Discuss Scratch
- Discussion Forums
- » Bugs and Glitches
- » The "@a" exploit
![[RSS Feed]](//cdn.scratch.mit.edu/scratchr2/static/__5b3e40ec58a840b41702360e9891321b__//djangobb_forum/img/feed-icon-small.png "[RSS Feed]")
![[RSS Feed]](http://cdn.scratch.mit.edu/scratchr2/static/__5b3e40ec58a840b41702360e9891321b__//djangobb_forum/img/feed-icon-small.png "[RSS Feed]"){kind=icon}
- The_Real_Coderdash
-
Scratcher
100+ posts
The "@a" exploit
My browser / operating system: ChromeOS 14541.0.0, Chrome 130.0.0.0, No Flash versions detected
So with yesterday's spam I found out that you can easily crash a page by copy pasting “@a” until you reach the character limit and then post the comment. This is what the spammers did to shut down my profile, even doing it once can cause the page to crash. Upon further research, @b, @c, @d, etc. do not do this.
DO NOT attempt to try to replicate this on someone else's profile, you may get banned
This, along with the “comment duplication glitch”, can ensure that even the strongest processing computers cannot access the profile in any way.
So with yesterday's spam I found out that you can easily crash a page by copy pasting “@a” until you reach the character limit and then post the comment. This is what the spammers did to shut down my profile, even doing it once can cause the page to crash. Upon further research, @b, @c, @d, etc. do not do this.
DO NOT attempt to try to replicate this on someone else's profile, you may get banned
This, along with the “comment duplication glitch”, can ensure that even the strongest processing computers cannot access the profile in any way.
Last edited by The_Real_Coderdash (Nov. 12, 2024 11:53:49)
- medians
-
Scratcher
1000+ posts
The "@a" exploit
The page doesn't crash for me, but starts loading things very slowly when I reach that person's comments.
- SheepsAhoy
-
Scratcher
53 posts
The "@a" exploit
what ends up happening probably just depends on your computer/OS, given chromebooks aren't known for their processing capabilities (my usage jumps up to around 25% just from moving the mouse around, so i'm not sure what that amount of links or whatever is causing the slowing would do to mine…)
- medians
-
Scratcher
1000+ posts
The "@a" exploit
what ends up happening probably just depends on your computer/OS, given chromebooks aren't known for their processing capabilities (my usage jumps up to around 25% just from moving the mouse around, so i'm not sure what that amount of links or whatever is causing the slowing would do to mine…)That's likely what's happening, but it does become very laggy for me (I'm not on a Chromebook)
- LaughabIe
-
Scratcher
100+ posts
The "@a" exploit
my best guess to why this happens is because scratch places a profile link for every single mention of a user, even if the user was mentioned multiple times. if you can fit 250 mentions of a single letter username, that’s 250 links in a single comment. on one comment. try to make comments until the page will want to request another page of them, and you can basically chog through your memory.
- snoopythe3
-
Scratcher
500+ posts
The "@a" exploit
My browser / operating system: ChromeOS 14541.0.0, Chrome 130.0.0.0, No Flash versions detected
So with yesterday's spam I found out that you can easily crash a page by copy pasting “@a” until you reach the character limit and then post the comment. This is what the spammers did to shut down my profile, even doing it once can cause the page to crash. Upon further research, @b, @c, @d, etc. do not do this.
DO NOT attempt to try to replicate this on someone else's profile, you may get banned
This, along with the “comment duplication glitch”, can ensure that even the strongest processing computers cannot access the profile in any way.
It might be because there is more to load causing it to take too long showing the following image:
https://10web.io/blog/wp-content/uploads/sites/2/2024/01/err-connection-refused.jpg
- PIXEL_BY_PIXEL_ERROR
-
Scratcher
100+ posts
The "@a" exploit
the ‘@a’ exploit was created by spammers back in 2023 to, well, spam someone profile, therefore overloading some of the RAM and crashing the website. If that doesn't happen, scratch still has to render the text and color it blue (well now it's purple), as well as making it clickable. However, a username needs to be 3 letters or longer, so scrach needs to do even more work.
- Voxalice
-
Scratcher
1000+ posts
The "@a" exploit
(#7)So far, this is the most correct explanation of this glitch I've seen.
my best guess to why this happens is because scratch places a profile link for every single mention of a user, even if the user was mentioned multiple times. if you can fit 250 mentions of a single letter username, that’s 250 links in a single comment. on one comment. try to make comments until the page will want to request another page of them, and you can basically chog through your memory.
However, there's something missing - the fact that Scratch automatically spaces usernames out.
That is to say, if you send “@user0@user1@user2”, it would send as “@user0 @user1 @user2”.
I believe something has gone horribly wrong with this automatic spacing feature, because when you type the same username more than once, Scratch inexplicably generates a bunch of empty hyperlinks.
So, if you sent “@hi @hi”, the HTML of the comment would be:
<a href="/users/hi"> </a><a href="/users/hi">@hi</a> <a href="/users/hi"> </a><a href="/users/hi">@hi</a>
<a href="/users/hi"> </a><a href="/users/hi"> </a><a href="/users/hi">@hi</a> <a href="/users/hi"> </a><a href="/users/hi"> </a><a href="/users/hi">@hi</a> <a href="/users/hi"> </a><a href="/users/hi"> </a><a href="/users/hi">@hi</a>
Putting “@a” 250 times back-to-back in a comment causes the comment to have 62,500 hyperlinks in it.
