vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   hacked myself into wonderful oblivion.. (https://vborg.vbsupport.ru/showthread.php?t=78901)

jilly 03-27-2005 05:26 PM
hacked myself into wonderful oblivion..
 
my board is fine - LOL - but I have recently hacked so much, and I am so sloppy about my recordkeeping, that I am going to cringe if a critical update comes out soon... :squareeyed:
But i can't help myself - I keep finding more and more useful things here...
they do make the board so much better!!

Now I fear upgrades.. LOL

Marco van Herwaarden 03-27-2005 05:41 PM
Just make sure you keep a list of all hacks installed, and their install files.

Oblivion Knight 03-27-2005 05:47 PM
https://vborg.vbsupport.ru/vborg_mis...installedhacks

^ This list is a life saver.. :)

sabret00the 03-27-2005 05:55 PM
i actually find upgrading to be easy, the only thing that holds me up is when code isn't commented properly so i have to use guess work in order to see what's hack and what's jelsoft code.

jilly 03-27-2005 06:30 PM
Hey OK, you were the one who also mentioned to me the 'show installed hacks' button here, which I had always overlooked before, and I use that now, it's a life saver!! I'm going to check the thread you posted too..

sabre, i try to comment but I forget, and i never remember where in the code I stuck stuff.. ugh..

tehste 03-27-2005 08:33 PM
you know adding hacks is such a security flaw... should a critical update comeout and you then re-hack the software you subsequently compromise a security fix. And it wastes all that effort...

Maybe VB.org should have a team of 'release moderators' or a self certified security rating for hacks.

Quincy Wisdom 03-27-2005 09:32 PM
Quote:
Originally Posted by zsdave

Maybe VB.org should have a team of 'release moderators' or a self certified security rating for hacks.
That would be nice...perhaps a seperate page for "Known Security Issues" for each modification...

AN-net 03-27-2005 09:32 PM
Quote:
Originally Posted by zsdave
you know adding hacks is such a security flaw... should a critical update comeout and you then re-hack the software you subsequently compromise a security fix. And it wastes all that effort...

Maybe VB.org should have a team of 'release moderators' or a self certified security rating for hacks.
most hacks wouldn't override a security fix and thats why most coders are urged not to use replace within their instructions.

Erwin 03-28-2005 03:59 AM
Quote:
Originally Posted by zsdave
you know adding hacks is such a security flaw... should a critical update comeout and you then re-hack the software you subsequently compromise a security fix. And it wastes all that effort...

Maybe VB.org should have a team of 'release moderators' or a self certified security rating for hacks.
This idea of hack review and rating has been discussed many times and is still under discussion, but not many people have the time to beta-test every single hack that is released here.

Marco van Herwaarden 03-28-2005 06:01 AM
And it would also in some way make us responsable for not found errors.

Guest190829 03-28-2005 06:40 AM
Maybe we can have it where it's not a requirement for vb.org staff to review hacks. But when a staff member tests a hack for security and there are no flaws it can be labeled as validated or something along those lines...

deathemperor 03-28-2005 08:31 AM
agree with Danny.

Vb.org staffs cannot test all of the hacks, but they can give the title "Verified" hacks, that would be nice.

Marco van Herwaarden 03-28-2005 08:51 PM
That wouldn't work in my opinion. You could label the hacks that you have tested (checked for security means you can not miss 1 line of coding), but in the view of the members all hacks without the Verified tag would be unverified and not trusted.

deathemperor 03-29-2005 09:28 AM
ok, great, I think just leave it there, the most popular hack can be insecure

Brad 03-29-2005 10:08 AM
It would take us forever to install and test every released hack, and then you want us to go over the code and find all the bugs? Do you relize how much that would hold up new hack releases?

It is up to the author to verify his code, bug test, and fix his security holes. This has been discussed for a long time and always ends up at the same place, not enough people for the project, and the ones willing have little free time as it is.

lasto 03-29-2005 10:40 AM
end of day if u want to be 100% secure - dont hack your board
we all know the risks involved so cant come screaming when something goes wrong.

tehste 03-29-2005 03:07 PM
Ok so on a good week 10 new hacks are released. So hypothetically a team of 10 or-so hack moderators could easily check through hacks with a delay as small as 24 hours. As for older hacks they could do with authors checking them through and then re-submitting. It wouldn't mean that vb.org endorse the hack they have just rated it...

twoseven 03-29-2005 04:37 PM
the only validated hacks imo should be regged vb.com all others use at own risk because i hack the hack alot of times so wouldnt make any sense to validate them

tehste 03-29-2005 04:56 PM
not validate but rate

twoseven 03-29-2005 05:06 PM
there is a rating function already 1-5stars

Erwin 03-29-2005 08:40 PM
Quote:
Originally Posted by deathemperor
agree with Danny.

Vb.org staffs cannot test all of the hacks, but they can give the title "Verified" hacks, that would be nice.
Take vBulletin for example - it's commercial code, and should be "verified", and yet, new security holes are found as hackers find new ways of hacking it.

There is no way we can find every single security hole in a hack - so making something "verified" is misleading, and can make vB.org legally liable for damages caused by a security loophole we might have missed.

neocorteqz 03-29-2005 09:54 PM
Quote:
Originally Posted by Erwin
Take vBulletin for example - it's commercial code, and should be "verified", and yet, new security holes are found as hackers find new ways of hacking it.

There is no way we can find every single security hole in a hack - so making something "verified" is misleading, and can make vB.org legally liable for damages caused by a security loophole we might have missed.
This is very true.

And seeing as vBulletin does not support Hacked boards, this in effect would be considered supporting them. IMHO.


All times are GMT. The time now is 04:44 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01069 seconds
  • Memory Usage 1,758KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (22)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete