Enrive[a / b / biz / c / co / g / gg / global / k / lit / Movies / mu / nsa / pc / pol / sci / toon / tv / x]

Suggestions - /gg/[Catalog][Board FAQ]

[?]


TopBottom
Image Thumbnail

>Your anonymous ID must have been active for at least 2 days and have at least 25 posts before you can post on general boards. New users must first post at /newchums/. Please click here to be redirected to the new users board. https://ccluster.com/newchums Ya might want to update that to enrive.org from ccluster.com

>>

>>7459 my bad for posting marky nudes thought she was 19 in those pics anyhow, AnonymousID/Benefits is showing >You have 250 posts and 452 active days Why can't I post with that account?

>>

>>7460 yet i can still report spam with that account I'm assuming my active days have a 2 day punishment..

>>

Took me a while to figure that one out fucker. I finally went to newchums and filled in the captcha >Your anonymous ID has been banned until: 2018-07-15 19:48:30. Until then, your post count will effectivelly be treated as having no more than 1 posts. Additionally, Your anonymous ID actual post count was penalized by: 10%. >Reasons for this may be: posting illegal images, malicious doxing, disruptive spamming, reporting posts where it was clear no illegal content/spam existed. >effectivelly Did you mean effectively? Pleb

>>

>>7459 This stuff should be on the front page. The front page STILL doesnt have a direct link to the rules and FAQ

>>

>>7467 This is on purpose, if you can't bother to lurk for 5 minutes and figure this shit out, you don't need to be posting here.

>>

>>7468 disagree

>>

some people are too stupid

>>
Image Thumbnail

>>7459 Just so you know, this is still a problem Gaddy.. >screenshot shows the link to ccluster, in the lower left corner, when my mouse is hovering over the link on the page you get when you try to make a post on any board other then newchums without enough days/posts with a new Anon ID..

>>
Image Thumbnail

>>7472 A whole new version of enrive's internal coding is coming soon and that will be fixed then

>>
Image Thumbnail

>>7473 >implying Gad is still alive Dead meme is dead chum

>>
Media deleted

>>7474 it´s real

>>
Image Thumbnail

>>7475 Is you gonna release a copy of the code so we can make our own Masterchans?

>>
Image Thumbnail

Gad, I just noticed that images from the sekrit board are showing up on curious wtf....

>>
Image Thumbnail

Help me understand the &Masterchanuser tag in the url.. >be me >bored >click on the twitter link on the top right corner of the screen >you haven't tweeted in 2 years >search twitter for enrive.org >pic related I click link and see: >Redirect Notice >The previous page is sending you to https://ccluster.com/?c&m&p&t&o&of=379&MasterChanUser=i7joa3kpb61asc0vl94f8fmfi2.

>>
Image Thumbnail

>>7478 >i7joa3kpb61asc0vl94f8fmfi2 So each user has a cookie with this string attached to their activity, and google is tracking it? Am I on to something here?

>>
Media deleted

>>7476 I intend to, perhaps when we are more solidified and also once I feel my code is finally professional enough to be shared. I'm scared of someone using it and making a fake site that pretends to be about free speech and anonymity, takes the traffic from us through marketing rather than actual features. Once people out there have a better understanding of how we work and why we are different I'd feel safer releasing it. I also gotta comb it for exploits a bit more myself before releasing,l since pretty much everything in the code was changed compared to previous versions, so it will be a while. >>7477 This will be fixed in the new version too, the current way secret boards work are a hack. I'll probably make so anyone can make a secret board, but keep sekrit on >>7479 >>7478 Yes, masterchan user is a cookie, I have no idea why you are getting it on your URL, weird

>>
Image Thumbnail

>>7480 >masterchan user is a cookie I looked at a free website vulnerability scanner website.. >https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner# >pic related >Insecure HTTP cookies >Cookie Name Flags missing >MasterChanUser Secure >Risk description: >Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel (plain HTTP) if such a request is made. >Thus, the risk exists that an attacker will intercept the clear-text communication between the browser and the server and he will steal the cookie of the user. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session. >Recommendation: >We recommend reconfiguring the web server in order to set the flag(s) Secure to all sensitive cookies. >More information about this issue: >https://blog.dareboost.com/en/2016/12/secure-cookies-secure-httponly-flags/.

>>
Media deleted

>>7481 Thank you. As I recall from the old code, some cookies are secure while others are not, if I am correct so javascript can have access to the unsecured ones. For example, the cookies for auto updating a thread are not secure, since it is not sensitive information and javascript needs that access But I'll review them as I keep finishing the new code. It may be that HTTPS only cookies and javascrpit access cookies are completely two different settings either, and maybe all cookies should be HTTPs only




Update 5