Now, imagine what happens when you spam comments like that…
(My browser / operating system: Windows NT 10.0, Chrome 131.0.0.0, No Flash version detected)
Last edited by Voxalice (Dec. 4, 2024 16:26:03)
- The_Insane_Creator
-
Scratcher
500+ posts
The "@a" exploit
62500 hyperlinks is only like 1 MB, so even 1000 comments could only take up 1 GB of memory, let me know if i'm wrong.(#7)So far, this is the most correct explanation of this glitch I've seen.
my best guess to why this happens is because scratch places a profile link for every single mention of a user, even if the user was mentioned multiple times. if you can fit 250 mentions of a single letter username, that’s 250 links in a single comment. on one comment. try to make comments until the page will want to request another page of them, and you can basically chog through your memory.
However, there's something missing - the fact that Scratch automatically spaces usernames out.
That is to say, if you send “@user0@user1@user2”, it would send as “@user0 @user1 @user2”.
I believe something has gone horribly wrong with this automatic spacing feature, because when you type the same username more than once, Scratch inexplicably generates a bunch of empty hyperlinks.
So, if you sent “@hi @hi”, the HTML of the comment would be:And if you sent “@hi @hi @hi”, the HTML of the comment would be:<a href="/users/hi"> </a><a href="/users/hi">@hi</a> <a href="/users/hi"> </a><a href="/users/hi">@hi</a>Now you can see where this is going.<a href="/users/hi"> </a><a href="/users/hi"> </a><a href="/users/hi">@hi</a> <a href="/users/hi"> </a><a href="/users/hi"> </a><a href="/users/hi">@hi</a> <a href="/users/hi"> </a><a href="/users/hi"> </a><a href="/users/hi">@hi</a>
Putting “@a” 250 times back-to-back in a comment causes the comment to have 62,500 hyperlinks in it.
Now, imagine what happens when you spam comments like that…
(My browser / operating system: Windows NT 10.0, Chrome 131.0.0.0, No Flash version detected)
- Voxalice
-
Scratcher
1000+ posts
The "@a" exploit
(#12)62,500 hyperlinks only take up 1.5 MB of HTML, but the browser still has to parse the HTML, store those links in memory, apply CSS, render the links, make them clickable, continue rendering the rest of the page, etc…
62500 hyperlinks is only like 1 MB, so even 1000 comments could only take up 1 GB of memory, let me know if i'm wrong.
Therefore, memory usage increases a lot more with each comment than you might initially think, especially in Chrome, which already uses up a lot of memory.
Last edited by Voxalice (Dec. 4, 2024 19:39:22)
- medians
-
Scratcher
1000+ posts
The "@a" exploit
(a bunch of stuff)I mean, this could be true, but the original post says that other letters don't do this. Can someone verify if that part is true?
Last edited by medians (Dec. 4, 2024 20:51:37)
- Voxalice
-
Scratcher
1000+ posts
The "@a" exploit
(#14)Well, the original post is wrong.(a bunch of stuff)I mean, this could be true, but the original post says that other letters don't do this.
In my testing, I was still able to reproduce this glitch with usernames like @h and @hi.
Last edited by Voxalice (Dec. 4, 2024 21:04:58)
- SCLF-Xingshu
-
Scratcher
100+ posts
The "@a" exploit
My browser / operating system: ChromeOS 14541.0.0, Chrome 130.0.0.0, No Flash versions detectedThey actually did on Yoshihome's profile, but the comments are now deleted.
So with yesterday's spam I found out that you can easily crash a page by copy pasting “@a” until you reach the character limit and then post the comment. This is what the spammers did to shut down my profile, even doing it once can cause the page to crash. Upon further research, @b, @c, @d, etc. do not do this.
DO NOT attempt to try to replicate this on someone else's profile, you may get banned
This, along with the “comment duplication glitch”, can ensure that even the strongest processing computers cannot access the profile in any way.
- Voxalice
-
Scratcher
1000+ posts
The "@a" exploit
(#16)Yeah, certain people have done it on griffpatch's profiles too. This is a very disruptive exploit.
They actually did on Yoshihome's profile, but the comments are now deleted.
- 2006kush2010
-
Scratcher
71 posts
The "@a" exploit
Not totally sure, but perhaps this is what's causing search to not work?
- Voxalice
-
Scratcher
1000+ posts
The "@a" exploit
I just tried to post “@a”, “@h”, “@uz”, and “@u ” a couple hundred times back-to-back (on my own profiles), and each time I got muted for posting “advertising, text art, or a chain message”.
Apparently, the filter now detects patterns of “@” and any string, which heavily reduces the impact of this exploit!
Hopefully, this patch will work until the Scratch Team can properly fix this bug.
Apparently, the filter now detects patterns of “@” and any string, which heavily reduces the impact of this exploit!
Hopefully, this patch will work until the Scratch Team can properly fix this bug.
Last edited by Voxalice (Dec. 5, 2024 22:42:58)
- BigNate469
-
Scratcher
1000+ posts
The "@a" exploit
the ‘@a’ exploit was created by spammers back in 2023 to, well, spam someone profile, therefore overloading some of the RAM and crashing the website. If that doesn't happen, scratch still has to render the text and color it blue (well now it's purple), as well as making it clickable. However, a username needs to be 3 letters or longer, so scrach needs to do even more work.Scratch doesn't have to render the color or make it clickable. Your browser does that for it.
- Discussion Forums
- » Bugs and Glitches
-
» The "@a" exploit