Go Back   vb.org Archive > News and Announcements > News and Announcements
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #211  
Old 05-27-2006, 09:21 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Shaliza
Well, those coders will probably keep putting it in, but now I bet loads of people are checking the codes inside out now.
No, they won't if they continue to do so they will be punished for their unjust actions like we have stated.
  #212  
Old 05-27-2006, 10:55 AM
peterska2 peterska2 is offline
 
Join Date: Oct 2003
Location: Manchester, UK
Posts: 6,504
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Shaliza
Well, those coders will probably keep putting it in, but now I bet loads of people are checking the codes inside out now.
Quote:
Originally Posted by Zachery
No, they won't if they continue to do so they will be punished for their unjust actions like we have stated.
The codes of flagged modifications along with another random sample will also be checked again to ensure that the code has been removed and has not appeared anywhere else.

If has not been removed, then as Zachery said, action will be taken.
  #213  
Old 05-27-2006, 11:17 AM
Tim Skellett Tim Skellett is offline
 
Join Date: Sep 2005
Posts: 73
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Danny.VBT
There seems to be some confusion at the extent of what has happened.
...........The issue here is that some coders implemented a way to automatically click "Install" on vb.org whenever a product/plug-in was uploaded. The reason why we've decided to let users know about this, is because most of the time this happens with out the Admin's consent.

The "backdoor" involved here was with www.vbulletin.org, not your forum. ........
Ah, many thanks for the clarification. I have been following this matter somewhat closely, and it's nice to have a full explanation.
  #214  
Old 05-27-2006, 01:27 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Shaliza
now I bet loads of people are checking the codes inside out now.

this is the best things they could do!
never install anything without at least read through the code shortly. On the one hand you learn coding by reading, on the other hand, you can find out bugs faster!
  #215  
Old 05-27-2006, 03:19 PM
Razasharp's Avatar
Razasharp Razasharp is offline
 
Join Date: Feb 2005
Location: UK
Posts: 373
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Any possible security breaches/backdoors should be made known to the users really - now you've got a bunch of people worried, A) that there are real risks in using vb.org and its hacks and B) there's no way to find out which hacks are actually being questioned.

This is another reason why I think Jelsoft needs to employ someone to overlook things here, because ultimately whatever goes on at vb.org affects Jelsoft directly.

Why doesn't Jelsoft employ a staff member or two to look over these issues? I reckon they could go through all the hacks once submitted and approve them if they looked ok along with having enough time to run and support this site.

Or why not build a team of coders willing to look over code and seeing whether a hack should be approved or not? No hacks going 'live' without approval, and any changes to uploaded files having to be approved too. Jelsoft could pay them for their time.

If vBulletin was open-source this may be understandable, but it's not - it has enough resources to employ staff in these missing areas.
  #216  
Old 05-28-2006, 12:34 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Razasharp
Any possible security breaches/backdoors should be made known to the users really - now you've got a bunch of people worried, A) that there are real risks in using vb.org and its hacks and B) there's no way to find out which hacks are actually being questioned.

This is another reason why I think Jelsoft needs to employ someone to overlook things here, because ultimately whatever goes on at vb.org affects Jelsoft directly.

Why doesn't Jelsoft employ a staff member or two to look over these issues? I reckon they could go through all the hacks once submitted and approve them if they looked ok along with having enough time to run and support this site.

Or why not build a team of coders willing to look over code and seeing whether a hack should be approved or not? No hacks going 'live' without approval, and any changes to uploaded files having to be approved too. Jelsoft could pay them for their time.

If vBulletin was open-source this may be understandable, but it's not - it has enough resources to employ staff in these missing areas.
It wouldn't matter if we had 1000 people to check every single line of code here released ever. And that was all their job would be, eventually something would slip though. It is up to each admin to verify anything that they are installing will do what they want it to. Even if it means learning some basic php. You should always review any code you did not write yourself.
  #217  
Old 05-28-2006, 12:40 AM
kall's Avatar
kall kall is offline
 
Join Date: Apr 2004
Location: New Zealand
Posts: 2,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Zachery
You should always review any code you did not write yourself.
Indeed.

People are up in arms about installing Encrypted software on their servers, yet so many are prepared to just say 'COOL! All I have to do is import an .xml file??' and slap-happily whack totally unknown code into their vB.

Madness.
  #218  
Old 05-28-2006, 12:41 AM
Razasharp's Avatar
Razasharp Razasharp is offline
 
Join Date: Feb 2005
Location: UK
Posts: 373
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Zachery, not everyone is a coder and even with basic knowledge may still not be at a level to see whether a hack was secure or not. (I've read half a book on php, know html, the web industry, but am still am unsure about many code-related things for example).

One slip up from a staff member would be far more acceptable than loads from vb.org users.



Quote:
Originally Posted by kall
Indeed.

People are up in arms about installing Encrypted software on their servers, yet so many are prepared to just say 'COOL! All I have to do is import an .xml file??' and slap-happily whack totally unknown code into their vB.

Madness.
People may feel that code posted here for vB may be getting checked either by staff or other coders - in fact I've seen on many occasions how another coder has given a tip to someone else in their hacks' thread to cut-out a query for example (it's one of the reasons that made vb.org great).

Encrypted software is totally different in that you can't see it even if you wanted to, and the general consensus is that people don't like to use it, wherever possible.
  #219  
Old 05-28-2006, 06:21 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

vBulletin.org is a community about users helping users modify vBulletin.
  #220  
Old 05-28-2006, 06:37 AM
Lea Verou Lea Verou is offline
 
Join Date: Jul 2005
Location: Greece
Posts: 1,856
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Is this about easter eggs in hacks?
I have never added any, but I always wanted to add one
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:10 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04567 seconds
  • Memory Usage 2,262KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (8)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete