Thread: Integration with vBulletin - Flashchat Integration for vB 3.6
View Single Post
  #97  
Old 09-05-2006, 09:23 AM
trilOByte's Avatar
trilOByte trilOByte is offline
 
Join Date: Nov 2001
Location: England
Posts: 325
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Paul M
@trilOByte, I have edited the inaccuracy from your previous post, despite it being made clear that this mod in no way contributed, your post inferred it was..
Paul, I think you misunderstand me. Your mod has been excellent for my site, it has worked well and I can see no flaws in it. I do totally understand that your mod and tufats script are two different things.

That's not my point.

From my point of view, they come as a package. Like many others, I installed tufats script because of your excellent mod but your mod does need tufat's script to work. I'm not blaming anyone and I'm not looking for someone to moan at. But the fact remains that the package on offer here (your totally blameless mod + tufats flawed script), had or has a stinking great security hole in it.

Now I'm not sure if simply removing one file from the CMS's is going to plug the hole - I hope it does. But having spent the last 2 days running round chasing hackers off my server, I'm not inclined to place too much faith in that.

I hope the newer package from tufat is secure. If it proves to be in time, I will probably put you excellent mod back on my site, but for now, it (tufats script) consitutes too much of a risk. There are mixed messages on the forums. I've read in one thread that the kiddies were logged running a search for other files in the tufat installation. I dont know why, or if they are vulnerable, but the possibility that they might be, seems to exist.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01139 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete