Why? Because a number of users do not wish to have the install button forced upon them. I always click install if I am using something, but as I have previously mentioned, I don't just install on my site and yet all the installations go onto my account here.

Also, the method does not always work. There are certain requirements that must be achieved in order for it do so. Therefore, it would be just as inaccurate, if not worse, than the install button we currently have.

• It would no longer be forced..
• If you always click install, then you wouldn't need to anymore
• What requirements???
• If the script worked, it would be HIGHLY accurate

If you created something, wouldn't you want an accurate measure of how many people were using it or how popular it was?

You are, of course, free to disagree - but I'm still right :p

It's all old news now, so I'll just agree to disagree with you. :)

I just wanted to say that I've uninstalled every hack on my site and won't be installing anything else until it is known that no hack will have any code in that may harm my site, transmit any form of information about me, or do anything other than the function that I install it to achieve.

I might be relatively new here, but I still support the people who make the hacks by clicking install.

Don't forget just because there is a rule against something doesn't mean that something won't still happen! I don't think this site or any other site will ever be able to give you an absolute assurance that a hack won't have some code that may harm your site and/or Members.

If you are very concerned I would suggest you PM the Members whose hacks you used to have installed and ask them directly if they have any hidden functionality.

But don't forget one of the very good things about hacks from here is that they are in a way "open source" in the sense that anyone can review the hack's code. And it's obvious many of the coders take an active interest in the code of other coders so I think it's quite unlikely that any hack that has malicious hidden functionality will go unspotted for any length of time.

The few I have done are safe as well as most others on here now. If you have any concerns or questions regarding the hacks you would like to install, please feel free to PM me with your concerns and I will check to make sure there is nothing there that will affect what you want from the hack. ;)

That will be very helpful. Thank you for offering to do that.

I will send you a PM with a list on shortly.

I'm sure that you can understand my concerns.

Maybe not saying what hacks are affected by this problem is a mistake, but even if there are reasons for not saying so at present, perhaps an email to people who have installed those hacks would just be common courtesy.

Hi, i noticed the two comments on my vbsoccer, and due to the thread title, i just want to clear that i am not monitoring the stats neither my stats would be harmfull anyway, but rather all i wanted was not to disclose my feeds.
Now to be honest, i dont even know why i have shared this , all i get now is either trust questioning or suspecion of my intentions here and there.
My suggestion regards my vbsoccer is a moderator to delete the whole thread since i cannot do it myself, regards

never noticed this with hacks I have been using on my boards or tested, but thanks for clarifications..

haven't noticed that either, maybe cause I'm not using many of 3rd party hacks lately.. but thanks for heads up anyway.

When I read the first post my first thought was someone put a backdoor in a hack. The post reads like a virus warning. The first post does indeed scream "doom and gloom"
Having said that no person should install any hack without first looking through the code. You want to do this to make sure the code is secure and doesn't contain any backdoors. In all honesty you shouldn't be installing hacks if you have no knowledge of php. While I have trust in the authors of the hacks here it would be very easy for one of them to put in a backdoor that would give them control of your forum or your whole server.

This is true. I think maybe we should create some sort of "verified" system. When we upload attachments, they are marked as unverified (but still downloadable). Then maybe have a team that goes around and checks newly uploaded or updated attachments for unsafe code. Once it's passed the check, display a "verified" badge on the attachment.

why was my post deleted? was it too real for you

That sounds like an excellent idea!

Ironically, this is the idea I put forth quite some time ago... Unfortunately, it was not accepted. :( Maybe now is the time to rethink.

It is a very good idea.

But it also has been suggested (members and within Staff) many times before, and it was in some way even implemented once (not as far as really putting verified or not).

It always failed because there are no volunteers that want to go through all the submitted code (and every time an update is done). This is not only a huge task, but what if you verify a source, and later to find out you missed some nasty code somewhere, are you/we liable?

There are many aspects to this, but maybe it is the right time now to give it another try.

i think we have a right to know.. for our own security..

So is that to say if there is a bug in the vBulletin software the public announcement should be, there is a bug or backdoor in the software. We are not going to say which verision, but don't worry, we are counting on hackers to be good?

Not agreeing with Paul on this one is absurd. The hacks in question should have been used to mass notifiy the hack users. That cloak and dagger announcement was completely irresponsible. That's why it's imperitive to click install. The staff should be using these resources. This could have been handled much better with tools that already exist.

that's what they do at phpbb.com. They, of course, also have the hacks database. Sad to say they are way ahead of vB.

if you suggested this and it was denied, then they need to look again. As I said, phpbb.com has had this system implemented for quite some time now, as well as a hack database. Being a free software, it's a shame that they are so far ahead of vB in that regard.

