Disappointing Behaviour

Last time some of our intrepid forum users noticed an exploit in the way signatures are handled. Many of you realized this exploit could be used maliciously. Some of you took the time to report this to VEX via various channels. I want to thank everyone who took the time to report the issue in a positive way.

Unfortunately some of our users reacted in the exact opposite way, choosing to use this exploit in malicious ways to “hack” these forums. Let me say that myself, along with the leadership of VEX Robotics, are incredibly disappointed in our community this morning. Despite only a few people being responsible for this action, we are well aware that many others were aware of who did this, and were enjoying watching the damage being inflicted. Perhaps I’m a victim of my own optimism, but I thought the community here at VEXforum.com was better than this. I guess I was wrong.

Let me be clear in stating that anyone found responsible for these actions will receive a permanent ban from VEXforum.com, along with possible repercussions for any affiliated VRC teams. We are taking this matter very seriously.

1 Like

Last night was very disappointing. Not being allowed to reply to anyone because of being redirected was annoying. I have lost most of the respect that I had for this community as I expected much more from everyone here.

I’ll admit I was sure the forum would be unusable for days. I was incredibly impressed with vex reacting and their IT department’s quick solution to keep the forum running. I would hate to see whole teams punished for the immature actions of a single individual but that is part of what being on team means.

Hopefully we get some decent forum signature plug in soon that isn’t running blindly whatever it sees.

Sorry but I never heard about this. What was happening?

same here, and the way it was worded threw me off? Not sure what exactly happened

It was discovered that HTML code could be used in signatures (which had recently been enabled). By using certain HTML codes, or inserting Javascript into this HTML using the tag, users were capable of using XSS to deface different pages of the forum. Some users used this capability maliciously, wreaking havoc on the forum for a reasonable amount of time. Some users contacted Karthik and/or other members of the VEX team, and the signature plugin was (possibly temporarily, maybe permanently) disabled to ensure that the misuse did not continue.

Don’t throw the baby out with the bath water. I’m sure it was a small number of people that took part in this incident. The majority of forum users, I imagine, are respectable folks.

35 year old white male robbed a bank…does not equal…all 35 year old white males rob banks.