Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.7 > vBulletin 3.7 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Cyb - Advanced Forum Rules Details »»
Cyb - Advanced Forum Rules
Version: 4.0.5, by Valter Valter is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.7.x Rating:
Released: 04-29-2008 Last Update: 05-16-2011 Installs: 687
DB Changes Uses Plugins Auto-Templates
 
No support by the author.

Info:
Advanced Forum Rules system for vBulletin.

Main Features:
-Rules shown on separate page (no file uploads required)
-Several sets of rules can be created and applied to individual forums
-Choose between BB codes and HTML in rules
-Options to force users to accept Forum Rules before can view forums or threads, post replies, PMs, or e-mails...
-Option to replace registration rules with this product ones
-Option to reset user acceptance status when infraction is received

View screenshots.


Installation:
1. Import XML file (as product): AdminCP > Plugin System > Manage Products > [Add/Import Product]
2. OPTIONAL (for some customized styles)
Open template "navbar" and add "$cyb_frules_link" after "vbphrase[faq]</a></td>".
3. OPTIONAL (to add 'reset acceptance status' to different place than default one)
Open template "MEMBERINFO" and add "$cyb_frules_force" wherever you wish.


To set options:
Go to: AdminCP > vBulletin Options > Cyb - Advanced Forum Rules


Versions:
v1.0 - Oct 06. 2005.
-First version
v1.5 - Apr 22. 2006.
-Navbar link is added automatically now (one installation step less)
-Navbar "Forum Rules" link can be disabled in hack settings
-"Manage Rules" link is on settings page now (no need for .xml menu file anymore - one file less to upload when installing)
-"Unknown Location" fixed
-Added function to enable/disable whole hack (predefined error message is displayed instead)
-Templates now goes to "Cybernetec" group in Style Manager
To upgrade from 1.0 to 1.5:
-Import product XML through AdminCP > Plugin System > Manage Products > [Add/Import Product] (Be sure "overwrite" is checked). Upload cfrules.php and cfrulesadmin.php (replace old files). Delete file \includes\xml\cpnav_cfrulesadmin.xml.
v1.6 - Aug 04. 2006.
-Release of this hack for vB v3.6
v1.7 - Aug 05. 2006.
-Uncached template bug fixed
v2.0 - Aug 07. 2006.
-Completely changed way this hack works. No more queries, no more file uploads. Now Rules can be exported because it's part of vB settings. Now you can use BB Codes, which means you can use all standard text formatting functions, smilies, etc. To upgrade: Uninstall old version > Import XML as product > Delete "cfrules.php" from your forums root > Delete "cfrulesadmin.php" from "admincp" folder of your forums
v2.1 - Aug 07. 2006.
-Fixed "Edit Forum Rules" link (didn't worked for some users)
v2.2 - Aug 25. 2006.
-If your forum's index.php file was renamed, for any reason, now you can enter new filename in ACP hack options to have this hack working properly
-Added "Product Version Checking" - https://vborg.vbsupport.ru/showthread.php?t=124679
v2.3 - Aug 26. 2006.
-New: User must accept Rules to be able to post on Forums (option can be disabled/enabled)
-Look improved (see screenshots)
-Codes improved
-Hack name changed to "Cyb - Advanced Forum Rules"
v2.4 - Aug 27. 2006.
-Fixed small javascript bug
-Removed redirection to forum index after Rules acceptance
-Note 1/2 lines replaced by boxes in hack settings
-Removed navbar link HTML Markup options
-Separate phrase created for navbar link
v2.5 - Aug 31. 2006.
-Added ability to reset read status for all users. After this they will need to accept the Forum Rules again
-Added note at the top of Forum Rules when user need to accept it to be able to post on forums
-Added explanation on how to check which users had (not) accepted Rules
v2.6 - Aug 31. 2006.
-Fixed bug (index file location/name setting doesn't work)
-Fixed bug (if user who haven't accepted Rules try to post via quick reply in IE he gets undefined error)
-Fixed bug (resetting the accepts doesn't work if index file was renamed)
-Added: Guests now also need to accept Forum Rules to be able to post (cookie-based)
-Added: redirection message for user who try to post but haven't accepted Rules
v2.6.1 - Aug 31. 2006.
-Fixed bug (if user has no permissions to post he will get standard "no permission" message, not redirection to Forum Rules)
v2.7 - Sep 11. 2006.
-After acceptance users are redirected to the page they were previously viewing
-No more need to set filename for "index.php" if it was renamed. Now misc.php is used, which nobody has need to rename.
NOTE: Don't forget to update the links to the Rules you were posted on your site - change it to YOURFORUMS/misc.php?do=cfrules
-Added confirmation dialog for resetting acceptance status for all registered users
v2.8 - Sep 14. 2006.
-Added option to exclude usergroups from accepting Rules
-Navbar link title moved from phrases to settings for easier translation/make-up
v2.9 - Sep 24. 2006.
-Added option to reset acceptance status for individual member
v3.0 - Oct 30. 2006.
-Whole code is now valid XHTML 1.0 Transitional
v3.1 - Nov 13. 2006.
-Option to force user to accept rules again in member profile can be turned off
-Added variable for above function that you can place it to another place in MEMBERINFO template ($cyb_frules_force)
-Bug fixed (if some user knows exact link for resetting acceptance status he can do it)
