Hello,

My idea would be to have the attachment system read the name of the file the user was uploading to the site and check to see if it is a VB script name. If so deny the upload explaining that you cannot attach VB scripts to the site.

I'm pretty sure this would be reletively easy to do and would help the moderators out tremendously. Sometimes mods don't catch the script being online in large threads for quite some time.

Just a thought. :)

in the control panel, under vbulletin options, click on the allowed file types. as a default, .vbs files are not accepted.

He means vBulletin scripts (eg newreply.php, postings.php), not VBScript :)

Exactly James

Only real problems with that as I see it is that people could still rename to eg newreply.php.txt.

Also some of the file names are very common (index.php etc) and blocking attachments of these could stop people attaching other files.

On a side note, if anyone does see threads containing full vB files please contact a moderator, either by email, ICQ, or using the 'report' link on every post.

Just don't allow attaching any .php files.. :)

exodus, I don't think so, .php files are pretty essential to some hacks and it's easier to just download them as is instead of renaming them from .php.txt.
And like James said, banning names like index.php or forum.php would hurt other members trying to attach these files.

We could put in a check for some PHP code in the file itself, but I can't think of any unique code only vB file have - and hacks don't.

What about

@error_reporting(7);

That is far from unique - that is included in all my scripts and many others as a matter of course. And vB Hacks that require their own files technically should have that as well.