Reply to: anyone heard of a guy named el_duder?

They could - one would hope that the forum software actually checks images that are uploaded for use as avatars though. Also, there's a limit on file size IIRC, so maybe it isn't practical to fit any meaningful exploit in there. Obviously that doesn't apply when a file from another domain is inlined.

True story: a few years ago, somebody submitted a story to Slashdot, which linked to an article on a web site that the submitter controlled about some nerdy topic like recent changes to the Linux kernel. The Slashdot editors figured the story was worthy, so they put it up on their site. However the submitter had a script serving the linked article; when it detected that the visitor was coming through the link on the Slashdot front page, it redirected them to goatse.cx instead

Probably the finest goatse trolling effort of all time, and a useful reminder that the resource at a URL on a domain you don't control can change unpredictably.

Could these carefully crafted viruses be put in a CUK avatar, like a chimpanzee say, or are they too small?

Is it possible for you to offend admin? I thought you were the golden boy who could do no wrong.

One point about banning inline images: as AtW points out, they are hosted elsewhere (although he's wrong to say that this absolves CUK of responsibility if they're inlined here).

You may also be aware that there have in the past been cases whereby carefully-crafted files served as images have exploited vulnerabilities to install malware, spread worms and trojans, and suchlike nastiness.

Given that a newly-discovered exploit of this kind could mean that you would find your machine totally pwned simply by viewing a thread in CUK in which somebody had inlined such a file, might we not be better off without them?

After all, if you follow the link to the pretty picture, that's your look-out and all the usual warnings about only visiting web sites you trust still apply. But do you really want a trusted site like CUK to serve you up, in its own pages, any old malicious content from Azerbaijan that some loon chooses to post as an inline image?

Telling a moderator to kiss your hairy arse is good one.

I reckon Bob Dalek is still around. I just haven't figured out which sockie yet.

It's dead easy...

Just help to test the swear filter and they'll soon get rid of you (a la DBA_Bloke, moneymoneymoney or myself), or write forbidden words in bright red, huge letters (a la Churchill).

It gives one an interesting perspective being on the outside looking in, to say the least.

I've never been banned either. Or been warned. I'm far to dim to work out how. ( see title ).

While I remember most things, that has definitely been lost in the mists of time!

Nope, can't recall and I certainly can't be @rsed to trawl old threads...

The Fry from Futurama avatar chap?

I would not know

Point is - those images in my view are still inappropriate: ban on inline images did not solve the issue at all, it's a knee jerk reaction (no offence admin).

It's confidential

Never mind that inline image stuff - I want to know what AtW and Cojak were up to

Removal of all images in the thread that was dedicated to adult stuff was the correct response, as well as threat to ban anyone who inlines those in the future. This site did not actually host the images - only had HTML inlined, the party that hosted actual images was the one that was liable for distribution, prompt action to remove THESE specific images would have been sufficient legally wise (IMHO of course).

Granted when such threats are received one wants a quick solution and I can see how admin decided to ban all inline images, but IMO thats wrong - links are still being posted to this stuff, do you think it's ok to have link to such images rather than just have them inlined?

As you can see ban on inline images did not address the actual root cause - posting of totally inappropriate content or links to such content on this forum.

Given the choice, I'd have banned images quickly, too - rather that than lose the whole site.