Jump to content
  • 5

Allow Linking Of Hyper-Links to the Forums, In-Game


Xatu

Question

Recommended Posts

  • 0
On 9/3/2017 at 10:28 PM, Kyokatsu said:

Maybe it could be done if the guy sending the link was on the receiver's friend list? I mean, links sent on the team chat are already clickable, and I never heard of anyone getting hacked because of that

Just because you haven't heard of it happening that doesn't mean it doesn't happen. I'm not saying it has or anything of that nature. Teams can kick players who abuse links and report them to us for further action. The issue is players spamming links in chat to other players has the inherent security risk of compromising the account of the person following it. This stuff still happens even with links not clickable. Having any link clickable is a very severe security risk which is why public clicky links are reserved for staff only.

Link to comment
  • 0

Honestly just say it: you dont want to spend any time on somehow make it workable for all.

 

You simply won´t get hacked just by following a link unless u click something else. Common Internet knowledge that either everyone should have or learn it asap.

If ppl dont know they deserve to be hacked in order to learn such things. Definetly not the Task of a Staff. Ofc you are interested in account security, but infact as others already mentioned: you can do it already in Teamchat. Also in PM at Forums. So if I wanted to get somebodys account info i would not choose allchat, since there are definetly more witnesses than PM in Forum or Teamchat.

Friendlist option for Whispered Link sounds like a good idea, but ofc there would still be ppl falling for it. Point is: these ppl will be dumb their whole life and will get scammed over and over no matter what you do on that link thing.

Link to comment
  • 0
4 hours ago, BudsBender said:

Honestly just say it: you dont want to spend any time on somehow make it workable for all.

 

You simply won´t get hacked just by following a link unless u click something else. Common Internet knowledge that either everyone should have or learn it asap.

If ppl dont know they deserve to be hacked in order to learn such things. Definetly not the Task of a Staff. Ofc you are interested in account security, but infact as others already mentioned: you can do it already in Teamchat. Also in PM at Forums. So if I wanted to get somebodys account info i would not choose allchat, since there are definetly more witnesses than PM in Forum or Teamchat.

Friendlist option for Whispered Link sounds like a good idea, but ofc there would still be ppl falling for it. Point is: these ppl will be dumb their whole life and will get scammed over and over no matter what you do on that link thing.

It's not about getting hacked it's about allowing avenues of attacks for which malicious software could be distributed thus compromising the security of players accounts. Best practice for any online development dictates that you close off as many avenues of attack as possible. Malware is the biggest threat to the average computer user. Please do not talk down to players with regards to risks posed by allowing all hyperlinks to be clickable. Just because you know something that does not mean everyone knows it. Understand that our development team does have a lot of expertise with regards to security. I personally have also done professional level Web Development and understand these details. It has nothing to do with laziness at all.

Link to comment
  • 0

Well therefor you could check the last post of Friedrich Nitzsche. He already showed a way. Now just improve what he was pointing out.

 

Like:

You don´t need constant check, a daily patch for the Links that are from guides. Then if the Users list and Servers List arent same: nope(login).

Another thing: If User B sends a Link to user A , User B can´t send another link to A without any response. So every further message would either create an error message for B, or if B tries to work arround with normal text: as long as no response from A, B can´t send another Link.

Edited by BudsBender
Link to comment
  • 0
9 minutes ago, BudsBender said:

Well therefor you could check the last post of Friedrich Nitzsche. He already showed a way. Now just improve what he was pointing out.

 

Like:

You don´t need constant check, a daily patch for the Links that are from guides. Then if the Users list and Servers List arent same: nope(login).

Another thing: If User B sends a Link to user A , User B can´t send another link to A without any response. So every further message would either create an error message for B, or if B tries to work arround with normal text: as long as no response from A, B can´t send another Link.

i am very against this happening. dont take what i say out of context pls. i was pointing out how it could happen to pointing out the difficulty in making it work. pay attention to the part where i say "even if you get the system working their will likely be a exploit to get around the security".

 

also you're anti spam idea would have false positives.

"hey can you send me that llink"

~sends link~
end of conversation.

now the person who sent the link can not send any more links from the sound of it indefinitely. 

 

also my name is fredrichnietze not fredrich nitzsche

 

Link to comment
  • 0

Well and i showed how ur idea could work without a constat rechecking of Forums.

Btw u got me wrong: the Person can´t send Links to A, if he sends the same link to User C it would be completly fine. So someone would have to get online userlists first before he could exploit it there anymore. ( that would produce a scenario where User B sends his link ONCE to all online Users, including Mods and GM´s so you would be alerted )

 

 

sry on ur namething, thought u were referring to a smart person with that ;)

 

Edited by BudsBender
Link to comment
  • 0

I can't see this being very viable. Also no Fred, although what you said might be true, the problem wouldn't be that, I could see people using trade chat to link to forum instead and create a complete mess, more than it already is in trade chat, and lets be honest, if you enter a phishing website, you really are not responsable enough to be in the internet, especially considering all the warnings everywhere right now, and the fact that many domains have been shutdown by ISPs to help preventing that.

Linking directly to guides would be pointless, just tell newbies, we got a forum and that they can go into guide tavern and have all their questions answered. If they still don't want to go, fk it, you did your job, they have to stop being lazy and search by themselves, are you gonna spoon feed them forever?

 

So, I completely agree with Noad point of view.

Edited by redspawn
Link to comment
  • 0
On 8/16/2017 at 11:19 AM, Parke said:

He asked for only pokemmo forum links to be the ones that embed Fred you dumb fuck

Pretty sure there are ways to trick the filter & thus allow the potential for malicious software to be shared & spread.

 

Sadly I am not tech savvy enough to explain how! s:

Link to comment
  • 0
51 minutes ago, RealLifeAngel said:

Pretty sure there are ways to trick the filter & thus allow the potential for malicious software to be shared & spread.

 

Sadly I am not tech savvy enough to explain how! s:

If the ''censorship'' is just  *forums.pokemmo*, ofc it's easy to trick, someone with the slightest php knowledge could make a phishing website good enough to trick kids. But if is something like httpS://forum.pokemmo.eu/* , there is no chance for them to trick you into. The best they could do is lead you to a post with a phishing website in it, but still inside the forum. 

* symbol means, anything can be behind or after the word.

Link to comment
  • 0
7 hours ago, redspawn said:

If the ''censorship'' is just  *forums.pokemmo*, ofc it's easy to trick, someone with the slightest php knowledge could make a phishing website good enough to trick kids. But if is something like httpS://forum.pokemmo.eu/* , there is no chance for them to trick you into. The best they could do is lead you to a post with a phishing website in it, but still inside the forum. 

* symbol means, anything can be behind or after the word.

https://[email protected]

Link to comment
  • 0
11 hours ago, Desu said:

But that's a redirect domain, and goes against what I just said.  httpS://forum.pokemmo.eu/*  the slash prevents that from happening, also you can just censor @, not to hard.

 httpS://forums.pokemmo.eu/@www.smug.moe


edit2: just to test out something further 
https://forums.pokemmo.eu/[email protected]https://forums.pokemmo.eu/index.php?/topic@theuselessweb.com

edit3:also, you guys can just make sure the user goes into a subpage in which it tells them, they are being redirected to: blablabla, do you wish to continue? Not a big deal either.

Edited by redspawn
forgot the s, in forums
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.