PDA

View Full Version : Miscellaneous Hacks - Remote Links Interceptor


deathemperor
02 Oct 2006, 22:31
Disclaimer

This is idea belongs to Blizzard Entertainment and its community of World Of Warcraft. I just found it useful for vb so I create this for my site and I think you may need it too. Credits go to Blizzard.

Usage

Recently the acts of keylogger scams and PC security have been increasing. No one wants to lose your credit card numbers, your game accounts, chat logs with your gf or have your PC hacked. Keyloggers and trojan can be installed by just pressing a link. I'm a gamer and I have a board, I don't want me or my friends to get a trojan/keylogger by pressing strange links from the posts on my board. So I found the idea of the world of warcraft community is really nice and vbulletin boards would need one (I actually just saw it this morning).

How does it work ?

The hack will check for any urls that are intentionally/automatically put on [url] bbcode if it is from your website or a remote one. The urls works normally if they are not remote, otherwise a message will display confirming if you want to open it with some advices (those can be edited via RLI_error_message template).

This product use:

one new file.
one new template.
one file edit.
one template edit.
0 query.

To install, follow the steps in instructions.txt.

Demo

http://www.holvn.org/forum/showpost.html?p=89717&postcount=7064

There are 2 links in that post, one is remote.

Compatible
This products work good on both version 3.5 and 3.6 of vB

Any ideas are welcome.

and spare me for my bad English T_T.

GlitterKill
02 Oct 2006, 23:51
How about a sample link so we can test it out?

icare
03 Oct 2006, 02:47
demo please

deathemperor
03 Oct 2006, 05:57
This is a sample:

http://www.holvn.org/forum/showpost.html?p=89717&postcount=7064

There are 2 links in that post, one is remote.

hotwheels
03 Oct 2006, 06:37
wow, that's great stuff.........thanks

tansu
03 Oct 2006, 07:05
can we exclude a specific page from this hack?
I have a downloads page and I want to exclude it

deathemperor
03 Oct 2006, 07:07
that may be added in the future, I was thinking that too to give your allowed sites. Wouldn't be much of a problem.

tansu
03 Oct 2006, 07:15
that may be added in the future, I was thinking that too to give your allowed sites. Wouldn't be much of a problem.
That would be great then.
So just to make it clear for me, if I use this hack, will it prompt this (http://www.doctus.net/downloads.php?do=file&id=24) download for example. This is DownloadsII add-on. I think the links of the downloads are internal.. then it forwards to outside somehow:)

soulface
03 Oct 2006, 07:25
Ok Its not working...

uploaded interceptor.php to forumroot
edited includes/class_bbcode.php file
edited headinclude templates
imported the product...

But no result!

deathemperor
03 Oct 2006, 07:48
That would be great then.
So just to make it clear for me, if I use this hack, will it prompt this (http://www.doctus.net/downloads.php?do=file&id=24) download for example. This is DownloadsII add-on. I think the links of the downloads are internal.. then it forwards to outside somehow:)
I'm sorry but I can't read your language but I assume if the link redirect after it is pressed, there will be no problem at all.

@soulface: I coded this on my localhost, then installed in on my live board as a test for the installation and there were no errors. Can you check the instructions again ? I'd like to test it out on your board, just make a post with remote and none-remote links.

Snake
03 Oct 2006, 09:46
Thanks for this! :)

Kihon Kata
03 Oct 2006, 16:39
I'm still trying to figure out what the HE double hockey sticks, this does

transitbus
03 Oct 2006, 16:59
It adds a warning before going outside of your domain to an external link. This prevents the possibility of being duped into a phishing site.

Floris
04 Oct 2006, 11:55
Thank you for sharing this with us, nice idea and very cool taht you gave credit where due :D WoW ownz!! :D And trojans suck. So putting these together in a little nifty mod to help every site benefit from this: karma++

Good job

djtheropy
04 Oct 2006, 13:29
i recently made a post elsewhere about how to add security measures to my teen forums, you just provided me with the best answer yet :)
thx

deathemperor
04 Oct 2006, 19:37
hey Floris, tnx for your nice words. I'm glad that I can make hacks that help the boards :)

dcevoclub
05 Oct 2006, 15:02
so there is no way to specify which URLS are allowed, ie subdomains of my home URL? because users are getting this when their viewing links to other posts in the forums....

InTeNsE-HuMoR
05 Oct 2006, 22:42
Great mod, thanks for this. :)

ArabSQuad
05 Oct 2006, 23:53
umm so wat if some1 putted like .. fire fox download link .. it wont work right ? and just view that page ? ,, if it would work ( the firefox download link for example :D ) .. This hack would be greatest hack on earth :D

deathemperor
06 Oct 2006, 14:58
as I stated on the above posts, future version will allow you to input a list of allowed urls. But even without this, remote urls still work, the hack doesn't stop you from visiting those urls, it just warns you.

