|
11 Mar 2003, 12:53
|
#1
|
Guest
|
PHP Banners Work?
Ive noticed various PHP banners today
http://www.xanaducorp.net/sfh.php?na...492f80883e17de
being 1 of them that works.
Why do php banners work, this is just silly. Especially as it is obviously only used for tracking hits
Last edited by Dreadnought!; 11 Mar 2003 at 12:59.
|
|
|
11 Mar 2003, 12:56
|
#2
|
Guy next door
Join Date: Feb 2002
Location: The Netherlands
Posts: 4,745
|
*cry me a river*
__________________
..look
|
|
|
11 Mar 2003, 13:17
|
#3
|
Mr. Blobby
Join Date: Nov 2000
Location: Belgium
Posts: 8,271
|
11. As part of your Account, you can upload content to our servers in
various forms, such as in the selections you make for the Game and in
chat rooms and similar user-to-user areas and the Galaxy Banner
(collectively, your "Content"). Your Content shall not: (a) infringe any
third party intellectual property, other proprietary or
publicity/privacy rights; (b) violate any law or regulation; (c) be
defamatory, obscene, pornographic or harmful to minors; or (d) contain
any viruses, trojan horses, worms, time bombs, cancelbots or other
computer programming routines that are intended to damage, detrimentally
interfere with, surreptitiously intercept or expropriate any system,
data or personal information.
|
|
|
11 Mar 2003, 13:45
|
#4
|
Hamster
Join Date: Apr 2000
Location: Crewe, England
Posts: 3,606
|
tbh all the fuss about PHP banners is stupid. They do not allow you to track hits any more than any webserver software does. I can throw a static image up and still capture all the information that a PHP banner allows.
If they want to stop tracking then they should host the images themselves otherwise why bother stopping PHP use.
__________________
Wakey
PD and Suggestions Moderator
Co-founder of [F-Crew]
The Farnborough Crew
Cos anything else is just an alliance
Join our public channel at #f-crew
|
|
|
11 Mar 2003, 14:14
|
#5
|
ensign forever
Join Date: Jan 2002
Posts: 1,080
|
Make a script to download those banners every days at evening random times 15 to 20 times within 10 minutes. Will scare the **** out of them.
hAl
__________________
* Zeus recons a gal ic of yodo ontop of a roid saying "Steal my roid u will!"
|
|
|
11 Mar 2003, 14:25
|
#6
|
It was a Stupid Dream
Join Date: Jun 2002
Location: Winchester, UK
Posts: 2,077
|
Quote:
Originally posted by hAl
Make a script to download those banners every days at evening random times 15 to 20 times within 10 minutes. Will scare the **** out of them.
hAl
|
Better yet make a bot access em with the hostname <insert alliance here>.ATTACK.BOT.ORG
|
|
|
11 Mar 2003, 14:25
|
#7
|
Guy next door
Join Date: Feb 2002
Location: The Netherlands
Posts: 4,745
|
Nice tool if you want a certain galaxy/alliance/block to keep their fleets at home..
__________________
..look
|
|
|
11 Mar 2003, 14:40
|
#8
|
Raaaaaaaah!
Join Date: Apr 2000
Location: United Kingdom
Posts: 2,296
|
Quote:
Originally posted by SilverSmoke
*cry me a river*
|
Wonder would your reply be the same if it was http://www.furynet.co.uk/sfh.php?n...c492f80883e17de
__________________
Hicks
Mercury & Solace
Always [Fury]
|
|
|
11 Mar 2003, 14:41
|
#9
|
Guy next door
Join Date: Feb 2002
Location: The Netherlands
Posts: 4,745
|
*kneel down and kiss my feet*
__________________
..look
|
|
|
11 Mar 2003, 14:41
|
#10
|
Guy next door
Join Date: Feb 2002
Location: The Netherlands
Posts: 4,745
|
Quote:
Originally posted by SilverSmoke
Nice tool if you want a certain galaxy/alliance/block to keep their fleets at home..
|
__________________
..look
|
|
|
11 Mar 2003, 16:47
|
#11
|
The [Fury] of the [z0r]
Join Date: May 2002
Posts: 130
|
it doesn't matter.
php or static, I can still track you.
__________________
<@whoop> it was zik pds too...
<@Sugar> zik pds kicks ass
<@whoop> yeah
<@whoop> I know
#milo
|
|
|
11 Mar 2003, 17:18
|
#12
|
Shadow of the past
Join Date: Apr 2001
Posts: 39
|
Quote:
Originally posted by Leshy
11. As part of your Account, you can upload content to our servers in
various forms, such as in the selections you make for the Game and in
chat rooms and similar user-to-user areas and the Galaxy Banner
(collectively, your "Content"). Your Content shall not: (a) infringe any
third party intellectual property, other proprietary or
publicity/privacy rights; (b) violate any law or regulation; (c) be
defamatory, obscene, pornographic or harmful to minors; or (d) contain
any viruses, trojan horses, worms, time bombs, cancelbots or other
computer programming routines that are intended to damage, detrimentally
interfere with, surreptitiously intercept or expropriate any system,
data or personal information.
|
Error 1:
The galaxy banners are not uploaded to PA servers.
