Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > ibProArcade Archive
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Quarantined? Details »»
Quarantined?
Version: , by HenryHank HenryHank is offline
Developer Last Online: May 2017 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 08-29-2011 Last Update: Never Installs: 0
 
No support by the author.

Are there any more details on this and why it was quarantined?

thanks.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #32  
Old 08-30-2011, 09:11 AM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.
Reply With Quote
  #33  
Old 08-30-2011, 09:32 AM
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by BirdOPrey5 View Post
Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.
Thanks for the update, though I'm sure we could debate rather robustly on the concept of need :P -- and yet another point of contention: some may not even know what files to even rename/remove because the archive is no longer downloadable here at the .org

IDK - I just think there has to be a better way to handle quarantined/graveyarded mods....

</drama-queen-ism>
Reply With Quote
  #34  
Old 08-30-2011, 11:35 AM
nighteyes's Avatar
nighteyes nighteyes is offline
 
Join Date: Oct 2001
Posts: 130
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Adrian Schneider View Post
Wow guys. Any administration, developer, etc. worth a grain of salt will not give out (even potential) security vulnerabilities to harm their members. For those who are curious, you can find out by looking at the patch once it comes out or try finding it yourself prior.
Most of the users saying we are drama queens with our suggestions haven't even comprehended the point we are making. Nobody is asking them to disclose the precise security vulnerabilities. We only wanted to know the mod was pulled for security reasons. EXACTLY the information they did finally disclose in this thread. In the past, modifications have been quarantined for a variety of reasons including copyright infringement and violating Jelsoft's terms. Is it reasonable for us to have to guess why they have pulled a modification from the site?

As my earlier message demonstrated, they used to tell us when a product was pulled because it was vulnerable to exploit. Why can't they continue to do this? All we're asking for is the information they went ahead and confirmed in this thread anyway.

I'm also aware it's a thankless task volunteering to staff a forum. I'm sure there's a good chance those we've been venting at had nothing to do with whatever policies were implemented to change the way these quarantine notifications are sent out.
Reply With Quote
  #35  
Old 08-30-2011, 12:40 PM
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
Location: USA, New Jersey
Posts: 2,392
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

MrZeropage came through with a fix and a new version..
once again thanks MrZeropage
Reply With Quote
3 благодарности(ей) от:
BirdOPrey5, garyb12001, JacquiiDesigns
  #36  
Old 08-30-2011, 02:46 PM
garyb12001 garyb12001 is offline
 
Join Date: Jun 2010
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Hippy View Post
MrZeropage came through with a fix and a new version..
once again thanks MrZeropage
Agreed. Thanks for the quick resolution!
Reply With Quote
  #37  
Old 08-30-2011, 03:24 PM
Biker_GA Biker_GA is offline
 
Join Date: Oct 2004
Location: Where my hat is
Posts: 829
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by BirdOPrey5 View Post
Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.
No. You completely missed the point.

What we're saying is the email was totally worthless from an Administrative standpoint. It told me nothing other than the modification was quarantined. I could care less about the details of an exploit, but that email should have stated there was a security issue to lend credence to the notification.

We're not complaining about the lack of information about the exploit itself. We're complaining about the lack of information period. We should have been told WHY the modification was quarantined. This doesn't mean you have to go into the details of the exploit, but as an administrator, I can't make informed decisions on how my site is run when I get a half baked email like I received.
Reply With Quote
  #38  
Old 08-30-2011, 03:47 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Biker_GA View Post
No. You completely missed the point.

What we're saying is the email was totally worthless from an Administrative standpoint. It told me nothing other than the modification was quarantined. I could care less about the details of an exploit, but that email should have stated there was a security issue to lend credence to the notification.

We're not complaining about the lack of information about the exploit itself. We're complaining about the lack of information period. We should have been told WHY the modification was quarantined. This doesn't mean you have to go into the details of the exploit, but as an administrator, I can't make informed decisions on how my site is run when I get a half baked email like I received.
Quite frankly you don't need to know why you just need to know it has been.

If I confirm it is a security exploit then you will have nefarious people scan the code line by line looking for the exploit to take advantage of it. If they miss it the first time, they will keep looking because they *know* for sure it is there.

But if I don't confirm it's a security exploit they may look through the code and not see it the first time, or the second time, and give up and assume it wasn't a security issue at all- which is possible.

That is why I will never confirm it was or was not a security issue/exploit- but if I was a user of the mod I would ALWAYS assume it's an exploit and follow the recommended procedure.
Reply With Quote
  #39  
Old 08-30-2011, 03:58 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I agree with the staff that the exploits should not be posted in the public. Otherwise every script kiddie/wanna be hacker will try out those exploits in every forum that they can running the arcade. We have seen this thing happen all the time in cases like this.

We all should be grateful to the vb staff here who look out for us by letting us know anytime a security issue has been discovered with any of the mods here and takes precautions immediately that no other users will put their forums at risk by installing and using something not secure. At least that is how I see it.
Reply With Quote
Благодарность от:
BirdOPrey5
  #40  
Old 08-30-2011, 06:25 PM
MrZeropage's Avatar
MrZeropage MrZeropage is offline
 
Join Date: Nov 2003
Location: Munich, Germany
Posts: 3,012
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, security-problems should not be made public, just to the developer himself to make sure he can provide a quick fix.

That's how it works well here on vb.org - I can a message telling the details, checked it and could fix it in time, and that's what the community needs. Otherwise there would fly around some usermade hotfixes, some ideas ect which do not help having a stable product with support and development, as modified trees could get out of this ect.


Everything is fine now, everybody just upgrade to v2.7.1+
Reply With Quote
Благодарность от:
AuroraStorm
  #41  
Old 08-30-2011, 09:06 PM
AuroraStorm's Avatar
AuroraStorm AuroraStorm is offline
 
Join Date: Nov 2006
Location: ATHell
Posts: 332
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Um, the last time I tried to update this on my sister board, I couldn't get it to work, which is why I didn't update it on my board...

I'll try it and see...thanks for coming through, Zeropage. This is one of the best, if not THE best mods around...
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:39 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05063 seconds
  • Memory Usage 2,331KB
  • Queries Executed 27 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (5)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete