Hi
It recently came to my attention that majority if not all of the websites that are behind CF or Incapsula get their ip leaked by image retrievals (plus mail servers and so on..). Vbulletin has two methods, 1... retrieve by url and 2 upload from HDD. Option 1 is the offender and so the simple solution is to just remove all code of it from the template, wrong! You're still able to edit the HTML from your browser and inject the code which just nullifies this method.
The real way to fix would be to edit class_upload.php particularly the following uploadurl . One of the problems that I came across is even when attempting to remove any possible reference to uploadurl causes all uploading to break, so in the mean time i've just totally removed the file until a working fix is found.
Any suggestions on 100% stopping image retrieval from urls? It's a killer!
It recently came to my attention that majority if not all of the websites that are behind CF or Incapsula get their ip leaked by image retrievals (plus mail servers and so on..). Vbulletin has two methods, 1... retrieve by url and 2 upload from HDD. Option 1 is the offender and so the simple solution is to just remove all code of it from the template, wrong! You're still able to edit the HTML from your browser and inject the code which just nullifies this method.
The real way to fix would be to edit class_upload.php particularly the following uploadurl . One of the problems that I came across is even when attempting to remove any possible reference to uploadurl causes all uploading to break, so in the mean time i've just totally removed the file until a working fix is found.
Any suggestions on 100% stopping image retrieval from urls? It's a killer!
Comment