The Arcive of Official vBulletin Modifications Site.

Pcparts · #1 12-11-2005, 07:35 AM

Is this true that by installing some of the mods, hacks that are posted at this forum, the security of the forums is compromised? And that it becomes easier for some hacker to hack the forums (if he/she knows that such and such hack is installed).

I was told this by someone today. That if you install hacks and mods then a hacker can hack your vb forums just becuase the original code is altered?

Zachery · #2 12-11-2005, 07:53 AM

Quote:

Originally Posted by Pcparts

Is this true that by installing some of the mods, hacks that are posted at this forum, the security of the forums is compromised? And that it becomes easier for some hacker to hack the forums (if he/she knows that such and such hack is installed).

I was told this by someone today. That if you install hacks and mods then a hacker can hack your vb forums just becuase the original code is altered?

That sounds like someone trying to scare you. however...

The fact is the code you use is only as secure as it was designed to be. Installing third party mod have a chance of opening your forums up to security issues. Just because you installed a mod doesn't mean there is a now some secuirty issue, however it doesn't mean that there isn't one either.

The vBulletin current working verisons of vBulletin (3.5.2 3.0.11 2.3.8) are SECURE as of this post. That doesn't mean in 3-4 months some php or browser security issue might popup that we will fix, if not in vB itself.

Adding third party code, esp if you are not a coder, can open you up to alot of problems.

Its a tricky subject. But, mod and use mods at your own risk.

Pcparts · #3 12-11-2005, 08:18 AM

Thanks Zachery for your reply.

I haven't installed any mods or hacks other than the ones posted here at vbulletin.org. So I assume they will be safe to use or not always?

So far I have only installed some signature mods, to limit the singatures and 1 BB-code which I found here.

I assumed that it would be safe to use them, and nothing like the guy told me would be possible. That someone hacking the forums because a mod or hack is installed.

I am not a coding guru, so I only have some knowledge of php. But still the knowledge I have of php and other programming languages, that was enough to tell that the guy is trying to scare us. You confimred my doubt here.

This guy threatened us that he be made the tech admin of our site as he is a much more suitable person for the job. Which actually in turn nullified him ever getting any important position in the team.

Ramsesx · #4 12-11-2005, 09:54 AM

I think if you wait some time for installing a new released mod and don't install betas and have an eye on your installed mods (subscriptions) you will be on the safer side.
The most coders here install by themself a lot of mods and have an eye for security risks (I think) and never heard about a hacked forum caused by a mod here.

merk · #5 12-11-2005, 10:18 AM

Quote:

Originally Posted by Pcparts

I was told this by someone today. That if you install hacks and mods then a hacker can hack your vb forums just becuase the original code is altered?

If the person who wrote the hack is not knowledgable about security or making sure that their code is secure there is high potential that your forums could be compromised. It is unfortunate, but a fact of installing hacks to any kind of code.

Quote:

Originally Posted by Zachery

The vBulletin current working verisons of vBulletin (3.5.2 3.0.11 2.3.8) are SECURE as of this post.

That statement is misleading - they are believed to be secure, they may infact have significant vulnerabilities at the time of your post (which of course the vendor may not know about).

steven s · #6 12-11-2005, 11:15 AM

Quote:

Originally Posted by merk

That statement is misleading - they are believed to be secure, they may infact have significant vulnerabilities at the time of your post (which of course the vendor may not know about).

Since we can't look into the future, they are secure based on the present. I understand what you are saying though.

Pcparts,
Don't assume something is safe just because it is on vb.org.
Leaving HTML on can open up your board to problems, so I'm told.
I believe there was a security issue with someone's shoutbox that led to sites being hacked and redirected.

sensimilla · #7 12-12-2005, 06:57 AM

Hacking and changing your vbulletin structure can cause forum vulnerability.. thats obvious
Several times holes were discovered not in vbulletin itself but in mods and addons..
Try to install only mods from long time hosted coders , and tested hacks

this is related more with hacks that requires files changes.. not plugin based

Zachery · #8 12-12-2005, 07:17 AM

Quote:

Originally Posted by sensimilla

Hacking and changing your vbulletin structure can cause forum vulnerability.. thats obvious
Several times holes were discovered not in vbulletin itself but in mods and addons..
Try to install only mods from long time hosted coders , and tested hacks

this is related more with hacks that requires files changes.. not plugin based

Plugins can have the same effect, along with any files that directly access the database (eg: any file that includes global.php)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.02186 seconds Memory Usage 2,227KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (5)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (8)post_thanks_box (8)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (8)post_thanks_postbit_info (8)postbit (8)postbit_onlinestatus (8)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!