Go Back   vb.org Archive > Community Central > Community Lounge
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #21  
Old 12-13-2012, 10:37 PM
Deriggs007 Deriggs007 is offline
 
Join Date: Feb 2011
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Max Taxable View Post
Most of them have such a small percentage of installations it's not worth the "hackers'" time to mess with. vBulletin is targeted because it's very popular.

But I am well aware some free open source CMS such as wordpress, Joomla, Mambo, get "hacked" all the time.

Again, native vBulletin isn't the problem, it is very secure. It's when owners/admins corrupt it with add-ons, alternative skins and plugins is where the security holes start.
So, Joomla, Wordpress, Drupal and other "FREE" CMS's are not as popular as vBulletin and are hackable stock installations? Google will tell you otherwise

Google will also tell you that mods/plugins don't deprive or make it easier to hack, either. Thanks to how they're submitted to the user base on their websites and the review processes.

vBulletin, you're right -- Out of the box it's great. When you start adding all the applications, it's worse UNLIKE others

I mean, isnt' the obvious spam issues good enough proof that shows how bad it is at stopping spam registrations? "oh there is a plugin for that"

You keep zoning in on some text in my posts and aren't trying to understand what I'm saying.. let me rephrase -- vBulletin stock is a very secure product (outside of the spam fest......) when you add products, it's less secure -- like should be any other management system. HOWEVER, even the free CMS's out there like Joomla/Wordpress are more secure than vBulletin with mods installed and just as secure without them.

It's how all these plugins work and how they're submitted and how they're installed/mounted vs's how it's done in vBulletin -- It's simply less secure
  #22  
Old 12-13-2012, 11:01 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Deriggs007 View Post
You keep zoning in on some text in my posts and aren't trying to understand what I'm saying.. let me rephrase -- vBulletin stock is a very secure product (outside of the spam fest......) when you add products, it's less secure -- like should be any other management system. HOWEVER, even the free CMS's out there like Joomla/Wordpress are more secure than vBulletin with mods installed and just as secure without them.

It's how all these plugins work and how they're submitted and how they're installed/mounted vs's how it's done in vBulletin -- It's simply less secure
The bolded IS what I was saying. We have no disagreement there.

I have years of experience with Joomla, Wordpress, Drupal, I don't need google to tell me about the security on those. I personally know several incidents where these were defaced or "hacked." Wordpress used to be one of the worst, still is.

The problem with vBulletin is the sheer VOLUME of add-ons, plugins, skins and etc, and alot of them are from less than trustworthy sources. Alot of them have purposeful exploits coded in them.

It's the HUMANS who screw up native vBulletin, we agree.
  #23  
Old 12-14-2012, 03:30 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Deriggs007 View Post
let me rephrase -- vBulletin stock is a very secure product (outside of the spam fest......) when you add products, it's less secure -- like should be any other management system. HOWEVER, even the free CMS's out there like Joomla/Wordpress are more secure than vBulletin with mods installed and just as secure without them.
I hope your not a programmer :erm:

Adding products to vB does not necessarily make it less secure.
It some cases it could make it more secure, depending on the purpose of the product. Some products have security issues, to say all of them do is pure nonsense.

On the flip side, if you think every product / addon / whatever that you can add to other systems cannot make them less secure then you are living in cloud cookoo land.
  #24  
Old 12-14-2012, 05:56 PM
Deriggs007 Deriggs007 is offline
 
Join Date: Feb 2011
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
I hope your not a programmer :erm:

Adding products to vB does not necessarily make it less secure.
It some cases it could make it more secure, depending on the purpose of the product. Some products have security issues, to say all of them do is pure nonsense.

On the flip side, if you think every product / addon / whatever that you can add to other systems cannot make them less secure then you are living in cloud cookoo land.
Yes I am a programmer and you even rephrased exactly what I was saying and even more clarified it. I didn't say every product makes it less secure, if you re-read my posts, I said it depended on the product as well. Adding security products (like the spammer mods) obviously increase security and as you said, some products have security issues... did I say all of them did? I don't think so........

The problem lies with users installing 3rd party mods that aren't even official and even more so they're using nulled boards or nulled products -- Hey, that's all fine, they deserve to lose their site in that case.