Error 2:
All the php banner can do is to extract information that is send as part of the TCP/IP protkoll and/or the HTTP header.
All this information can also be logged using static images.
__________________
karrde, Retired head of "Myrkrs roid liberation and smuggling Inc."
One OS to rule them all, One Passport to find them,
One OS to bring them all, And with the EULA bind them.
In the land of Redmond where the windows lie.
"...to leave the Elysium the dead had to drink from and travel beyond the River of Oblivion, Lethe, to once again return to the mortal realm..."
|
|
|
11 Mar 2003, 17:32
|
#13
|
Retired
Join Date: Feb 2001
Location: The Back Porch Bar
Posts: 2,593
|
It was my understanding that all galaxy banners will be hosted on the PA servers next round, so problem potentially solved?
__________________
I'd rather be fishing.
Utterly useless since r3
|
|
|
11 Mar 2003, 17:43
|
#14
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Quote:
Originally posted by whoop
it doesn't matter.
php or static, I can still track you.
|
Yes, you can extract the IP and referrer through your webserver prolly, as those are given in the HTTP header. But isn't it possible to track session variables with these PHP scripts? I think it is. What session variables does PA use? Do these vars contain sensitive information?
If there is any way to exploit these banners the PA team should close the hole.
__________________
"Yay"
|
|
|
11 Mar 2003, 17:50
|
#15
|
¯¯¯¯¯¯¯¯¯
Join Date: May 2001
Location: Sept 2057
Posts: 1,813
|
Everyone knows the best use for PHP banners is scaring people by putting their nick in the picture, like that one a few rounds ago.
__________________
in my sig i write down all my previous co-ords and alliance positions as if they matter because I'm not important enough to be remembered by nickname alone.
|
|
|
11 Mar 2003, 17:52
|
#16
|
Registered User
Join Date: Jun 2002
Posts: 48
|
Quote:
Originally posted by whoop
it doesn't matter.
php or static, I can still track you.
|
Yes, and it doesn't even have to be a static image just because the extension is gif and jpg. Shouldn't be too much trouble to hide a script like that.
|
|
|
11 Mar 2003, 17:54
|
#17
|
Shadow of the past
Join Date: Apr 2001
Posts: 39
|
Quote:
Originally posted by Structural Integrity
Yes, you can extract the IP and referrer through your webserver prolly, as those are given in the HTTP header. But isn't it possible to track session variables with these PHP scripts? I think it is. What session variables does PA use? Do these vars contain sensitive information?
|
If they are still part of the url, they could be seen in the referer.
But you can't do much with them as they change with every login, and there is as well a possibility of including a derferer in the galaxy browser of PA. Well, at leats it would not be any problem at all to write it.
__________________
karrde, Retired head of "Myrkrs roid liberation and smuggling Inc."
One OS to rule them all, One Passport to find them,
One OS to bring them all, And with the EULA bind them.
In the land of Redmond where the windows lie.
"...to leave the Elysium the dead had to drink from and travel beyond the River of Oblivion, Lethe, to once again return to the mortal realm..."
|
|
|
11 Mar 2003, 17:55
|
#18
|
Shadow of the past
Join Date: Apr 2001
Posts: 39
|
Quote:
Originally posted by TheShadow
Yes, and it doesn't even have to be a static image just because the extension is gif and jpg. Shouldn't be too much trouble to hide a script like that.
|
Yes, this can be done without much effort.
__________________
karrde, Retired head of "Myrkrs roid liberation and smuggling Inc."
One OS to rule them all, One Passport to find them,
One OS to bring them all, And with the EULA bind them.
In the land of Redmond where the windows lie.
"...to leave the Elysium the dead had to drink from and travel beyond the River of Oblivion, Lethe, to once again return to the mortal realm..."
|
|
|
11 Mar 2003, 18:32
|
#19
|
Käptn Karacho
Join Date: Nov 2000
Posts: 1,360
|
Quote:
Originally posted by xtothez
Everyone knows the best use for PHP banners is scaring people by putting their nick in the picture, like that one a few rounds ago.
|
ppl who don't use +x on the pa servers deserve no better.