Noppid, there is a procedure in place to deal with security problems in a mod. So, the existing system would be used in that case.

This was a case of some mod authors using code that is in poor taste but was not technically against the rules. The rules have now been updated and I'm sure the mods will follow through and update users and remove the offending code after the deadline.

I totally agree.

will you post a list of all the infected hacks? I never hit install (mybad) so im gonna need a list

IMO, if you lack the respect to Install, you lack the deservingness to be given a list.

But thats just MO.

I very much doubt a list will be given to anyone - and I would imagine that most of the mods being discussed were updated to reflect the new policy anyway.

I just recently learned of the install button :confused:

My apologies. You said 'I never hit Install'.

That means .. well, never. :)

Wow, this sucks donkeycocks! :confused:

Please hire someone who looks through the code of released hacks.

:tired:

*edit*

Whoops, wrong thread. :o

Uh, GamePusha, let's go through some logic here :D
1. You never use the install button.
2. The affected code clicked the install button without the user's permission.
3. In your usercp, there is a list of all the mods you have clicked the install button for.

So, logically if there are any mods showing up in that list for you, they were ones that used the code. Click uninstall on them if you are really cheesed off. Problem solved ;)

well, we are currently hiring a lot of new staff members :)

What the bloody hell is going on around here?

1. Why would any programmer give a damned about getting credit for the install? Two reasons come to mind. The first is ego and there is no accounting for that. The second is the ridiculous method used to choose Hack of the Month nominees. Get rid of that. Nominate hacks based on merit, not clicks. Oh yeah, and subject every nominee to a code review. Kind of like the way NASCAR does vehicle inspections.

2. I'm sick of the way VB.Org either is or isn't independent of Jelsoft, depending on what they need at the moment. Pick one. Either admit to being a momma's boy or cut the freaking apron strings, but don't play it both ways.

3. Coders are the life's blood of this place. Every user needs to appreciate the hell out of them. They develop code because THEY need it and happen, out of the kindness of their hearts, to make it available to us too. Bee damned greatful. When you have a problem, make an effort to fix it yourself, if you can and post the fix - if you are able. If not, don't PM them. Post in the release thread so that the 100 other people that have the same problem can get the fix. AND BE PATIENT. None of them are full time professional VB developers and celebate PHP monks. They have lives, jobs and families that need the occasional care and feeding.

4. Somebody better get a handle on this site pronto. The snail pace of development of VB and the inability to deliver the years-ago promised vbCMS isn't why VB is the best damned message board for the money. VB.Org and the ability to customize my site to what I need is the real reason. But I see that reason slipping away. Not just this thread but several others show this place in near shambles. The Bush administration is run better with less controversy. This is a site that CANNOT exist without coders. When you run them off hiding behind rules and make mountains out off molehills, then YOU are doing something wrong, rules be damned.

I'll get off my soapbox now. Talk among yourselves.

I fully agree to that. To point 1 maybe it would be a good idea to make it if somebody is downloading a hack it will be counted automatically as a install.
Also give every coder the title "super master of the universe coder" :)

What if someone didn't click "install" because they simply forgot to & not because they were trying to be slick or something?

Absolutely. I bet some people are holding off installing hacks until they know.

I guess the thing I don't understand is why some coders didn't mention that they did this in the readme files? Doesn't the person installing the hack have the right to know what exactly they're uploading onto their site? Why be sneaky about it if it's just "nothing"?

I didn't know about this "install" issue until I read this post. I haven't installed any hacks yet & it looks like I won't be until this list is finally let out in the open.

That sounds like a fantastic idea.

I also agree with some of what FASherman.

VBulletin.org is Jelsoft.

If vb.org doesn't release the hack names to protect the users who failed to press [install] then you are not doing your job. I'm not sure it was said officially but if my board is compromised because some debilated coder thought he had the right to slip some backdoor code past my security then watch out.

Some people who come here are not simple Joe Blows with a forum full of jibber jabbers some people actually have serious data to protect. If you are telling me that I have no right to know what code was compromised then I will take the initiative to show vb.org how serious things can get.

simple said, don't mess with peoples companies and money by playing the blame game. There is no way some coders integrity will come before the information on my site.

I will contact the individual who posted this thread the fuse short and my associates will not mess around with this situation at all.

Well said.

Can you say "class action"?

The IBM pSeries Users Groups forums run vBulletin with some modifications from this site. Be ready for an excrement storm when I inform their sysadmin that they have potential backdoors but have no right to know.

Way OTT

Exactly! ;)

There are/were no "backdoors", perhaps you should re-read the original message.