Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
LPDev Posted August 13, 2016 Posted August 13, 2016 Morning all! We've just upgraded to the 250 user chat, and are currently letting our mods run amok with it. The issue that a few of us kicked around a few hours ago is the potential for attacks to be launched through the chat feature. This is, unfortunately, something we have to worry about, as our community is regularly targeted for that sort of thing. The first issue is chat flooding. There don't seem to be any controls in place to prevent it or set limits. One of our mods deliberately flooded the chat yesterday afternoon to see what it would let her get away with, and we found that she apparently could have gone on forever. We did write a JavaScript snippet to limit text entry, but I'm not entirely sure where to put it or if it would break our forum. The other concern we have is SQL injection. We didn't try this one for obvious reasons, but if chat flooding is so easily done, we're worried there may not be anything in place to guard against this, either. Are there steps I can take to lock things down enough to protect us from the more common variety of malicious behavior? Thanks!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.