| Login filter for aliases as well? [message #16733] |
Mon, 16 February 2004 00:23  |
Olliver
Messages: 443
Registered: March 2002
Karma: 0
|
Senior Member |
|
|
I came upon this by playing around with my test installation. The login filter with its regexp capacity is a great help however it can be easily tricked:
Supposed "jerk" is considerred an undesired word on a forum
User X register as "harmless", because he already became aware of the filter. He then chooses "The admin is a jerk" as alias:
Result: Trolling around as "The admin is a jerk" despite "jerk" being in the filter. I know, aliases can be turned off, but that's not a satisfying solution. Would it be feasible to use the login filter for both login and aliases? This way it couldn't be bypassed any longer without the necessity of turning it off.
Olliver
|
|
|
|
| Re: Login filter for aliases as well? [message #16741 is a reply to message #16733] |
Mon, 16 February 2004 15:49  |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
Human creativity knows no bounds people seeking to bypass filters could always use spaces, l33t speak etc... to trick filters.
For example I could enter Adm1n is a j3rk or just plain j3rk and it would not trigger the filter.
FUDforum Core Developer
|
|
|
|
| Re: Login filter for aliases as well? [message #16743 is a reply to message #16741] |
Mon, 16 February 2004 19:05 |
Olliver
Messages: 443
Registered: March 2002
Karma: 0
|
Senior Member |
|
|
regarding spaces, underscores, dots or numbers you can create regexps like for instance:
f[ ._\-]{0,1}u[ ._\-]{0,1}c[ ._\-]{0,1}k[[:print:] ]+
But ok. One could use some more spaces and in the end you got such a wide scope that you lock out almost anyone. Maybe you're right in the sense that in critical environments aliases shouldn't be activated at all despite their usefulness in general.
Olliver
|
|
|
|
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]