vb.org Archive - Weary of installing

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- ibProArcade Archive (https://vborg.vbsupport.ru/forumdisplay.php?f=174)

- - Weary of installing (https://vborg.vbsupport.ru/showthread.php?t=178180)

Jase2

05-05-2008 08:44 AM

Weary of installing

Someone who had this installed (MajorGeeks) have completely removed the arcade due to exploits. Spam through emails.

You either need to provide a fix, or completely remove this. In the meantime, I'm moving to the other arcade.

http://forums.majorgeeks.com/showthread.php?t=158698

Quote:

Originally Posted by Major Attitude

No problems, someone exploited a hole and the problem has been solved, basically the arcade has been removed. It is the repeated cause of many exploits, apparently the author can't keep up, so it is removed. Your account info is secure and not realted.

Quote:

Originally Posted by Major Attitude

Yes, we have had security issues on this forum 3 times I can remember. All 3 were arcade exploits. It is the reason we moved the forums to their own servers (to not compromise the main servers) and the reason we must now completely remove it. Sorry.

Gladius2007

05-05-2008 12:19 PM

I'm awaiting the official response to this issue... can't afford to install mods with known vulnerabilities, no matter how good they are.

MrZeropage

05-05-2008 07:15 PM

Security was checked twice by vb.org staff and some other testers including myself, I don't see any single point how to use ibProArcade for mailsending/spamming or having any serious security-issue.

I assume they used the latest release v2.6.6+

Yes, in old releases prior to v2.6.0 there where some problems which all have been fixed a long time ago now.

Jase2

05-05-2008 09:02 PM

Look:

Quote:

"it was fairly specific to a certain game this time around"

Games are exploitable.

Quote:

It's also notable that people were finding these in their spam box. The games can be exploited and our emails compromised. It happened. That can't be denied.

This needs looking at.

Holfy.com

05-05-2008 09:09 PM

I have the arcade installed on a few sites (all over 150 games). I shall be now asking if anyone has started to receive any emails in their "Spam" inbox. I have had runs in the past where I get members to report games that don't submit high scores and they get removed

So far I have had no problems but if a member happens to confirm this issue then, i REALLY DON'T WANT TO, I will have to remove arcade (ONLY FOR NOW!!!)..

I will also report any negative responses back here. If there are none there will be no responses.

Cheers for this heads up!

Philipp

05-06-2008 11:36 AM

MrZeropage:
Please check your PMs for more details and a fix

Jase2

05-06-2008 02:48 PM

Thank you Phillip! :)

Hope the new, patched version is released soon...

MrZeropage

05-06-2008 06:01 PM

update is coming within the next minutes :)

Jase2

05-06-2008 08:58 PM

Thanks, Zero.

Gladius2007

05-06-2008 09:52 PM

Excellent, thanks.

While on the subject of security, is there ANYWHERE where one could legally download any game packs from a trusted source that would check the legality of the games included?

I'm NOT asking where to get these games illegally (everyone knows as pretty much every arcade I've seen has thousands of them installed). I'm asking if there is any website that offers packs of legal games to download where the authors have consented to have the games included in the pack.

If not, that's more than a little sad.

jacx	05-07-2008 06:14 PM

never ever had any spam issues.

However i have had games try and redirect users offsite...not really the arcade at fault, its down to the games installed.

How to deal with..simple, did a thread explaining the issue, users pointed out the games in question, deleted the games in question.

started with 2000 games, now have 1664 games... simple really!

MrZeropage

05-07-2008 06:20 PM

@Gladius2007:
There is an AddOn coming soon from micheal332001 which offers games ect. including an auto-installer ect. stay tuned for this, I already had a preview :)

@jacx:
ibProArcade v2.6.7+ has some more security included about gamearchives that may contain malicious files, codes ect. but still no chance for games that contain bad code inside the game itself, right

Gladius2007

05-07-2008 06:33 PM

Quote:

Originally Posted by MrZeropage (Post 1511892)

@Gladius2007:
There is an AddOn coming soon from micheal332001 which offers games ect. including an auto-installer ect. stay tuned for this, I already had a preview :)

That's great, I'll be on the lookout for that, hope it comes soon.

Jase2

05-07-2008 08:17 PM

MrZeropage, you owe Phillip a huge thanks -- he spent his own time to find a huge security hole, that could of been costly. :)

EDIT: Shame you couldn't even thank him. Disgrace in my opinion.

All times are GMT. The time now is 04:59 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01012 seconds Memory Usage 1,742KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (14)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: