Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions

Reply
 
Thread Tools Display Modes
  #11  
Old 08-17-2015, 11:49 PM
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
The policy does not need attention, in the least. Remember all, I was once once of you, I voiced the same concerns in fact if you search my past posts you'll find me spouting off to Paul and others long ago... it sounded like the same gibberish you typed above no offense but the forcing someone into doing something over being loud, proud, and funny when calling them or the sites policies into question is my JOB Ooooootay? Also - we're both loud Jacqii and nothings wrong with that unless its Movie night . See I'm still being funny while also beating a dead horse, policy won't change but we can surely poke and prod that poor dead horse until the cows come home, pigs fly, or the thread is closed and I'm pretty sure which one will happen first! "How Now Brown Cow"

Edit: Info to those who already downloaded or installed it? What about the 1000x illegal/hacker/download 599 vb4 Mods in this .zip type of sites? Remember that most mods are available illegally and perhaps with tons of injected code or similar in the files so we can't just trust anyone #X-Files.

Now corny humor aside, I feel your pain. I also hate the fact when some coders remove their mods (over spite or similar, while nothing is wrong with the mod at all) and I fix tons of hacked sites... my method is restore the site to how it was 100% then upgrade if required - issue comes into play when the mod is in the graveyard and I can't download to help "fix" their site back to original so if you hate just being sol, then try just being sh**ted on eh? Basically what some have done in the past yet we don't see threads about that and those mods broke the mold for sure, some of them. So we can all have our opinions and justify why something should or should not be done but the rules are the rules, I've argued with Paul before and he politely pointed out many oversights in my logic and they just made sense once I took his point of view into consideration. See my post above, if its within your budget many coders here are qualified to change a few lines of coding to make it secure again - this is why we have an unpaid + paid request area for you to utilize. Furthermore you could open a new thread in vB4 programming discussions and ask for advice or what others might see as a vulnerability.

*Do not forget though, that a coder can fix a mod then contact staff and if we review and confirm its fixed we can add the fixed mod as an attachment to the first post, the liability IF any at all then does not fall on the new coder nor the original author, it would then fall on you the person downloading and using as it would still be use as-is and at your own risk we would simply verify if a security risk is still present or not. Some coders also fix a mod and attach the fixed file to the mods thread so it stays within the thread and does not violate the do not re-release this mod blah blah as its still within the mods thread here - since its quarantined now and not a misc issue i.e. its a security issue the only way to go about it that way would be to contact staff directly and voice interest in fixing said mod so we can work with you then restore the mod with the fixed version in place ready for download.

I didn't realize posting a suggestion would get me insulted by vB.org staff. And you guys wonder why member activity has slowed to a tedious trickle here..

The policy does need to be revisited in my opinion, and likely in the opinions of lots of folks left out in the dark as concerns quarantined modifications. It could and should be bettered for legitimate vBulletin license holders. And to be perfectly honest - I can't be bothered to give a damn about folks using illegally shared modifications with their nulled software. That's immaterial here.

What's important here is the 706 people who've legitimately marked "Install" on the modification - who are now (by vB.org official policy) sh!t out of luck, no useful information whatsoever coming out of vB.org



Quote:
Originally Posted by TheLastSuperman View Post
See my post above, if its within your budget many coders here are qualified to change a few lines of coding to make it secure again - this is why we have an unpaid + paid request area for you to utilize. Furthermore you could open a new thread in vB4 programming discussions and ask for advice or what others might see as a vulnerability.
  1. Who has a budget???? We're broke LOL
  2. So we can open a thread and discuss the possible exploits and possible fixes to our little hearts content? Meh. If the exploit truth is going to come out this way - you may as well make it easier so that the 706 people who (again) legitimately marked the modification as installed.

Meanwhile in reality = The 706 folks you shot the useless quarantine subscription email to are SOL.. That's extremely frustrating.
vB.org can do better.