-Several other improvements/fixes
v3.2 - Mar 06. 2007.
-New: User must accept Rules before can send PMs
-New: Options to choose what user can't do before accepting Rules
-New: Option to replace Registration Rules with this hack's one
-New: Better counter (with miliseconds, improved browser compatibility)
-Fixed some "invisible" bugs in code and improved compatibility with the latest vB releases
v3.3 - Apr 21. 2007.
-New: Option to force user to accept Rules before can view forums
-Fixed bug where three queries are executed on places where not needed
-Fixed bug where blank rows are shown twice on registration rules page
-New in registration rules options (disable completely)
-Better redirection after Rules acceptance
-Some other optimizations in codes...
v3.4 - Apr 22. 2007.
-Fixed bug where PMs can not be sent even Rules are accepted
-Fixed bug where Quick Reply does not work even Rules are accepted
-Improved counter and added ability to completely disable it (tested and worked on IE, Firefox, and Opera)
-Improved compatibility with right-to-left styles (note: in Rules use [right] tags anyway)
-Fixed navbar link
v3.5 - Jul 22. 2007.
-Fixed bug (MySQL injection vulnerability - attacker can trick admin to reset rules acceptance status for all members)
-Group membership checking works now for supplementary usergroups too
-Several code improvements
v3.5.1 - Jul 22. 2007.
-Fixed bug (XSS Vulnerability)
v3.5.2 - Jul 23. 2007.
-Another security exploit fixed
v3.5.3 - Jul 25. 2007.
-Fixed bug where user is not properly redirected after accepting rules
v3.5.4 - Jul 25. 2007.
-Bug fixed where username info is not shown when going to reset acceptance status
v3.6 - Oct 14. 2007.
-Fixed bug where some mods are not able to reset acceptance status
-Improved javascript code to fix problems with the counter some users reported
-Minor bug fixes
v3.7 - Apr 30. 2008.
-CSRF protection added
-Compatible with vBulletin 3.7 Gold (may not work with Beta/RC releases)
-Fixed bug where "reset all" button in hack options does not work in IE
-Minor bugs fixed
v3.8 - Jun 19. 2008.
-Fixed bug where user is able to submit form without checking "agree"
-Option to disable BB Codes in Forum Rules
-Option to change "Forum Rules" link color or set to style's default
-Better placement of "Force User To Accept Forum Rules" link in user profiles
v3.9 - Apr 19. 2009.
-New: Ability to create several rules sets, and apply them to individual forums
-New: Exclude individual forums from restrictions
-New: Rules management page where rules sets can be easily added/deleted/edited/applied to forums
-'General Forum Rules' item can be changed but not deleted. Please use it always as general rules.
-Bug fix: Option to disable registration rules does not work on vB 3.8.x
-Bug fix: Counter on 'Accept rules' button does not work on some configs
-Forum Rules link in showthread now leads to this product's 'General Forum Rules'
-If user has not accepted rules, then 'Force to accept rules' link in their profile is not shown
-New: Option to reset user acceptance status when infraction is received
-Some minor bugs fixed
v3.9.1 - Apr 20. 2009.
-Fixed bug: Forum Permissions sometimes needs to be rebuild manually after upgrade
-Fixed bug: Redirection after accepting rules does not work properly in some cases
v3.9.2 - Apr 21. 2009.
-New: Drop-down menu with the rule set list on Rules page
-New: General Rules always shown at the top of table, requested Rules below it
-New: 'Forum Rules' link at the bottom of forumdisplay will lead user to that forum's rule set
-Fixed bug: Navbar link is not disabled when you disable product in options
-Fixed bug: Quick Reply hidden for users who have not accepted Rules even if forum is excluded from restrictions
-Forums better sorted on the list, now linked and some more details are shown
v3.9.3 - Apr 25. 2009.
-New: User can not view Rule sets applied to no-permissions-to-view forums
-Above works also with 'Cyb - Advanced Permissions Based on Post Count' add-on
-New: Choose if General Rules will be Always shown, Collapsed if there is another rule set requested, or Disabled when there are other rules shown
-'Forum Rules' links in showthread, newthread, and newreply are also now redirected to the Cyb Forum Rules
-New: "Rules NOT accepted" shown in user profiles when they have this status
v4.0 - Apr 28. 2009.
-New: User must accept Rules to be able to view thread content
-New: User must accept Rules to be able to send e-mails ('contact us' or 'e-mail user')
-New: Different Rule sets are accepted individually
-New: Reset acceptance status for individual Rule sets
-New: Rules acceptance date/time info shown in member profile
-Fixed bug: Quotes can not be used in Rule Set name
-Some minor bugs fixed
v4.0.1 - Apr 28. 2009.
-Fixed bug: Reply w/quote switches to basic reply after redirection
-Fixed bug: Forums exclusion does not work properly in v4.0
-New: When PM restrictions are enabled Quick Reply is hidden in ShowPM until General Rules are accepted
v4.0.2 - May 08. 2009.
-Fixed bug: In some cases wrong items are listed in 'Accepted Rules' drop-down
-Fixed bug: 'Reset user acceptance status when infraction received' does not work properly
v4.0.3 - May 04. 2011.
-Security bug fixed
v4.0.4 - May 06. 2011.
-Fixed: vbseo users not able to switch rules
v4.0.5 - May 18. 2011.
-Fixed: Security bug
-Improved rule acceptance check