__________________
at0mic.c0w - #strategy
|
|
|
11 Mar 2003, 19:07
|
#20
|
The [Fury] of the [z0r]
Join Date: May 2002
Posts: 130
|
Quote:
Originally posted by Structural Integrity
But isn't it possible to track session variables with these PHP scripts? I think it is. What session variables does PA use? Do these vars contain sensitive information?
|
Nope.
Per spec, session variables are only visible to the originating server.
This is really a non-issue.
-whoop
__________________
<@whoop> it was zik pds too...
<@Sugar> zik pds kicks ass
<@whoop> yeah
<@whoop> I know
#milo
|
|
|
12 Mar 2003, 04:49
|
#21
|
Registered User
Join Date: Feb 2003
Posts: 32
|
how to make lamers not worry about this non-problem:
Code:
ln -s my_php_galaxy_picture.php my_gal_pic.png
in Apache's httpd.conf
<Location "/my_gal_pic.png">
AddType application/x-httpd-php .png
</Location>
honestly, I have only used PHP gal pictures to auto-rotate/randomize the picture. However, couple rounds ago I did make a "Better Taget Picker" That looked at that galaxies members, and found better targets(ones with worse ratios) and gave the viewers of the picture a list updated in realtime It worked great untill they forced me to take it down.
-chip
__________________
Rounds 1-9
F-Crew since round 2.
#php, #scripting , #f-crew operator.
Last edited by The Chip; 12 Mar 2003 at 05:01.
|
|
|
12 Mar 2003, 08:59
|
#22
|
Inflate My Ego
Join Date: Jul 2000
Location: Hengelo, The Netherlands
Posts: 1,011
|
What's that got to do with it?
But anyway, it's DarkEvil's Small File Hosting system . Just for us Xanadu members to put up a few files. No harm done.
__________________
'Forever' said he. And then he was gone.
Who keeps an arrow in his bow,
And if you prod him, lets it go?
A fervent friend, a subtle foe –
— Scorpio
|
|
|
12 Mar 2003, 16:00
|
#23
|
Mr Sexable
Join Date: Sep 2000
Location: Manchester, UK
Posts: 338
|
Quote:
Originally posted by Scorpio
What's that got to do with it?
But anyway, it's DarkEvil's Small File Hosting system . Just for us Xanadu members to put up a few files. No harm done.
|
Shhh! Don't reveal the conspiracy!
Chip, that sounds rather ace, oh, and you can just use the rewritting engine in a .htaccess file for similar fun dodges. Without gal banner hosting they can never stop scripted banner images, as someone else pointed out.
__________________
Honour & Loyalty
|
|
|
12 Mar 2003, 16:24
|
#24
|
Registered User
Join Date: Feb 2003
Posts: 32
|
Quote:
Originally posted by Ahriman
Chip, that sounds rather ace, oh, and you can just use the rewritting engine in a .htaccess file for similar fun dodges. Without gal banner hosting they can never stop scripted banner images, as someone else pointed out.
|
mod_rewrite is heavy. Its not in by default. I don't like it that much. You can also put <location> directives inside .htaccess too
__________________
Rounds 1-9
F-Crew since round 2.
#php, #scripting , #f-crew operator.
|
|
|
12 Mar 2003, 17:13
|
#25
|
The [Fury] of the [z0r]
Join Date: May 2002
Posts: 130
|
Quote:
Originally posted by Ahriman
Code:
while (1 != 0)
{
printf ("Honour & Loyalty\n");
}
|
For infinite loops you could do better - while(1), or if you're trying to be funny, you could do while(1337), or while("forever")
I always find that for( ;; ) looks the coolest.
I suggest.
Code:
for( ;; )
{
printf ("Honour & Loyalty\n");
}
-whoop
__________________
<@whoop> it was zik pds too...
<@Sugar> zik pds kicks ass
<@whoop> yeah
<@whoop> I know
#milo
|
|
|
12 Mar 2003, 17:52
|
#26
|
Mr Sexable
Join Date: Sep 2000
Location: Manchester, UK
Posts: 338
|
I was going to do something like "while (!(true != false))" since it would make more sense in the context of what I meant while I was thinking... I'll change it now.
Didn't know you could put location directives in .htaccess, but tbh I know very little about .htaccess files :\
__________________
Honour & Loyalty
|
|
|
13 Mar 2003, 22:33
|
#27
|
IRC Lackey
Join Date: Aug 2001
Location: Somewhere in the dark and nasty regions...
Posts: 1,471
|
hmm
personally, i don't think PHP banners should be allowed, as they're a complete nuisance for one thing. If someone has a problem with a banner ingame, contact me about it and i will investigate, seeing as though it's my job this round.
__________________
-Mushroom.
"The power of accurate observation is commonly called cynicism by those who have not got it."
George Bernard Shaw
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
|
All times are GMT +1. The time now is 14:23.
| |