I didn't know where else to put this. If you click on your username in the top left corner on the homepage it links to a page stating "hacking attempt!"
Err . . . what is up with that? has anyone else seen this?
missing link on homepage
Moderator: The Dread Knights
- Ilokir lúinwë
- Asur Bane
- Posts: 1331
- Joined: Wed Jan 05, 2005 4:38 pm
- Location: Questing through the nine plains of Hell
Tarbo wrote:It's probably a transition error. Editing a profile requires to supply the password no matter whether you're logged in or not. It's possible this link tries to shortcut it, hence the server registers it as a hacking attempt.
Use the "Control Panel" menu instead to change your profile.
Class: Warrior
Ws: 6 dex: 4 str: 4 T: 3 Int: 4
Skills: Awareness, Defensive fighting, Parry
Equipment: Medium armor, Longsword, 2 Throwing daggers, 50 gold coins
Don't forgive, don't forget
Ws: 6 dex: 4 str: 4 T: 3 Int: 4
Skills: Awareness, Defensive fighting, Parry
Equipment: Medium armor, Longsword, 2 Throwing daggers, 50 gold coins
Don't forgive, don't forget
- Tarbo
- Morathi's Best Friend
- Posts: 1203
- Joined: Tue Oct 04, 2005 5:06 pm
- Location: Flanders, Belgium
Myeah, turns out I was wrong. I just did a bit of "research"--clicked and typed a few things--and came to the following conclusion.
Editing your profile is done with the profile.php?mode=editprofile URL. However, the link on the front page also supplies a number: your user ID. Your session state (cookies, in this case) should be enough to deduce who you are, so it can also find your profile. Perhaps the server has some algorithm error while authenticating, or it automatically does off such URLs as hacking attempts.
http://www.druchii.net/profile.php?mode=editprofile&N should give an error message, with 'N' any whole number.
Perhaps we could ask a webmaster (hint, hint) to remove the superfluous user ID from the profile link on the home page?
Editing your profile is done with the profile.php?mode=editprofile URL. However, the link on the front page also supplies a number: your user ID. Your session state (cookies, in this case) should be enough to deduce who you are, so it can also find your profile. Perhaps the server has some algorithm error while authenticating, or it automatically does off such URLs as hacking attempts.
http://www.druchii.net/profile.php?mode=editprofile&N should give an error message, with 'N' any whole number.
Perhaps we could ask a webmaster (hint, hint) to remove the superfluous user ID from the profile link on the home page?