Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
VB image Hosting Details »»
VB image Hosting
Version: 1.0.1, by Ranma2k Ranma2k is offline
Developer Last Online: Oct 2017 Show Printable Version Email this Page

Category: Major Additions - Version: 3.6.0 Rating:
Released: 08-08-2006 Last Update: 04-10-2007 Installs: 1108
DB Changes Uses Plugins Template Edits
Additional Files  
No support by the author.

VB Image Hosting Version 1.0.1

This is the port for my hack to vb 3.6.x
check it for vb 3.5.x here

A New installer replaced the old one so you should not face any problems with database

NOTE :
People who were using vbimghost in vb 3.5.x and moved to vb 3.6.0 MAKE sure that you have vbimghost 1.4.1 Since this port will only support upgrading from that ver only
People who do a fresh install use this ver.


Requirements:
  1. requires GD 2.0.1 or later (2.0.28 or later is recommended).
  2. PHP ver 4.3.x or later (newer ver is better).

Introduction:
What does it do ?
VB Image Hosting is a similar feature to imageshak and photopoket and online free image hosting, but this is for your members. it will allow them to upload and host their images on your servers, you can still manage the permissions and set the number of files for each group.
Main Features:
  • Image hosting
  • Restrict # of file upload for each group
  • Allow/disallow group from upload
  • Restrict file uploaded based on file extension, dimensions and size
  • Users can manage their uploaded files
  • Users can set the view permission for each uploaded images
  • Admin can mange all members images
  • Admin can set the number of images/users per page.
  • Admin can mange images uploaded by the members
  • Admin can set the default upload permission
  • Thumbnail system admin can turn it on/off.
  • Allow multiple uploads.
  • Admin can set upload slots for each group
  • Admin can recreate thumbnails from admin cp
  • Fully using the phrase system.
Time required to install
  • 1- 2 min max.

Update instruction :
Just replace the old files with the new ones and import the product file don't forget to select overwrite.

History:
1.0.0:
  • inital release contains everytverg in 1.4.1 ver.
1.0.1:
  • Fix security bug with delete image.
  • fix some minor mysql problems.
Download Tracking:
1.0.0 : 3886


Known Issues:
no known issues.

Screen shscreenshot.zip
screenshot.zip.


NOTE:
before you post any error here :
Set that path to your forums correctly in the vbimghost options.
if you getting the error "
"supplied argument is not a valid"
that's because you didn't set the path correctly

And for all the people asking when is the next release it will be in 2007 not this month .. due to some problems in real life ..



URGENT ISSUES:
you may contact me on msn id : waiel[at]waieleid.com
replace [at] with @ ok? -_-

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #562  
Old 02-26-2007, 10:20 AM
oatsy oatsy is offline
 
Join Date: Aug 2005
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry, for some reason I was thinking there'd be a change log here to show reasons for updating from 1.3.1 to 1.4.1 or this current version. Just realised 1.3.1 was for VB 3.5 and the changelog is in there ok.

Looks as though one of the mods was indeed to prevent non-image files being uploaded. I'd be grateful if someone could confirm this could well have been my problem but that this current version is safe?

Thanks
Reply With Quote
  #563  
Old 02-28-2007, 02:54 PM
digital3 digital3 is offline
 
Join Date: Feb 2007
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by flypaper View Post
^You people (or your host) are doing something wrong. It isn't the hack...

Well, It's my server but if you see any reason why I get a blank page after trying to upload images here I am all ears
Reply With Quote
  #564  
Old 02-28-2007, 03:07 PM
digital3 digital3 is offline
 
Join Date: Feb 2007
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Never mind I fixed it. The memory limit in php was set too low.
Reply With Quote
  #565  
Old 02-28-2007, 03:34 PM
fly fly is offline
 
Join Date: Oct 2003
Posts: 1,215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by oatsy View Post
Had a 3.6.4 forum hacked (as in Turkish hackers, not as in a deliberate VB mod) a couple of days ago with a hack called cmdhack, and there are some signs that it came in through a previous version of Image Hosting - version 1.3.1. I was looking here to see what the most current version is. I see 1.3.1 is outdated but I'm not sure if the recent updates change anything about security (if indeed Image Hosting was the way they got in.

The reason I think Image Hosting may have been the route in is because there were 3 new files appeared in the 'imagehosting' directory at about the time the site was hacked. There should only be image files and an index.html (with nothing in it) in there, but we had a new index file plus 2 php files. Couldn't open any of them by ftp for editing - access denied. We were able to delete the folder and replace it with a backup and the forums are up and running again now once we fixed the problem in the db - see below.

