A New installer replaced the old one so you should not face any problems with database
NOTE :
People who were using vbimghost in vb 3.5.x and moved to vb 3.6.0 MAKE sure that you have vbimghost 1.4.1 Since this port will only support upgrading from that ver only
People who do a fresh install use this ver.
Requirements:
requires GD 2.0.1 or later (2.0.28 or later is recommended).
PHP ver 4.3.x or later (newer ver is better).
Introduction:
What does it do ?
VB Image Hosting is a similar feature to imageshak and photopoket and online free image hosting, but this is for your members. it will allow them to upload and host their images on your servers, you can still manage the permissions and set the number of files for each group.
Main Features:
Image hosting
Restrict # of file upload for each group
Allow/disallow group from upload
Restrict file uploaded based on file extension, dimensions and size
Users can manage their uploaded files
Users can set the view permission for each uploaded images
Admin can mange all members images
Admin can set the number of images/users per page.
Admin can mange images uploaded by the members
Admin can set the default upload permission
Thumbnail system admin can turn it on/off.
Allow multiple uploads.
Admin can set upload slots for each group
Admin can recreate thumbnails from admin cp
Fully using the phrase system.
Time required to install
1- 2 min max.
Update instruction :
Just replace the old files with the new ones and import the product file don't forget to select overwrite.
History:
1.0.0:
inital release contains everytverg in 1.4.1 ver.
1.0.1:
Fix security bug with delete image.
fix some minor mysql problems.
Download Tracking: 1.0.0 : 3886
Known Issues:
no known issues.
Screen shscreenshot.zip
screenshot.zip.
NOTE:
before you post any error here :
Set that path to your forums correctly in the vbimghost options.
if you getting the error ""supplied argument is not a valid"
that's because you didn't set the path correctly
And for all the people asking when is the next release it will be in 2007 not this month .. due to some problems in real life ..
URGENT ISSUES:
you may contact me on msn id : waiel[at]waieleid.com
replace [at] with @ ok? -_-
Sorry, for some reason I was thinking there'd be a change log here to show reasons for updating from 1.3.1 to 1.4.1 or this current version. Just realised 1.3.1 was for VB 3.5 and the changelog is in there ok.
Looks as though one of the mods was indeed to prevent non-image files being uploaded. I'd be grateful if someone could confirm this could well have been my problem but that this current version is safe?
Had a 3.6.4 forum hacked (as in Turkish hackers, not as in a deliberate VB mod) a couple of days ago with a hack called cmdhack, and there are some signs that it came in through a previous version of Image Hosting - version 1.3.1. I was looking here to see what the most current version is. I see 1.3.1 is outdated but I'm not sure if the recent updates change anything about security (if indeed Image Hosting was the way they got in.
The reason I think Image Hosting may have been the route in is because there were 3 new files appeared in the 'imagehosting' directory at about the time the site was hacked. There should only be image files and an index.html (with nothing in it) in there, but we had a new index file plus 2 php files. Couldn't open any of them by ftp for editing - access denied. We were able to delete the folder and replace it with a backup and the forums are up and running again now once we fixed the problem in the db - see below.
I'm still puzzled about how those files got there though. The Image Hosting feature is set to a) only accept jpg, gif, png, and bmp files. I've tried txt files etc and it won't accept them. b) only trusted members of the forum are enabled on the Image Hosting system - general public don't have permissions. All forums have HTML disabled.
I've disabled the Image Hosting hack from all users for now. I'd appreciate any thoughts on how this might have happened. Can a script be disguised as an image file? Could one of the trusted members have innocently uploaded what he thought was a clean image file but was actually the hacker's script?
I'd like to keep Image Hosting on the site because it's a terrific hack.
What happens with this cmdhack is that as soon as the forums try to load you get redirected straight to a page on the hackers site ('Turkish Hackers blah blah' rubbish).
If you do get caught with it, it's easy to get rid off as long as you have access to phpmyadmin:
Long story short ... the hack changed a couple of fields in the top level publicly accessible forum (the Category in other words). The Title field text was replaced with a refresh command and the description field had the URL details to the hackers page. As soon as the forums load the refresh/redirect command kicks you to the hackers URL after a second or two.
No new pages were added to the site - the 'You've been hacked' page was on the hackers remote site. Easy enough to fix by going into phpmyadmin, listing the 'forum' table and look for the forum that has the wrong info in it. Replace the hackers text with the correct text and off you go. You can't edit it in the admin cp because as soon as you try to list the forums in Forum Manager the redirect kicks in again.
Thanks
Wow. I wonder how files are checked before being uploaded. This is NOT good.
The funny part is that hackers don't even have to check to see who has what mods installed. LOL They just come here, look in these threads and then hammer us .
The funny part is that hackers don't even have to check to see who has what mods installed. LOL They just come here, look in these threads and then hammer us .
How can they, if you don't have your site's URL in the profile (which I do not, for that very reason)...
Very nice hack by the way!
But I'm unsure about installing this - maybe the developer can make a statement in regards to what oatsy said? That'd make my decision easier.
Warning: imagecreatefromjpeg(/home/user/public_html/imagehosting/145e6e6fc5ab1f.jpg) [function.imagecreatefromjpeg]: failed to open stream: No such file or directory in /includes/vbimghost_include.php on line 175
Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 176
Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 176
Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /includes/vbimghost_include.php on line 176
Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177
Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177
Warning: imagecopy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177
Warning: imagecolorallocate(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 189
Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 198
Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 199
Warning: imagestring(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 201
Warning: imagejpeg(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 209
Warning: imagedestroy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 210
these are the errors i am getting though the images are uploading ....and it happened when i edit the setting of the image host and uploaded i just increased the dimention and the image size.....
But I'm unsure about installing this - maybe the developer can make a statement in regards to what oatsy said? That'd make my decision easier.
The developer has not posted since early December 2006 and has ignored a PM I sent for support on this mod. My guess is that it is no longer supported.
Without knowing what file the hackers used and how the files got there, I think it's unfair to assume it was the cause of this mod, though I also respect the need for clarification on the mod's security.
I have tested my personal installation of this mod and am not able to upload a .php, .html or .htaccess file.
My guess is that the hackers hit oatsey some other way, and that the folder holding oatsey's hosted images has been CHMODED to 777 (all permissions to all groups) which in itself is a security risk. You're better off using 755. On a shared server, nothing should ever be world-writable with mode 666 or 777. Doing so can potentially allows other users of the server to change your files. A hacker may have uploaded a bona-fide image file through the mod and then hacked the file through the server, which is not a problem with the mod itself.
Of course, I have no proof of this, but in my experience, you cannot use this mod to upload anything other than images.
VB image Hosting Details »»
About Developer
Visit Web Site
DB Changes 
No support by the author.
02-26-2007, 10:20 AM
.