J.
Attached Images
File Type: png vdr.png (23.6 KB, 0 views)
Reply With Quote
2 благодарности(ей) от:
blind-eddie, ShadowX
  #12  
Old 08-18-2015, 01:10 AM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Insulted?!?!?!?!

Come now Jacquii, your sense of humor is greater than that I know from experience! It was supposed to make that intellect of yours go "well that snazzy terd, look what he did there" in a sense - he basically said that once, he said the same thing like gibberish, was supposed to be witty humor, I tried!

Tone, the only thing missing on a forum!

Ohh and remember that certain things are not useless, such as the quarantine email - now you/them have the choice to make a decision on whether to disable or remove it until something viable whether that be a fix or replacement comes along. Staff here also does everything on this site, in their spare time Paul and Lynne included... even if they're on staff for vBulletin themselves they ARE NOT PAID for time spent on vbulletin.org so please don't assume that we're responsible for breaking the bank, we're just investors as well and the tedious trickle, vB5 for sure .
Reply With Quote
Благодарность от:
JacquiiDesigns
  #13  
Old 08-18-2015, 07:27 AM
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
Insulted?!?!?!?!

Come now Jacquii, your sense of humor is greater than that I know from experience!
Nothing wrong with a wee bit of melodrama :P

Quote:
Originally Posted by TheLastSuperman View Post
Ohh and remember that certain things are not useless, such as the quarantine email - now you/them have the choice to make a decision on whether to disable or remove it until something viable whether that be a fix or replacement comes along. Staff here also does everything on this site, in their spare time Paul and Lynne included... even if they're on staff for vBulletin themselves they ARE NOT PAID for time spent on vbulletin.org so please don't assume that we're responsible for breaking the bank, we're just investors as well and the tedious trickle, vB5 for sure .
Ha. I know and well understand. I'm just making some (imo well-deserved) noise and hope it gets your attention. I wouldn't say the things I've said if I didn't think the policy could be bettered... And for most of us - the email is absolutely useless. Other than hiring someone to investigate what the exploit *could be* and hoping that once they've solved the 'what is it' of the Great Exploit Caper ... Meh. I just think a lot of time and a bit of money could be saved if you guys had some sort of transparency. That's all.

Anyway. Yeah. A wee bit of melodrama for your nerves. Hope it made you smile - or more appropriately - I hope it made you roll your eyes like I did once I started wondering what to do about the quarantine LOL

J.

--------------- Added [DATE]1439890217[/DATE] at [TIME]1439890217[/TIME] ---------------

Quote:
Originally Posted by weave View Post
I am very curious what this would cost to fix AND update. If it is reasonable, I might be willing to foot the bill....worst case is the community pools their funds together and gets a legit coder to fix it up and make it current. I do NOT want to rip it off my site but I have disabled it until I know more about why it was quarantiend.

I am not faulting the ORG at all....I just want it fixed and updated so I can enable it on my site again.....
I'd be interested in the cost and possibly slinging a few dollars to the cause. It's a nice modification that I've appreciated for years. I hate that there's an exploit - but I hate even more that there's an exploit and we apparently have not even clue #1 as to where even begin to address it ... other than hiring a coder. At anyrate - I'm the brokest Bytch in the great state of Tennessee - but I could throw a tiny amount to the cause.

J.
Reply With Quote
Благодарность от:
TheLastSuperman
  #14  
Old 08-18-2015, 06:19 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

World wouldn't be quite the same without a few "characters" in it, now would it?! Character - love that word and its uses! All of you have it and we're all quite a character as well I'd dare say, in that good type of way!

I would contact Blind-Eddie who posted above, looks as if he has a paid request up already and perhaps you all could split that, something you would need to contact him over though.
Reply With Quote
  #15  
Old 08-18-2015, 06:22 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by weave View Post
I am very curious what this would cost to fix AND update. If it is reasonable, I might be willing to foot the bill....worst case is the community pools their funds together and gets a legit coder to fix it up and make it current. I do NOT want to rip it off my site but I have disabled it until I know more about why it was quarantiend.