If you like this hack please click INSTALL.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #322  
Old 05-05-2011, 11:22 AM
haytham's Avatar
haytham haytham is offline
 
Join Date: Jan 2003
Location: USA-Egypt-UAE
Posts: 510
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you Valter for your efforts.
Reply With Quote
  #323  
Old 05-05-2011, 12:43 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Suiram View Post
I've read this too. What's it mean exactly? How long after the update? Minutes? Hours?
And do they get hacked if they fix the breach and uninstall the mod?

Because this is the way I read their claims:
  1. their vb forum was using this mod @v4.0.2
  2. the forum was breached
  3. they read it may be the mod at fault
  4. they regain/clean their server/forums (one assumes!)
  5. they install the "fixed" 4.0.3 mod
  6. shortly after (minutes/hours?) they are hacked again
  7. they still blame the mod.
To them I say redo step 4 and then disable/uninstall the mod.
See if you get hacked again.
Yes? ==> Most likely not the mod.
No? ==> Hmmmmm.... ==> Enable/install the mod and now see.

(Unless their server is still compromised because it wasn't "cleaned" properly.)
Good point!
Reply With Quote
  #324  
Old 05-05-2011, 01:47 PM
RCKSTR RCKSTR is offline
 
Join Date: Jun 2010
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here is what I found. This may not be a complete list and I encourage others to chime in if I missed anything:

I have removed the following malicious files:

