Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
*Reads. Huh? Looks.*
The first one is from the news section of this plugin.
https://plugins.trac.ww.wp.xz.cn/browser/google-maps-easy/trunk/modules/supsystic_promo/views/supsystic_promo.php#L49
But I can’t find any instance of the http://updates.supsystic.com/?mod=options&action=saveUsageStat&pl=rcs in the source code.
*Installs plugin on test installation*
That’s weird. I still can’t find it. @supsysticcom what’s that from?
Hello.
Those links do not create any delay on server side. First of them – http://supsystic.com/news/main.html – as Jan noticed is for our news, and it load news only when you are on Overview page in admin area – http://prntscr.com/htwel3 . Second one – http://updates.supsystic.com/?mod=options&action=saveUsageStat&pl=rcs – is for sending stats to our usage statistics server (it help us understand our users needs and develop required functionality for our users), but it will load only and only if you enable this option in admin area – http://prntscr.com/htwfdz – and this option is disabled by default when you install plugin.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Second one – http://updates.supsystic.com/?mod=options&action=saveUsageStat&pl=rcs – is for sending stats to our usage statistics server
Where is that in the code exactly? And is it an opt in data collection?
Edit: Coffee. I see where it’s opt-in. But where is that in the code?
It’s hidden in code – because we had a brute-force attacks before we make it hidden to our statistics servers. It’s in modules/supsystic_promo/models/supsystic_promo.php – line 87.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
*Looks*
Oh jeepers.
https://plugins.trac.ww.wp.xz.cn/browser/google-maps-easy/trunk/modules/supsystic_promo/models/supsystic_promo.php#L87
because we had a brute-force attacks
I’m not on the plugins team and I don’t necessarily see any issue with the guidelines but could you please un-implode that URL?
Brute force attacks are/can/should be mitigated on the server level. Mildly obfuscating that URL is kinda not user friendly. If you hadn’t pointed it out then unless I did a line by line review I would not ever have found it.
Maybe I brute-force attach is not really quite right words, I mean problem when we had a lot of incorrect data sending to our server that broke our statistics. But ok, we will implode it and make it more obvious in code. Have a nice winter holidays!
-
This reply was modified 8 years, 5 months ago by
supsystic.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Hello @jdembowski,
Firstly, thanks for your support and great work.
I sincerely understand the external link for statistic purpose, but still we hope you may remove that since we always got security notification from server host even there is no security issue.
the network performance is really complicated in different country to access your statistic server and might cause stranger issue or delay.
http://prntscr.com/hvsgx2
Alex
-
This reply was modified 8 years, 5 months ago by
alexlii.
Hello alexlii.
In my prev. reply I explained that it will not work unless it’s enabled on your site:
“it will load only and only if you enable this option in admin area – http://prntscr.com/htwfdz – and this option is disabled by default when you install plugin.”
Please check if this option is enabled on your site, and if you have some problems with this – just disable it.
@supsysticcom
Thanks for your patient explanation and great support. 🙂
Alex
-
This reply was modified 8 years, 4 months ago by alexlii.
