The Arcive of Official vBulletin Modifications Site.

Boofo · #51 03-04-2008, 08:42 PM

Quote:

Originally Posted by magnus

To what degree? Have I suffered data loss due to an exploit? No, never.

Regardless, what does this have to do with the issue at hand? The current state of security of my own personal sites has nothing to do with a public discussion/repository for security related topics. If any of my sites are compromised, I can immediately reference my logs, find out what happened, and either patch the exploit or take it offline for further review.

Could you say the same?

My point being, a vBulletin-focused security discussion isn't inherently a bad thing -- but it's not going to accomplish what many think it will. If you want to keep up to date on security issues, subscribe to Bugtraq. Consider getting a basic grasp of PHP, so you can skim through the multitude of hacks before installing to look for basic security risks -- such as unsanitized inputs. Be proactive.

I think you're missing the point of this whole debate. First, you as an experienced Admin could obviously take care of it if it happened to you. But there are those out there that have no clue what to look for or how to fix it if it does happen to them. Have you noticed how many "I've been hacked! Help!" threads have been popping up lately? And all from Admins that are either new to the being-hacked arena or inexperienced in the process of running a vb site. That doesn't make them any less deserving than you or I, and yes, even iogames (although, that is debatable). I get fed up hearing "then you shouldn't be running a site if you don't know who to fix it" statements. How many of us were born with the knowledge to run a site? I sure as hell wasn't. And neither was anyone else. It is a learning process and vbulletin.org is the school.

An area like we are discussing it a great idea for reference if nothing else. If gives a user a place to go to hear others stories about how they were hacked and what it took to fix it or stop it, or whatever. Something like this would be invaluable to a new Admin. I wish they had had something like this around when I was first starting out.

iogames · #52 03-04-2008, 08:48 PM

Quote:

Originally Posted by Boofo

I think you're missing the point of this whole debate. First, you as an experienced Admin could obviously take care of it if it happened to you. But there are those out there that have no clue what to look for or how to fix it if it does happen to them. Have you noticed how many "I've been hacked! Help!" threads have been popping up lately? And all from Admins that are either new to the being-hacked arena or inexperienced in the process of running a vb site. That doesn't make them any less deserving than you or I, and yes, even iogames (although, that is debatable). I get fed up hearing "then you shouldn't be running a site if you don't know who to fix it" statements. How many of us were born with the knowledge to run a site? I sure as hell wasn't. And neither was anyone else. It is a learning process and vbulletin.org is the school.

An area like we are discussing it a great idea for reference if nothing else. If gives a user a place to go to hear others stories about how they were hacked and what it took to fix it or stop it, or whatever. Something like this would be invaluable to a new Admin. I wish they had had something like this around when I was first starting out.

I'm glad to have you back! [sob,sob,sniff]

Boofo · #53 03-04-2008, 09:06 PM

I guess I just snapped there for a second with all the "why don't the newbies know as much as I do" stuff. That is a very sore point with me. We all were newbies at one time or another and didn't know squat about vb. We can learn here but not pass on what we have learned along the way? Sounds like crap to me.

tazzarkin · #54 03-04-2008, 09:14 PM

On the 1st page, some guy mentioned that the more you bring attention to it, the more it encourages hackers.

Maybe someone should make a Security Mod that will trace will mods are most likely to be hacked or what parts of the site have open ports, what files have recently been changed, etc. Sort of like a spysweeper/virus checker.

Then instead of talking about hacking, you focus on the security more.

Boofo · #55 03-04-2008, 09:57 PM

Quote:

Originally Posted by tazzarkin

On the 1st page, some guy mentioned that the more you bring attention to it, the more it encourages hackers.

Maybe someone should make a Security Mod that will trace will mods are most likely to be hacked or what parts of the site have open ports, what files have recently been changed, etc. Sort of like a spysweeper/virus checker.

Then instead of talking about hacking, you focus on the security more.

I agree with the use of the word Security over hacking. Security can cover a lot of areas, including being hacked.

DrewM · #56 03-04-2008, 10:05 PM

Just a side note in hope of getting this thread to "calm" a little bit I have posted an idea here: https://vborg.vbsupport.ru/showthread.php?t=172019

Boofo · #57 03-04-2008, 10:12 PM

Quote:

Originally Posted by Larrysw

Just a side note in hope of getting this thread to "calm" a little bit I have posted an idea here: https://vborg.vbsupport.ru/showthread.php?t=172019

When you start mentioning paid hacks in the same breath as a free security area, looks like a bait-and-switch to me. I want no part of it.

SEOvB · #58 03-05-2008, 01:53 AM

Me either, and on a side note, i'm amazed this has made 4 pages, of well...really not much of anything. And this post isn't helping anything!

#59 03-05-2008, 02:14 AM

Quote:

Originally Posted by tazzarkin

On the 1st page, some guy mentioned that the more you bring attention to it, the more it encourages hackers.

thanks to not mention my name... lol

actually, the goal to have a "Quarantine" place where to put the mods with inserts or security issues is one of the reasons why hacking mods may not be discussed here... when you announce that the hack XYZ have an exploit ABC, that is the way to break all the securities... you just need one moron to ask "hey, i have that hack and that version on my site, what can i do to secure my site"... 30 seconds after that post, someone would exploit his site...

that's why the guys on vb.org are NEVER discussing exploits of any hack here... neither would Jelsoft on vb.com ... so why start a place for the opposite means ?!

iogames · #60 03-05-2008, 02:47 AM

Quote:

Originally Posted by nexialys

thanks to not mention my name... lol

actually, the goal to have a "Quarantine" place where to put the mods with inserts or security issues is one of the reasons why hacking mods may not be discussed here... when you announce that the hack XYZ have an exploit ABC, that is the way to break all the securities... you just need one moron to ask "hey, i have that hack and that version on my site, what can i do to secure my site"... 30 seconds after that post, someone would exploit his site...

that's why the guys on vb.org are NEVER discussing exploits of any hack here... neither would Jelsoft on vb.com ... so why start a place for the opposite means ?!

'Theorically' [sighs]

Is like NOT TEACHING Cops how to evaluate a crime, is like NOT TEACHING Doctors how to prevent diseases...

When an exploit is announced 95% of users will run to solve the problem, reducing the risk, just a few will commit the mistake that you mentioned above...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.08912 seconds Memory Usage 2,273KB Queries Executed 12 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (6)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (9)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!