I am not faulting the ORG at all....I just want it fixed and updated so I can enable it on my site again.....
Never uninstall, disable and rename all .php file i.e. video.php to .gthdhyu675r5.php and leave it until time to patch/update. I say this because then those looking for specific files to take advantage of won't find them right away and those not talented enough won't. Furthermore if you remove the mod then all data associated with it goes as well, so with that being said if someone didn't know and uninstalled thinking that was correct, then re-installed once it was patched/fixed and wondered where all their videos links and such went too - they're gone forever! This is why you disable+rename instead of uninstall.
Reply With Quote
  #16  
Old 08-20-2015, 09:36 AM
weave weave is offline
 
Join Date: Jun 2011
Posts: 64
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
Never uninstall, disable and rename all .php file i.e. video.php to .gthdhyu675r5.php and leave it until time to patch/update. I say this because then those looking for specific files to take advantage of won't find them right away and those not talented enough won't. Furthermore if you remove the mod then all data associated with it goes as well, so with that being said if someone didn't know and uninstalled thinking that was correct, then re-installed once it was patched/fixed and wondered where all their videos links and such went too - they're gone forever! This is why you disable+rename instead of uninstall.
Yea I get that an uninstall is the last draconian option anyone wants and fully understand the ramifications of doing so. However, as I said my original post, the developer is long gone and none of the rest of us have a clue as to what the exploit is (and you ain't talking). That leaves us with the disable and now your recent inclusion of renaming every *.php file, of which I count 31 one of.

The original org user paid to fix the YouTube API 2.0 - 3.0 issue, not the "exploit". How are we to pay to get it fixed when we have no idea WHY you killed it and what needs to be fixed? For all we know this could be a simple syntax issue or a the worst....the need for a whole re-write. That could make the cost $20 or many hundreds, or more!

I find it hard to believe that the 701 one of us who checked that we have it installed actually have any future hopes of seeing this fixed and brought back to life.....but I am a pessimist by nature.

Time will tell I guess but for now I will just embed any youtube videos in posts and carry on.
Reply With Quote
2 благодарности(ей) от:
JacquiiDesigns, rockerzteam
  #17  
Old 08-20-2015, 10:17 PM
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Location: Michigan
Posts: 2,310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I created a thread in the paid section and received two pm's with regards fixing it. I am still waiting to hear something.
Reply With Quote
2 благодарности(ей) от:
JacquiiDesigns, weave
  #18  
Old 08-25-2015, 09:08 PM
rockerzteam rockerzteam is offline
 
Join Date: Sep 2009
Posts: 133
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by blind-eddie View Post
I created a thread in the paid section and received two pm's with regards fixing it. I am still waiting to hear something.
I hope you're not holding your breath while waiting for a response or fix! You would have better luck tracking down the main coder at the other forums and asking him to release a fix to you for a fee! With all the help you provide people Eddie including myself I am amazed how you get treated in return.
Reply With Quote
Благодарность от:
JacquiiDesigns
  #19  
Old 08-25-2015, 10:30 PM
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Location: CT - Down in a hole..
Posts: 3,057
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I had to remove this mod and go with Nicks. I have lost a library with many years of media.

I understand the policy of not making a known exploit public knowledge but maybe it could have been shared with at least a few well known and trust worthy members so a fix could have been found.

At any rate this plug wasn't working correctly in a long time.
Reply With Quote
3 благодарности(ей) от:
blind-eddie, JacquiiDesigns, weave
  #20  
Old 08-26-2015, 11:50 PM
weave weave is offline
 
Join Date: Jun 2011
Posts: 64
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by RichieBoy67 View Post
I had to remove this mod and go with Nicks. I have lost a library with many years of media.

I understand the policy of not making a known exploit public knowledge but maybe it could have been shared with at least a few well known and trust worthy members so a fix could have been found.

At any rate this plug wasn't working correctly in a long time.
Was this removed on a VB3 or VB4 site? Other than losing the media, any other ill effects observed?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:46 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09013 seconds
  • Memory Usage 2,317KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (9)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (12)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete