vbBux & vbPlaza Removal
 

Thanks for letting me know of the exploit, but now vb.org have removed the mod altogether from vb.org, I have no idea what files I must remove off my server and what changes I can revert to already modified templates.

When removing a hack, is it not advisable to leave a list of the files and where they would normally be uploaded to as well as the instructions for install / uninstall?

Well you should really keep a history of changes theres actually a built in feature that allows you to I guess basicaly take a snap shot of the before.... Just a suggestion for future installs. And I still have the complete install files I'll up the read me just reverse your steps.




http://rapidshare.com/files/15151802/readme.txt.html

Sorry I do not usually use RapidFire I hate it but my normal host are doing upgrades to the software and server. I normally use http://www.mediafire.com

Well hope this helps you out.

Can you send me the read me or attach it to this thread for the install please if you don't mind. I do keep a history, in my installed hacks section on vb.org....

so whats wrong with vbbux its hackable or something? What other options are there besides icash??? For the latest version of VB?

That's much appreciated, thankyou. :up:

Can you let me know what files went where so they can all be removed? Thanks again.

mmm what kinda exploit detected there ?

been long time we r on vbux..
removing it will be a reason of huge qus from users

I think just disabling it will be enough.

You can disable the modification & use it again when someone provide a fix :). Why you want to uninstall as that 'll remove every data?

Not worth the risk to be honest, and i've only in the last week installed it on the site. I used to run it on another but got fed up of the template changes, etc when a new vb came out, so to be honest i'd rather just get rid.

It's a good hack, just too many things to mess with when there's an update to the forums, etc....

Artificial_Alex reported an exploit which we investigated and confirmed - not only that but the investigations revealed other exploits in the code as well. As per our policy on such matters, the modification has been removed until such time as the holes are fixed.

I know why you don't want to reveal the exploits but could you post it in the private coder discussion so other coders can help fixing it?It is a great hack and I believe everybody wants it back as soon as possible

I agree, it would help if we knew the exploits so we could help fix or patch it.

Maybe in the future, these threads could be closed so that only the people who clicked install and the author can view it. This way, new people can't download it but people with it already installed can see about fixing it.

Unfortunately if you announce it i suppose you automatically open all customers who might not have had a chance to disable it, open to be exploited.

If members cant use the hack(sine it is disabled) then there would be no risk that I can think of.

Just update the templates manually. That is what i do when there is a new release. It doesnt usually require much effort.

So, is a good idea then when a hack is removed, at least the uninstall features for the mod are still listed? That way, people can remove a problem modification and the files from the server?

Sorry but no, we will not reveal details of the exploits.

But the staff is fixing it right?I think Brad fixed the shoutbox as it is widely used.

No...the protocol says the staff may fix if it time is granted. With the shout box, it was just fortunate that it was fixed by a staff member.

Unfortunately they did a bad job with it, making more bugs.. making Zero Tolerance stop releasing on vBulletin.org

They ?

We've already been down this road in another thread, it doesn't need another discussion here, please stick to the current topic.

Sorry.. But another thread? May i have linkage.. i can't see.. im not stirring things up, im just wandering as i know him quite well (Scot)

And that sucks... although i have never used it, its a shame.. such a good mod to go to waste

So wait I dont understand if I keep using vbbux will my site get hacked?

Top X stats also fixed by one of vb staff......

why not vbux ?
this too pop mod...for vb

FYI .. The Developer has returned and is looking into this issue. See the Premium Forum for updates.

Is there been a fix announced?

No but someone has posted a "possible" fix.

So has anyone got any information on what files need to be removed from my server?

cmx returned ?

woha good news indeed

lets watch premium forum

They all start with vbPlaza in the name. Check Admincp,includes,modcp,plugins,vbplaza(obviously huh:p ) and vbplaza.php in the forum root.

If you look in the premium support section there is already a partial(non confirmed by CMX) fix. So I would wait. If the plug in is disabled or deleted users cant use the plaza anyways so i dont see why it it so necessary to delete the scripts. Also if you delete the plug in this would erase all the database tables concerning vbplaza disabling the plaza as well.

The staff are not here to fix broken/exploited modifications, occasionally one may do so if they have the time (or use the mod themselves) but that's all. Fixing is the responsibility of the author.

Well I hope this gets fixed as this was the main reason I choose vb in the first place. I need this points system or something like it but not as simple as icash I may have to move eh..

All we can do is hope to see a fix soon :)

%

anyone have any word on this??

O YES!.. this is a confirmation from OUR SITE!.
some user PMD me of a donation they sent and it said nice site!

then I noticed the site was in shambles and turned off!
so i UPLOADED the day befores database back up and removed vbplaza completly!.

yea i had a problem as well i got a bunch of points donated from a user saying alert cookie and after that memebere reported popus in the vb plaza with a bunch of numbers in it so i removed it as well

Wow this sucks alot!!! can the staff at least tell the coder the problems with the mod/plugin? I totally understand its not good to release it to the public but telling the actually coder of the mod isnt effecting anyone and if it does it will be a benefit for all of us..

The author is obviously informed of the exploit, it would be a bit hard asking them to fix it if they weren't.

no one should be mad at staff, staff here dose a good job, they arent even required to tell the creators antyhing. it should be the creators responbility to check on his or her product, but thanks to the great staff here they go the extra mile.

as far as problems go i would like to thank the staff for removing this as it has stopped problems form occuring and may have just saved my site and youre who knows.

so in my conclusion thanks staf for removing and be responisble people to inform us and also people the staff has alot on their hands so dont expect them to fix other peoples mods and or hacks

No one got mad to staffs..

but what does ur word mean? If the dont inform to the author ,then they need not to inform to the user too.

Both is same.

If the hacker is not looking to exploit others, he/she would have gone to the authors site and messed it up with the exploit:up: