The Arcive of Official vBulletin Modifications Site.

Boofo · #41 03-03-2008, 11:00 PM

Yes, we see enough of Nexia as it is.

iogames · #42 03-04-2008, 12:25 AM

Hopefully the Pentagon install vB as soon as possible!

Quote:

Pentagon: China trying to hack U.S. computers
WASHINGTON (CNN) -- The Chinese military continues to increase spending on efforts to break into U.S. military computer systems, expand its Navy, and invest in intercontinental nuclear missiles and weapons to destroy satellites, according to the latest U.S report on China's military power.

Last summer, a cyber-attack on Department of Defense computer systems took down the e-mail capability of hundreds of staffers for weeks, but the Pentagon still will not comment on who initiated the attack. It is widely believed among the military to have been the Peoples Liberation Army.

http://www.cnn.com/2008/US/03/03/pen...ef=werecommend

Dream · #43 03-04-2008, 05:03 AM

My site was "hacked" this year. My super moderator used the forum on a lan house and they got his password and deleted the whole forum. If it wasn't for Paul's daily backup mod I was screwed, blessed be him. But there's not much I can do about that. It freaked me out though, as I had never been hacked before. And I'm not using lan houses anymore too.

--------------- Added [DATE]1204614885[/DATE] at [TIME]1204614885[/TIME] ---------------

Actually I think Paul should quote my message in his mod release, I think that would be a good idea.

Stifler · #44 03-04-2008, 05:43 AM

3 simple rules:
1) dont give ANYONE permission to physically delete
2) keep your vbulletin patched/up-to-date
3)trust no one
-don't run brand new plugins without letting the community test it out and view the code first
-dont add moderators simply cause they ask to become one (if that wasn't obvious)
-if you don't want to pay the hired help.. change the passwords.

bulbasnore · #45 03-04-2008, 02:36 PM

Quote:

Originally Posted by legionofangels

What can we do?

Bro,

What the OP is suggesting is 'how it's done', the good guys get together and share info. I belong to a couple such groups in other domains.

If you don't personally have the skills, then hang around such a group, and you could still pick up something valuable within your skill level.

As mentioned ... best coding practices, general safeguards, security mods. These protect your site like a locking bar on your steering wheel protects your car. It keeps the casual thief/defacer out, and steers the professional thief to an easier target.

There is not really a central place to discuss those on these forums. I think vB is seemingly not a full disclosure shop, and their sensitivity on that score may prevent them from fostering such a forum.

Wise as serpents, gentle as doves, yah?

See you there or in the air,

'snore

punchbowl · #46 03-04-2008, 04:52 PM

Quote:

Originally Posted by Stifler

3 simple rules:
1) dont give ANYONE permission to physically delete
2) keep your vbulletin patched/up-to-date
3)trust no one
-don't run brand new plugins without letting the community test it out and view the code first
-dont add moderators simply cause they ask to become one (if that wasn't obvious)
-if you don't want to pay the hired help.. change the passwords.

I say make this a sticky in the new forum!

magnus · #47 03-04-2008, 06:30 PM

Let's be honest, would it really matter? I'd say a large majority of the vBulletin owners here are the "click-and-play" types, who understand as much about security as they do quantum mechanics. They indiscriminately install modifications with no regards as to server load, hook conflict or, yes, even security. Most people who get "hacked" are asking for it. They're generally the forum with the more modifications installed than members.

How can one really be secure without understanding the priciples behind why what they currently have is inherently insecure. At best, you would have a forum of security suggestions where people would simply peruse the thread looking for various step-by-step instructions on how to do something -- not even understanding why it is they're doing what they're doing. I just see the whole thing as a wasted effort, really. vBulletin.org does a decent enough job of trying to keep hacks with security risks under wraps and out from public consumption -- that's really all you can ask for.

You want to be truly secure? Don't run a site. You want to be relatively secure? Run a default vBulletin installation. I'm not trying to be a prick, I'm just being honest.

iogames · #48 03-04-2008, 07:31 PM

Quote:

Originally Posted by magnus

Let's be honest, would it really matter? I'd say a large majority of the vBulletin owners here are the "click-and-play" types, who understand as much about security as they do quantum mechanics. They indiscriminately install modifications with no regards as to server load, hook conflict or, yes, even security. Most people who get "hacked" are asking for it. They're generally the forum with the more modifications installed than members.

How can one really be secure without understanding the priciples behind why what they currently have is inherently insecure. At best, you would have a forum of security suggestions where people would simply peruse the thread looking for various step-by-step instructions on how to do something -- not even understanding why it is they're doing what they're doing. I just see the whole thing as a wasted effort, really. vBulletin.org does a decent enough job of trying to keep hacks with security risks under wraps and out from public consumption -- that's really all you can ask for.

You want to be truly secure? Don't run a site. You want to be relatively secure? Run a default vBulletin installation. I'm not trying to be a prick, I'm just being honest.

So you have never been hacked? honestly..?

magnus · #49 03-04-2008, 07:58 PM

Quote:

Originally Posted by iogames

So you have never been hacked? honestly..?

To what degree? Have I suffered data loss due to an exploit? No, never.

Regardless, what does this have to do with the issue at hand? The current state of security of my own personal sites has nothing to do with a public discussion/repository for security related topics. If any of my sites are compromised, I can immediately reference my logs, find out what happened, and either patch the exploit or take it offline for further review.

Could you say the same?

My point being, a vBulletin-focused security discussion isn't inherently a bad thing -- but it's not going to accomplish what many think it will. If you want to keep up to date on security issues, subscribe to Bugtraq. Consider getting a basic grasp of PHP, so you can skim through the multitude of hacks before installing to look for basic security risks -- such as unsanitized inputs. Be proactive.

iogames · #50 03-04-2008, 08:17 PM

Quote:

Originally Posted by magnus

My point being, a vBulletin-focused security discussion isn't inherently a bad thing -- but it's not going to accomplish what many think it will. If you want to keep up to date on security issues, subscribe to Bugtraq. Consider getting a basic grasp of PHP, so you can skim through the multitude of hacks before installing to look for basic security risks -- such as unsanitized inputs. Be proactive.

So it's better to have nothing that something, that is what you said?

p.s. Thanks for your time

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04317 seconds Memory Usage 2,277KB Queries Executed 14 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (6)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!