.2 :)The specific exploit you link to would have been prevented by the new SQL injection protection, also in 2.2 :thumbsup: Link to comment Share on other sites More sharing options...
theslamforevryone Posted September 20, 2006 Share Posted September 20, 2006 ^^Amazing catch there guys. I think this will again stay at the top of being the MOST secure product out there...vb and phpbb just do NOT stack up what so ever....Keep it up guys! Link to comment Share on other sites More sharing options...
Mat Barrie Posted September 20, 2006 Share Posted September 20, 2006 ^^Amazing catch there guys. I think this will again stay at the top of being the MOST secure product out there...vb and phpbb just do NOT stack up what so ever....Keep it up guys!vBulletin proves your point by the fact that it's official site and forum are currently down ;) Link to comment Share on other sites More sharing options...
theslamforevryone Posted September 20, 2006 Share Posted September 20, 2006 Hehehe. Deffinatly does...Oh and excellent job too, to the server configurators for this site...hasnt gone down once so far (that ive seen). speedy as hell too. Would think with all these members on bashing this place reading the new threads that it would be crashing. But its not...excellent yet again! Link to comment Share on other sites More sharing options...
riven3d Posted September 20, 2006 Share Posted September 20, 2006 you wasnt here earlier then, it has crashed once so far that i know of. Link to comment Share on other sites More sharing options...
Mat Barrie Posted September 20, 2006 Share Posted September 20, 2006 you wasnt here earlier then, it has crashed once so far that i know of.Mmmhmm. One crash today, didn't last all that long. But bear in mind, there is more on this server - it also hosts IPSBeyond. But it is a testament to its stability that it can handle 1,000 concurrent users (and that its record maximum is 32,000 concurrent members!)I don't know of any other forum software that handles that without a hitch, even multi-million dollar corporations (Blizzard Entertainment springs to mind) can't build software THAT stable! Link to comment Share on other sites More sharing options...
Management Charles Posted September 20, 2006 Management Share Posted September 20, 2006 you wasnt here earlier then, it has crashed once so far that i know of.We had an issue caused by the increase in traffic at the server level... IPB 2.2 itself is running pretty good actually. We are quite pleased. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.