I'm still puzzled about how those files got there though. The Image Hosting feature is set to a) only accept jpg, gif, png, and bmp files. I've tried txt files etc and it won't accept them. b) only trusted members of the forum are enabled on the Image Hosting system - general public don't have permissions. All forums have HTML disabled.

I've disabled the Image Hosting hack from all users for now. I'd appreciate any thoughts on how this might have happened. Can a script be disguised as an image file? Could one of the trusted members have innocently uploaded what he thought was a clean image file but was actually the hacker's script?

I'd like to keep Image Hosting on the site because it's a terrific hack.

What happens with this cmdhack is that as soon as the forums try to load you get redirected straight to a page on the hackers site ('Turkish Hackers blah blah' rubbish).

If you do get caught with it, it's easy to get rid off as long as you have access to phpmyadmin:

Long story short ... the hack changed a couple of fields in the top level publicly accessible forum (the Category in other words). The Title field text was replaced with a refresh command and the description field had the URL details to the hackers page. As soon as the forums load the refresh/redirect command kicks you to the hackers URL after a second or two.

No new pages were added to the site - the 'You've been hacked' page was on the hackers remote site. Easy enough to fix by going into phpmyadmin, listing the 'forum' table and look for the forum that has the wrong info in it. Replace the hackers text with the correct text and off you go. You can't edit it in the admin cp because as soon as you try to list the forums in Forum Manager the redirect kicks in again.

Thanks
Wow. I wonder how files are checked before being uploaded. This is NOT good.
Reply With Quote
  #566  
Old 02-28-2007, 04:00 PM
digital3 digital3 is offline
 
Join Date: Feb 2007
Posts: 60
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The funny part is that hackers don't even have to check to see who has what mods installed. LOL They just come here, look in these threads and then hammer us .
Reply With Quote
  #567  
Old 02-28-2007, 04:38 PM
Been Told Been Told is offline
 
Join Date: Oct 2006
Posts: 131
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by digital3 View Post
The funny part is that hackers don't even have to check to see who has what mods installed. LOL They just come here, look in these threads and then hammer us .
How can they, if you don't have your site's URL in the profile (which I do not, for that very reason)...

Very nice hack by the way!
But I'm unsure about installing this - maybe the developer can make a statement in regards to what oatsy said? That'd make my decision easier.
Reply With Quote
  #568  
Old 03-01-2007, 12:51 PM
dip1232001 dip1232001 is offline
 
Join Date: Apr 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Warning: imagecreatefromjpeg(/home/user/public_html/imagehosting/145e6e6fc5ab1f.jpg) [function.imagecreatefromjpeg]: failed to open stream: No such file or directory in /includes/vbimghost_include.php on line 175

Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 176

Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 176

Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /includes/vbimghost_include.php on line 176

Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177

Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177

Warning: imagecopy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177

Warning: imagecolorallocate(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 189

Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 198

Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 199

Warning: imagestring(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 201

Warning: imagejpeg(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 209

Warning: imagedestroy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 210
these are the errors i am getting though the images are uploading ....and it happened when i edit the setting of the image host and uploaded i just increased the dimention and the image size.....
Reply With Quote
  #569  
Old 03-02-2007, 02:53 AM
Merriweather Merriweather is offline
 
Join Date: Nov 2006
Posts: 389
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Been Told View Post
But I'm unsure about installing this - maybe the developer can make a statement in regards to what oatsy said? That'd make my decision easier.
The developer has not posted since early December 2006 and has ignored a PM I sent for support on this mod. My guess is that it is no longer supported.

Without knowing what file the hackers used and how the files got there, I think it's unfair to assume it was the cause of this mod, though I also respect the need for clarification on the mod's security.

I have tested my personal installation of this mod and am not able to upload a .php, .html or .htaccess file.

My guess is that the hackers hit oatsey some other way, and that the folder holding oatsey's hosted images has been CHMODED to 777 (all permissions to all groups) which in itself is a security risk. You're better off using 755. On a shared server, nothing should ever be world-writable with mode 666 or 777. Doing so can potentially allows other users of the server to change your files. A hacker may have uploaded a bona-fide image file through the mod and then hacked the file through the server, which is not a problem with the mod itself.

Of course, I have no proof of this, but in my experience, you cannot use this mod to upload anything other than images.
Reply With Quote
  #570  
Old 03-02-2007, 09:27 PM
EvilLestat's Avatar
EvilLestat EvilLestat is offline
 
Join Date: Oct 2006
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

QUITE nice. Thank you VERY much for such an excellet hack.

This has made my forums very happy.
Reply With Quote
  #571  
Old 03-02-2007, 10:32 PM
OffRoadManiac OffRoadManiac is offline
 
Join Date: Nov 2006
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

will this work with 3.6.5?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:42 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05840 seconds
  • Memory Usage 2,330KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (4)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete