Limelight Forums
[SECURITY] Measures against ip-loggers - Printable Version

+- Limelight Forums (https://limelightgaming.net/forums)
+-- Forum: Community (https://limelightgaming.net/forums/forum-195.html)
+--- Forum: Announcements (https://limelightgaming.net/forums/forum-200.html)
+--- Thread: [SECURITY] Measures against ip-loggers (/thread-12097.html)

Pages: 1 2 3

[SECURITY] Measures against ip-loggers - Burnett - Aug 31, 2016

Good day community.

Today we have forced the forums into a new level of security. Due to recent events, you can no longer post images from foreign-untrusted sources. Malicious images can be used as a backdoor ip-logger, thus our forums will only allow trusted images.

If your signature, remote-avatar or forum-post contains an untrusted image, it will not be loaded.

So make sure to only use a trusted hoster for images.

Since we have carefully checked all image-hosters used on this forums, you shouldn't notice any issues.

Trusted hosters:
  • Discord (discordapp.com, discord.com, discord.gg)
  • Steam (steamuserimages...akamai, steamstatic.com, steampowered.com, steamcommunity.com, steamusercontent.com)
  • ts3index.com
  • Print Screen (prnt.sc, prntscr.com)
  • Dropbox (dropboxusercontent.com, dropbox.com, dropboxstatic.com)
  • vgy.me
  • puu.sh
  • photobucket.com
  • pinimg.com
  • tinypic.com
  • gravatar.com
  • tumblr.com
  • screenshot.net
  • aulod.com
  • cloudflare.com
  • imgur.com
  • giphy.com
  • wikimedia.org
  • gametracker.com
  • gyazo.com
  • speedtest.net


Want another one added? Feel free to suggest it below.

In addtion, we coded a link watcher.

Introducing the Limelight - Link watcher

[Image: 714rm03.png]

As with our image protection, non-trusted links will fire up a notice when you click on them.
An attacker could easily manipulate a link to have you forwarded to an ip-logger/bad site.

For example:

https://limelightgaming.net/forums/thread-12097

Now click on that link above and you will understand.

As you can see, links can be manipulated by adding a tittle on 'em.

While this is still possible, you will receive a notification and the real URL is printed.
It is up to you whether you enter that site or not.

Currently only *.limelightgaming.net is whitelisted to skip the notification. We might expand on this in the future. For now better be safe than sorry.


Please note:  We cannot protect you at 100%. Simply don't click on a link that might be masked as short-url.

Especially links such as goo.gl are used to redirect you to an ip-logger

RE: [SECURITY] Measures against ip-loggers - connbob - Aug 31, 2016

Sounds good but what about puu.sh? I use that for my screenshotting and I know quite a few others do aswell

RE: [SECURITY] Measures against ip-loggers - Project - Aug 31, 2016

Nice, but I think photobucket would not hurt anyone. (photobucket.com)

RE: [SECURITY] Measures against ip-loggers - Arch.B - Aug 31, 2016

Its for the best so meh good work!

RE: [SECURITY] Measures against ip-loggers - Burnett - Aug 31, 2016

Added:

*.photobucket.com
*.pinimg.com
*.dropboxusercontent.com
*.steamstatic.com
*.tinypic.com
*.puu.sh

RE: [SECURITY] Measures against ip-loggers - Burnett - Aug 31, 2016

People might ask "Why whitelist instead of blacklist?"

Well. The problem with a blacklist is: Someone could use a free webspace service to upload an malicious script with an embedded ip-logger and mask it as an image. Then the person could use that image on forums. It would be much harder to collect bad sites than whitelisting good ones

RE: [SECURITY] Measures against ip-loggers - H4MZ4 - Aug 31, 2016

What about prntscr.com I forgot what their short link is but it's another screenshotntool

RE: [SECURITY] Measures against ip-loggers - evilmat360 - Aug 31, 2016

Could we have vgy.me? As that's my go to site for ShareX screenshots

RE: [SECURITY] Measures against ip-loggers - Jompe - Aug 31, 2016

Requesting https://dl.dropboxusercontent.com

EDIT: Does not work, even with the link on the whitelist.

RE: [SECURITY] Measures against ip-loggers - L=I²=Am³ - Aug 31, 2016

Who knew people living in basements could do so much damage..

RE: [SECURITY] Measures against ip-loggers - thefaketaco - Aug 31, 2016

I'm not even gonna say anything bad against the guy, if he has my IP I don't think he would have a problem DDOS'ing me for the next year if I talk shit

RE: [SECURITY] Measures against ip-loggers - Burnett - Aug 31, 2016

Added

prntscr.com
prnt.sc
dl.dropboxusercontent.com
vgy.me

RE: [SECURITY] Measures against ip-loggers - Bambo - Aug 31, 2016

Short-url's can be checked from https://www.checkshorturl.com/ incase someone with no malicious intent uses a short-url

Also, someone can mask the link, make it look like something and link it somewhere else like this www.google.com so do be careful to that. It was already said in the thread but there's no harm in repeating a safety measure

RE: [SECURITY] Measures against ip-loggers - evilmat360 - Aug 31, 2016

If you ever encounter a goo.gl link that you don't know what is for, add a + to the end to view the analytics that includes the original URL.

RE: [SECURITY] Measures against ip-loggers - Arch.B - Aug 31, 2016

You might want to add limelightgaming.net...