ChavMagnet
06 Oct 2006, 21:03
Works perfect but in you instructions you say in class_bbcode.php but dont give were its at took me 20 mins searching my ftp /includes/class_bbcode.php if anyone need to know thanks.

Preview :d with add effect
http://www.chavmagnet.com/interceptor.php

joh
06 Oct 2006, 23:36
For your next release, can you make it possible to turn this off by the user? Have them sign a waiver of some kind stating that they understand the consequences of accessing external link from your site and agree not to whole your forum responsible. This option could even go in the warning page. I for one would hate to see this each time I click on a link.

ChavMagnet
07 Oct 2006, 00:22
joh nice idea id love to see that also

murrtex
08 Oct 2006, 00:14
thanks for hack..
can we make selectable vbcode for example rmt tag for only this matter?

hal05
08 Oct 2006, 03:54
Works great, thank yoU!

Blackhat
08 Oct 2006, 11:16
Great. I've been looking for something like this for ages after I first saw it on americasarmy.com :)

CoreIssue
08 Oct 2006, 18:47
I love what this mod does.

But I installed it, uploading the file to root.

Nothing on 3.6.2. No errors. Nothing.

Double checked the edits and reloaded the product.

coffeeam
09 Oct 2006, 14:15
can this be set up for a specific forum? I have private boards where members have been approved by hand, so I am not that concerned about URLs posted there, but we also have public boards where people can sign up and post freely.

ztempuser
09 Oct 2006, 22:42
this is a great idea, it should be built into the next vb, many uses.
looks like deathemperor has a lot of work cuz all these ideas are great.
like
adding a list of allowed urls you set
adding a waiver where it can be disabled by user
make this enabled in x forums you give the number 2
a [rlp] bb code
great ideas, however im not going to install this just yet i will wait till i can make this only work in the forums i want, i have a forum on my site for links, this is a WONDERFUL add to that section, i haven't enabled that forum yet, im waiting for the Remote link protector next version:)

CoreIssue
11 Oct 2006, 16:45
I love what this mod does.

But I installed it, uploading the file to root.

Nothing on 3.6.2. No errors. Nothing.

Double checked the edits and reloaded the product.
Head scratch here.

Started working today.

Strange, but happy it is.

mrkhm
18 Oct 2006, 07:27
big up yourself!

deathemperor
18 Oct 2006, 07:50
For your next release, can you make it possible to turn this off by the user? Have them sign a waiver of some kind stating that they understand the consequences of accessing external link from your site and agree not to whole your forum responsible. This option could even go in the warning page. I for one would hate to see this each time I click on a link.
I will take this.

aquariumpros
22 Oct 2006, 14:51
Thanks again for a great Hack...!

Any news on anyone being able to set this up to check options on a per-user basis? What has been suggested to me on my board is a checkbox that would be able to be selected NOT to show this warning again (based on cookies).

Any ideas??

Thanks again!!

aquariumpros
23 Oct 2006, 19:53
Also - I just discovered that links entered within my PhotoPost Classifieds open like the following:

http://www.aquariumpros.ca/pp-classifieds/showproduct.php/product/interceptor.php?interceptedURL=http://www.silverstonetek.com/products-lc13.htm

Any idea what needs to be added and where to get this to work within PhotoPost as well?

Thanks in advance,

KiraLove
03 Mar 2007, 13:38
This didn't work for me, even the demo site example if I click on the offsite one it goes right to it with no warning or anything.

puertoblack2003
03 Mar 2007, 16:11
works great how can i get it when you hover over the link a small window pops up with url info

Scathefire
05 Oct 2007, 13:33
just had a random someone try to link my users to a bad site, is this mod still usable? Just reminding someone to be careful of where they are going would help a bit if they are not thinking when they click it the first time.

SCuN
03 May 2008, 19:40
great mod, install, works 3.7.0

MD_Hacker
05 May 2008, 21:06
Is this going to be updated?

Edit: There is an error when clicking on links that are placed in the signature area, any fix?

ArnyVee
11 Aug 2008, 03:02
Both links went to the pages without a warning or anything. Can anyone confirm that they have it working and show a working demo please?

SEOvB
11 Aug 2008, 04:55
BE sure to do the headinclude template edit as well as the class_bbcode.php file edit.

TalkVirginia
21 Oct 2008, 12:30
Anyone been able to get this to work for 3.7.3 as far as urls in signatures are concerned?
Seems to work fine with urls in the body of the message.

darkie79
05 Aug 2009, 16:42
Not trying to revive a dead thread here, but I got this working...what I need to know, is there a way to scrub all threads and convert regular urls to bbcode urls?

mknjhill
17 Apr 2010, 20:37
not working on my 3.7.3 either, it did when i was using 3.6.8, redid all the edits, uploads ect, nothing, just goes to the link.

edit: started working after a few minutes. weird.