The Arcive of Official vBulletin Modifications Site.

Quarantined? · **Released**: 08-29-2011

Are there any more details on this and why it was quarantined?

thanks.

JacquiiDesigns · #12 08-29-2011, 10:40 PM

Quote:

Originally Posted by basskiller

you have to realize that consequences far outweigh the right to know what the problem actually is/
Say he does mention what the exact exploit is.. This could leave possible thousands of boards out there that maybe haven't received the message about the quarantine, vulnerable to the exploit to many new people that now know what the exploit is. And by people, I mean guys that just want to cause truoble..
so is it better for them not to say and we just disable the mod.. wait for the fix, or let you know and possibly open a bunch of boards up to now a bunch of people that didn't know, but now do ???

the smart move is just disable and wait

This post is justification for no-info. Your point has not fallen on deaf ears though, likewise I hope mine hasn't.

My point is ==> people now know there's an exploit. You may as well publish the details, so that those of us who can take care of the issue ourselves may do so, instead of having to wait hours, days, weeks, months, never ((hopefully not)) for the modification author to release a fix.

As it is though - I've just received the quarantine email, which for all intents and purposes could have simply been a nice vBulletin-ized photo of a man in red cape flipping the middle finger = no use to anyone. Just a little trivial something that irks our nerves.

We may as well have hoped for a crystal ball in which to read the minds of those who know the exploit particulars....so that we may take action!

J.

--------------- Added [DATE]1314661557[/DATE] at [TIME]1314661557[/TIME] ---------------

in other news ==> now would be as good as time as ever to do a complete site backup LOL... So off I go...

BirdOPrey5 · #13 08-29-2011, 10:46 PM

The email had suggestions on what you should do, and you should follow the actions suggested.

If you want to call it useless that is your call, but it was pretty specific on what you should do until the issue is resolved.

nighteyes · #14 08-29-2011, 11:13 PM

Previous quarantine email messages that were useful:

Quote:

The following modification has had an exploit reported in it, and has been 'quarantined' by vBulletin.org.

The author of the modification has been informed and asked to provide a fix, until this fix is provided the modification will remain in the vbulletin.org graveyard.

Today's quarantine email notice:

Quote:

The following modification has been 'quarantined' by vBulletin.org.

The author of the modification has been informed and asked to address the quarantine reason(s), until this is done the modification will remain in the vbulletin.org graveyard.

Security through obscurity doesn't work. I would argue the language you now think is far more suitable to use is actually going to result in more people shrugging their shoulders and ignoring your notices. And as a result, more vB forums will get hacked.

Hippy · #15 08-30-2011, 12:03 AM

may of 2010..
there was a update intended but never released

Quote:

Originally Posted by MrZeropage

this is not unsupported, while v2.7.1+ is to be finished I am trying hard to fix things that came up with vB4 and using its own index.php to direct to portal or forum.
There is no hook in index.php or any other place where right from the start I can implement the needed code, very bad.
I think I need to contact Jelsoft and request a hook there.

I am still irritated that this error does NOT appear on my testsite ...

Maybe anybody let me check this "on site" ? Please contact me via PM and refer to this thread, thanks

I guess he never fixed those issues because it was never released..
I sure hope he can post a fix for the issue at hand for everyone still using it..

JacquiiDesigns · #16 08-30-2011, 12:08 AM

Quote:

Originally Posted by BirdOPrey5

The email had suggestions on what you should do, and you should follow the actions suggested.

If you want to call it useless that is your call, but it was pretty specific on what you should do until the issue is resolved.

That email was BALONEY! And to suggest that it wasn't is even more ridiculous than that brief (useless) burp of an email notification...

Now - before we get all defensive ==> There is not anyone in this thread who wants to argue -- except for me perhaps haha. But rather - our posts tend to be suggestive of a better way for vBulletin.org to handle quarantined/exploited/blablabla modifications as concerns it's paying customer base!

Right now - it's obvious that vBulletin.org as an entity doesn't give a flying _______.
((whatever horrible or not-so-horrible word you can think of will likely fit in the blank space))

J.

BirdOPrey5 · #17 08-30-2011, 12:19 AM

Quote:

Originally Posted by JacquiiCooke

Right now - it's obvious that vBulletin.org as an entity doesn't give a flying _______.
((whatever horrible or not-so-horrible word you can think of will likely fit in the blank space))

J.

Seriously Jacquii? I (and most of the rest of the staff) are here as volunteers. We are using our own time and energy to keep vBulletin modifications safe for everyone. Even confirming it is an exploit might give people ideas and risk the security of everyone who has this installed.

Regardless of the reason the e-mail contains the suggested course of action (disable the mod). I will not have any pity for those who received the email and chose to ignore it. If anyone is that interested in fixing the mod itself then review the code and fix any exploits you find- no one is stopping you. That goes for every mod here, quarantined or not.

Max Taxable · #18 08-30-2011, 12:22 AM

Drama queens everywhere.... Glad to see my board is not the only one. Of course, I knew that already.

AuroraStorm · #19 08-30-2011, 12:24 AM

My board is still at 3.7.2 and I haven't updated my arcade in about three years because I was dealing with a serious illness...does this exploit affect my board?

I know this is a dumb question but I'm not sure what's going on here...

edited - oh and I did disable it...I learned my lesson from the vbPlaza exploit that destroyed my board in 2007...

I'll await instructions from those who know. Thank you for sending me an email (I know it's general mail) and I appreciate it...

garyb12001 · #20 08-30-2011, 12:33 AM

Quote:

Originally Posted by BirdOPrey5

Seriously Jacquii? I (and most of the rest of the staff) are here as volunteers. We are using our own time and energy to keep vBulletin modifications safe for everyone. Even confirming it is an exploit might give people ideas and risk the security of everyone who has this installed.

FWIW, thanks for the heads-up. Much appreciated.

BirdOPrey5 · #21 08-30-2011, 12:50 AM

Paul posted this in another thread but it is worthy of reposting.

https://vborg.vbsupport.ru/info.php?do=security

This is the procedure on when a mod is quarantined and it shows the possible outcomes and options we have.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05178 seconds Memory Usage 2,327KB Queries Executed 25 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (7)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (3)pagenav_pagelink (11)post_thanks_box (4)post_thanks_box_bit (11)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (3)post_thanks_postbit (11)post_thanks_postbit_info (10)postbit (11)postbit_onlinestatus (11)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start fetch_musername post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start post_thanks_function_fetch_thanks_bit_start post_thanks_function_show_thanks_date_start post_thanks_function_show_thanks_date_end post_thanks_function_fetch_thanks_bit_end post_thanks_function_fetch_post_thanks_template_start post_thanks_function_fetch_post_thanks_template_end pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

2 благодарности(ей) от:
AuroraStorm, Gemma

Благодарность от:
Juggernaut

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!