Quote:
[******@gator**** /home/**********/public_html]# stat forums/includes/xml/vba.php
File: `forums/includes/xml/vba.php'
Size: 257983 Blocks: 512 IO Block: 4096 regular file
Device: 807h/2055d Inode: 38740597 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 837/ *****) Gid: ( 837/ ******)
Access: 2011-05-04 17:44:26.000000000 -0500
Modify: 2011-05-04 18:39:39.000000000 -0500
Change: 2011-05-04 18:39:39.000000000 -0500
[*****@gator******* /home/******/public_html]# stat forums/includes/vba.php
File: `forums/includes/vba.php'
Size: 257983 Blocks: 512 IO Block: 4096 regular file
Device: 807h/2055d Inode: 33064053 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 837/ subaru) Gid: ( 837/ subaru)
Access: 2011-05-04 17:44:26.000000000 -0500
Modify: 2011-05-04 18:39:39.000000000 -0500
Change: 2011-05-04 18:39:39.000000000 -0500
Reply With Quote
  #325  
Old 05-05-2011, 02:11 PM
Valter Valter is offline
 
Join Date: Aug 2005
Location: Sarajevo
Posts: 2,432
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hacked by Team Animus?

Please read this thread:
https://vborg.vbsupport.ru/showthread.php?t=263202
Reply With Quote
  #326  
Old 05-05-2011, 05:50 PM
haytham's Avatar
haytham haytham is offline
 
Join Date: Jan 2003
Location: USA-Egypt-UAE
Posts: 510
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Valter View Post
v4.0.3 - May 04. 2011.
-Security bug fixed

To update:
-Import XML, allow overwrite


If your site has been hacked please check out this post:
http://www.vbulletin.com/forum/showt...15#post2154415
Unfortunately, I did just that and allowed over write. Lost all my rules and now if I click on the rules link, it takes me to FAQs about smileys!
Reply With Quote
  #327  
Old 05-05-2011, 06:06 PM
Langaleer Langaleer is offline
 
Join Date: Apr 2006
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TaBsiCore View Post
Is the bug now definitely fixed? Or did the second hack happened over the installed backdoor? The current situation is a bit confusing.
Its definately not fixed. I had the email from vBulletin to say a plugin I had (this one) had an exploit and was in quarantine. I never had a hack before, and when I looked at the thread linked earlier, it was stated the vulnerability was resolved and to download the latest version.
This I did, and then my forum was hacked in a short while after (maybe 15ish minutes?).

Now considering I hadn't been hacked on the previous version, then I upgrade to the latest version, resulting in the issue that other people have posted - I'd definately point my finger to this!
Reply With Quote
  #328  
Old 05-06-2011, 12:53 AM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Langaleer View Post
Its definately not fixed. I had the email from vBulletin to say a plugin I had (this one) had an exploit and was in quarantine. I never had a hack before, and when I looked at the thread linked earlier, it was stated the vulnerability was resolved and to download the latest version.
This I did, and then my forum was hacked in a short while after (maybe 15ish minutes?).

Now considering I hadn't been hacked on the previous version, then I upgrade to the latest version, resulting in the issue that other people have posted - I'd definately point my finger to this!
You may be right, but it is also possible that the hack attempt was already in progress before you upgraded to the latest version. So the hacker was already in. And he continued the hacking after you upgraded, because your system was already infected. 15 minutes is quite a short time frame.

I would go through the procedure that Valter posted to get your site in order. After that you can always decide whether or not you want to activate this addon or not.
Reply With Quote
  #329  
Old 05-06-2011, 07:49 AM
Valter Valter is offline
 
Join Date: Aug 2005
Location: Sarajevo
Posts: 2,432
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

v4.0.4 - May 06. 2011.
-Fixed: vbseo users not able to switch rules

To update:
-Import XML, allow overwrite
Reply With Quote
  #330  
Old 05-07-2011, 08:01 PM
TheKdd TheKdd is offline
 
Join Date: Oct 2008
Posts: 55
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by haytham View Post
Unfortunately, I did just that and allowed over write. Lost all my rules and now if I click on the rules link, it takes me to FAQs about smileys!
I have the same thing going on. I disabled the hack, and now new registered members are receiving their confirmation e-mail sending them to the smilies page. Did you figure out how to fix this?
Reply With Quote
  #331  
Old 05-08-2011, 10:21 AM
haytham's Avatar
haytham haytham is offline
 
Join Date: Jan 2003
Location: USA-Egypt-UAE
Posts: 510
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No. I had to uninstall all plugins because my host was having issues and I was trying to find if my products were the reason..any way long story short..I had to uninstall it..but I am sure on my new host, I'll install it again.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:44 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05987 seconds
  • Memory Usage 2,340KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete