Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #51  
Old 03-04-2008, 08:42 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by magnus View Post
To what degree? Have I suffered data loss due to an exploit? No, never.

Regardless, what does this have to do with the issue at hand? The current state of security of my own personal sites has nothing to do with a public discussion/repository for security related topics. If any of my sites are compromised, I can immediately reference my logs, find out what happened, and either patch the exploit or take it offline for further review.

Could you say the same?

My point being, a vBulletin-focused security discussion isn't inherently a bad thing -- but it's not going to accomplish what many think it will. If you want to keep up to date on security issues, subscribe to Bugtraq. Consider getting a basic grasp of PHP, so you can skim through the multitude of hacks before installing to look for basic security risks -- such as unsanitized inputs. Be proactive.
I think you're missing the point of this whole debate. First, you as an experienced Admin could obviously take care of it if it happened to you. But there are those out there that have no clue what to look for or how to fix it if it does happen to them. Have you noticed how many "I've been hacked! Help!" threads have been popping up lately? And all from Admins that are either new to the being-hacked arena or inexperienced in the process of running a vb site. That doesn't make them any less deserving than you or I, and yes, even iogames (although, that is debatable). I get fed up hearing "then you shouldn't be running a site if you don't know who to fix it" statements. How many of us were born with the knowledge to run a site? I sure as hell wasn't. And neither was anyone else. It is a learning process and vbulletin.org is the school.

An area like we are discussing it a great idea for reference if nothing else. If gives a user a place to go to hear others stories about how they were hacked and what it took to fix it or stop it, or whatever. Something like this would be invaluable to a new Admin. I wish they had had something like this around when I was first starting out.
  #52  
Old 03-04-2008, 08:48 PM
iogames's Avatar
iogames iogames is offline
 
Join Date: Jan 2007
Location: Las Vegas, NV.
Posts: 1,433
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
I think you're missing the point of this whole debate. First, you as an experienced Admin could obviously take care of it if it happened to you. But there are those out there that have no clue what to look for or how to fix it if it does happen to them. Have you noticed how many "I've been hacked! Help!" threads have been popping up lately? And all from Admins that are either new to the being-hacked arena or inexperienced in the process of running a vb site. That doesn't make them any less deserving than you or I, and yes, even iogames (although, that is debatable). I get fed up hearing "then you shouldn't be running a site if you don't know who to fix it" statements. How many of us were born with the knowledge to run a site? I sure as hell wasn't. And neither was anyone else. It is a learning process and vbulletin.org is the school.

An area like we are discussing it a great idea for reference if nothing else. If gives a user a place to go to hear others stories about how they were hacked and what it took to fix it or stop it, or whatever. Something like this would be invaluable to a new Admin. I wish they had had something like this around when I was first starting out.
I'm glad to have you back! [sob,sob,sniff]
  #53  
Old 03-04-2008, 09:06 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I guess I just snapped there for a second with all the "why don't the newbies know as much as I do" stuff. That is a very sore point with me. We all were newbies at one time or another and didn't know squat about vb. We can learn here but not pass on what we have learned along the way? Sounds like crap to me.
  #54  
Old 03-04-2008, 09:14 PM
tazzarkin tazzarkin is offline
 
Join Date: Nov 2007
Posts: 137
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

On the 1st page, some guy mentioned that the more you bring attention to it, the more it encourages hackers.

Maybe someone should make a Security Mod that will trace will mods are most likely to be hacked or what parts of the site have open ports, what files have recently been changed, etc. Sort of like a spysweeper/virus checker.

Then instead of talking about hacking, you focus on the security more.
  #55  
Old 03-04-2008, 09:57 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by tazzarkin View Post
On the 1st page, some guy mentioned that the more you bring attention to it, the more it encourages hackers.

Maybe someone should make a Security Mod that will trace will mods are most likely to be hacked or what parts of the site have open ports, what files have recently been changed, etc. Sort of like a spysweeper/virus checker.

Then instead of talking about hacking, you focus on the security more.
I agree with the use of the word Security over hacking. Security can cover a lot of areas, including being hacked.
  #56  
Old 03-04-2008, 10:05 PM
DrewM DrewM is offline
 
Join Date: Oct 2005
Posts: 564
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just a side note in hope of getting this thread to "calm" a little bit I have posted an idea here: https://vborg.vbsupport.ru/showthread.php?t=172019
  #57  
Old 03-04-2008, 10:12 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Larrysw View Post
Just a side note in hope of getting this thread to "calm" a little bit I have posted an idea here: https://vborg.vbsupport.ru/showthread.php?t=172019
When you start mentioning paid hacks in the same breath as a free security area, looks like a bait-and-switch to me. I want no part of it.
  #58  
Old 03-05-2008, 01:53 AM
SEOvB's Avatar
SEOvB SEOvB is offline
 
Join Date: May 2007
Location: Indianapolis
Posts: 2,451
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Me either, and on a side note, i'm amazed this has made 4 pages, of well...really not much of anything. And this post isn't helping anything!
  #59  
Old 03-05-2008, 02:14 AM
nexialys
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by tazzarkin View Post
On the 1st page, some guy mentioned that the more you bring attention to it, the more it encourages hackers.
thanks to not mention my name... lol

actually, the goal to have a "Quarantine" place where to put the mods with inserts or security issues is one of the reasons why hacking mods may not be discussed here... when you announce that the hack XYZ have an exploit ABC, that is the way to break all the securities... you just need one moron to ask "hey, i have that hack and that version on my site, what can i do to secure my site"... 30 seconds after that post, someone would exploit his site...

that's why the guys on vb.org are NEVER discussing exploits of any hack here... neither would Jelsoft on vb.com ... so why start a place for the opposite means ?!
  #60  
Old 03-05-2008, 02:47 AM
iogames's Avatar
iogames iogames is offline
 
Join Date: Jan 2007
Location: Las Vegas, NV.
Posts: 1,433
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by nexialys View Post
thanks to not mention my name... lol

actually, the goal to have a "Quarantine" place where to put the mods with inserts or security issues is one of the reasons why hacking mods may not be discussed here... when you announce that the hack XYZ have an exploit ABC, that is the way to break all the securities... you just need one moron to ask "hey, i have that hack and that version on my site, what can i do to secure my site"... 30 seconds after that post, someone would exploit his site...

that's why the guys on vb.org are NEVER discussing exploits of any hack here... neither would Jelsoft on vb.com ... so why start a place for the opposite means ?!
'Theorically' [sighs]

Is like NOT TEACHING Cops how to evaluate a crime, is like NOT TEACHING Doctors how to prevent diseases...

When an exploit is announced 95% of users will run to solve the problem, reducing the risk, just a few will commit the mistake that you mentioned above...
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:40 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.11043 seconds
  • Memory Usage 2,281KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (6)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (9)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete