Loading...
> >

Dead link in reply notification

Joe CotterJoe Cotter Posts: 3,259
edited June 2016 in Technical Help (nuts n bolts)

I received an email that appeared to be a forum notice that I clicked on that brought me to the whole 'log in' scenario we are all familiar with. Well, it ends up that once logged in, the email didn't go to any forum discussion page but rather redirected to my account page. Upon copying the display text "http: / / www.daz3d .com/forums/discussion/comment/1284186#Comment_1284186" rather then the link, I got a 404 'page not found' error message (spaces inserted to force the forum software to not treat this as a url.)

Luckily, I have no credit card information saved. I also immediately went back separately and changed my password.

This does highlight the problem with the whole login/forum issue where people click on a forum link then end up having to log into their account to access the link. It is very vulnerable for this type of attack.

Addendum: The post in question was supposedly by Caravelle 6 hours ago in the "Flash Sale Alerts" forum. Checking that timeframe, there was no post by Caravelle showing in that forum.

Post edited by Richard Haseltine on

Comments

  • WendyLuvsCatzWendyLuvsCatz Posts: 38,204

    It happens when posts are hidden

  • Joe CotterJoe Cotter Posts: 3,259

    It would be nice if that is all that it was, that a post was hidden and it therefore dumped me out to my account page. However, the potential vulnerability is a bit disconcerting.

  • Joe CotterJoe Cotter Posts: 3,259

    The header file of the message says <[email protected]> but gmail says it can't verify daz sent the message and that it is not encrypted using tls. It also says the same 'header/can't verify' about a post from Charlie Judge which does show up in the forums.

  • Lissa_xyzLissa_xyz Posts: 6,116

    I get redirected to my account page when logging in from the forums all the time. Caravelle's post may have also been one that had gotten deleted.

  • Joe CotterJoe Cotter Posts: 3,259
    edited June 2016

    I should clarify, this wasn't just a redirect right after I logged in but a redirect anytime I clicked on said url in email address. It may be what Sad said earlier though, that this redirect also happens with a hidden/deleted post.

    It still also leaves the issue that gmail is complaining it can't be sure the email came from daz3d which I don't ever remember seeing before.

    Post edited by Joe Cotter on
  • WilmapWilmap Posts: 2,917

    I get several e-mails like this. Link takes you to a 404 or log-in page. They are probably harmless.

  • ChoholeChohole Posts: 33,604

    As has been stated by most people here, this is something that happens when Posts are removed from a thread and hidden from view.   Because they are now in a part of the site which is not accessible by normal members they throw up the redirection to your account and the 404 from the actual link. There is no vulnerability, it is just a bit annoying. is all.

    We have always said that nothing is deleted from the forums, merely moved elsewhere.

  • Richard HaseltineRichard Haseltine Posts: 100,792

    Edited subject line since this wasn't a hack or vulnerability but the correct behaviour in resposne to a valid email.

Sign In or Register to comment.