My argument was the potential for more security risks with adding the applications just as Max said

EDIT: I re-read what I wrote, made it sound like I was talking about every application, but I wasn't.

That being said -- Before you harp on someone about security issues and if they are a programmer -- Go fix your guy's spam issues with stock installations... the product isn't even semi spam proof out of the box *chuckles -- all fun and games* especially since you're a "Senior vBulletin Developer* and I really hope you just stay with vBulletin in that case.....
  #25  
Old 12-15-2012, 09:03 AM
socialteenz's Avatar
socialteenz socialteenz is offline
 
Join Date: May 2011
Posts: 465
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Deriggs007 View Post
That being said -- Before you harp on someone about security issues and if they are a programmer -- Go fix your guy's spam issues with stock installations... the product isn't even semi spam proof out of the box *chuckles -- all fun and games* especially since you're a "Senior vBulletin Developer* and I really hope you just stay with vBulletin in that case.....
Can you name a platform with semi spam proof?

You can not stop human spammers, you need to tweak your registration. Even xen had a horrible spam issues.
  #26  
Old 12-15-2012, 03:59 PM
Deriggs007 Deriggs007 is offline
 
Join Date: Feb 2011
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by socialteenz View Post
Can you name a platform with semi spam proof?

You can not stop human spammers, you need to tweak your registration. Even xen had a horrible spam issues.
Yes, I know you need to tweak your registration. I don't believe Xen is having that issue now, nor is IPB, nor is even PHPBB --- I'm simply giving him a hard time, I don't mind -- Just harping on him back :up:

Name a software that's semi-spam proof -- Everything but vBulletin right now... well, and Webspell --- a lot of spam there too.

I also know you can't stop human spammers -- Sorry, but stock installations of vBulletin are not human spammers.

Since I've been working on my site some more after leaving vBulletin/web development for a while -- Came back set everything back up and in about oh.... 3 weeks. 6,000 members and 4000 posts, 1000 topics -- all spam.

Yes, I could easily install a spam mod or tweak the registration -- I'm simply just working on the site and with all these posts, it's helping test stuff on the backend :erm: but none the less, it needs fixed -- all the other forum software fixed that particular issue and many didn't have it

Just saying, not hating

edit: looked at the wrong info, about 12,000 posts, 6,600 members and 2,500 topics. Boy a human spammer must not have time on their hands lols
  #27  
Old 12-15-2012, 04:12 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Deriggs007 View Post
Name a software that's semi-spam proof -- Everything but vBulletin right now... well, and Webspell --- a lot of spam there too.
But are they spam proof in some way, or just not being targeted? If there's some feature that's a part of every other software that's stopping spam, what is it?
  #28  
Old 12-15-2012, 04:55 PM
Deriggs007 Deriggs007 is offline
 
Join Date: Feb 2011
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is no such thing as 100% spam proof -- spammers target not just vBulletin, they just successfully cracked vBulletins reCAPTCHA registration security whereas a lot of other software either didn't have it, didn't use it, or already had an alternative method implemented

You think the spammers only tried to crack reCAPTCHA? No, they seen a flaw and took it

Sorry, to burst all the vBulletin lovers out there -- most other software out of the box don't have this spam as vBulletin does. Without all the additions like mods/plugins/hooks whatever the software uses.

Sure, once you add everything, they're about the same, still -- it exists.

Boy, I sound like a hater and I have vBulletin. Just speaking truth and non bias here. You can deny it all you want, but stock vBulletin is no more secure then wordpress or phpbb or kunena forum for joomla.
  #29  
Old 12-15-2012, 05:16 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Edit: nvm, maybe I just misunderstood. I'm not really interested in arguing.
  #30  
Old 12-15-2012, 06:08 PM
Deriggs007 Deriggs007 is offline
 
Join Date: Feb 2011
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ah, I see.

Alternative registration options outside of reCAPTCHA that work -- We all know what happened with reCAPTCHA. Sadly, using "Human Verification" doesn't work like it's intended. I have it on my site as enabled and it didn't stop anything. Granted, I think when I initially set it up it was simple "What is 3+4" -- Still, didn't work

Basically, it just needs improvements
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:06 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04438 seconds
  • Memory Usage 2,268KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete