Is this true that by installing some of the mods, hacks that are posted at this forum, the security of the forums is compromised? And that it becomes easier for some hacker to hack the forums (if he/she knows that such and such hack is installed).


I was told this by someone today. That if you install hacks and mods then a hacker can hack your vb forums just becuase the original code is altered?

Is this true that by installing some of the mods, hacks that are posted at this forum, the security of the forums is compromised? And that it becomes easier for some hacker to hack the forums (if he/she knows that such and such hack is installed).


I was told this by someone today. That if you install hacks and mods then a hacker can hack your vb forums just becuase the original code is altered?

That sounds like someone trying to scare you. however...

The fact is the code you use is only as secure as it was designed to be. Installing third party mod have a chance of opening your forums up to security issues. Just because you installed a mod doesn't mean there is a now some secuirty issue, however it doesn't mean that there isn't one either.

The vBulletin current working verisons of vBulletin (3.5.2 3.0.11 2.3.8) are SECURE as of this post. That doesn't mean in 3-4 months some php or browser security issue might popup that we will fix, if not in vB itself.

Adding third party code, esp if you are not a coder, can open you up to alot of problems.

Its a tricky subject. But, mod and use mods at your own risk.

Thanks Zachery for your reply.

I haven't installed any mods or hacks other than the ones posted here at vbulletin.org. So I assume they will be safe to use or not always?

So far I have only installed some signature mods, to limit the singatures and 1 BB-code which I found here.

I assumed that it would be safe to use them, and nothing like the guy told me would be possible. That someone hacking the forums because a mod or hack is installed.

I am not a coding guru, so I only have some knowledge of php. But still the knowledge I have of php and other programming languages, that was enough to tell that the guy is trying to scare us. You confimred my doubt here.

This guy threatened us that he be made the tech admin of our site as he is a much more suitable person for the job. Which actually in turn nullified him ever getting any important position in the team.

I think if you wait some time for installing a new released mod and don't install betas and have an eye on your installed mods (subscriptions) you will be on the safer side.
The most coders here install by themself a lot of mods and have an eye for security risks (I think) and never heard about a hacked forum caused by a mod here.

I was told this by someone today. That if you install hacks and mods then a hacker can hack your vb forums just becuase the original code is altered?

If the person who wrote the hack is not knowledgable about security or making sure that their code is secure there is high potential that your forums could be compromised. It is unfortunate, but a fact of installing hacks to any kind of code.

The vBulletin current working verisons of vBulletin (3.5.2 3.0.11 2.3.8) are SECURE as of this post.

That statement is misleading - they are believed to be secure, they may infact have significant vulnerabilities at the time of your post (which of course the vendor may not know about).

That statement is misleading - they are believed to be secure, they may infact have significant vulnerabilities at the time of your post (which of course the vendor may not know about).Since we can't look into the future, they are secure based on the present. I understand what you are saying though.

Pcparts,
Don't assume something is safe just because it is on vb.org.
Leaving HTML on can open up your board to problems, so I'm told.
I believe there was a security issue with someone's shoutbox that led to sites being hacked and redirected.

Hacking and changing your vbulletin structure can cause forum vulnerability.. thats obvious
Several times holes were discovered not in vbulletin itself but in mods and addons..
Try to install only mods from long time hosted coders , and tested hacks

this is related more with hacks that requires files changes.. not plugin based

Hacking and changing your vbulletin structure can cause forum vulnerability.. thats obvious
Several times holes were discovered not in vbulletin itself but in mods and addons..
Try to install only mods from long time hosted coders , and tested hacks

this is related more with hacks that requires files changes.. not plugin based

Plugins can have the same effect, along with any files that directly access the database (eg: any file that includes global.php)