Sending of Hacks to the Graveyard

[Clayton]

Hi there, has there been a sudden surge of attacks that a number of hacks have been sent to the graveyard, please?

this is the notice in the email

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This modification currently contains a vulnerability. It is recommended you uninstall it until further notice.
- vBulletin.org Staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

this reason has been given for a number of hacks
is there a place where we can get further feedback on this, because certain hacks are an integral part of the various sites that have these hacks, please?

Thank you in advance

[AScherff]

Yes please - the same...

can not find a reason nor solution than uninstall...

[da420]

Quote:

Originally Posted by AScherff

Yes please - the same...

can not find a reason nor solution than uninstall...

My suggestion if it's something you need on your forum either wait for the author to update it fixing the vulnerability, fix it yourself, or hire someone to fix it.

[Clayton]

If we could have a little further feedback regarding the problems, such as the attacks that these hacks have been receiving, then we know a little more.

currently it seems as though this has been a blanket reason/approach given for a number of hacks, is this true?

is it a coincidence that this has taken pace, after

1 .. Jelsoft takeover and 2. new sheriffs in town ?

As a user of a number of hacks on a number of forums developed, it would be appreciated that an impression is not being created that the vulnerabilities have occurred due to the 2 points mentioned and questioned above

whereas we may not want to publicly display the vulnerabilities etc, it would also go a long way in reassuring users that what has taken place is not because of over zealous new Mods etc?

or so as not to start a conspiracy theory .. that this is not a policy to prepare users for the new Add-ons that vbulletin.com will be releasing in the future, so kill off any opposition in good old Microsoft style. This is not the case, right?

in mentioning this you can see our concern as users

[Marco van Herwaarden]

No, we will not be giving out the details of the exploit to anyone other then the author of the modification. This is to protect those that still have such a modification installed.

Your insinuations really don't make sense. Because Jelsoft was acquired and we have a few new staff members, there suddenly are vulnerable modifications?? Either a modification is vulnerable or not, no company take-over or new staff can change that.

There have been a large number of (valid) reports by members on vulnerable modifications lately, once reported staff will investigate and if correct take actions. That is all that is to it.

[MaryTheG(r)eek]

Just some questions to Moderators:

1. I bought my first vB licence at Oct 2003. Since then, there are lots of patches for vulnerabilities in vBulletin itself. Why I never got a similar type of email saying "....uninstall vBulletin till future notice"? And why I never informed as client at the time that the vulnerability found, but only when you had ready the patch?
2. Do you count as fair to inform members (now I'm talking for mods) who have installed it by email (faster) and the author by ...PM?? What should happen if the author has to visit your site for days?

That's for the history. Could you please remove my other mods too?

Thank you
Maria Avlatzi
Loutron 41
57200 Lagadas
Tel +30-23940-20117
Greece
Just to avoid sayings that I'm talking in anonymous mode.

[Clayton]

Hi Marco

this is certainly not a case of insinuations, it has a great deal to do with someone using a product which is related to work and clients. This is not a game for some of us but a livelihood

when all of a sudden certain things start occurring we as users of hacks need to be a reassured that what is taking place does not coincide with the 2 points mentioned, maybe I should have placed question marks (will edit post) as then it is a question and will not be seen as an insinuation which obviously has negative connotations attached to it

Thank you

[MaryTheG(r)eek]

Quote:

Originally Posted by Clayton

Hi Marco

this is certainly not a case of insinuations, it has a great deal to do with someone using a product which is related to work and clients. This is not a game for some of us but a livelihood

when all of a sudden certain things start occurring we as users of hacks need to be a reassured that what is taking place does not coincide with the 2 points mentioned, maybe I should have placed question marks (will edit post) as then it is a question and will not be seen as an insinuation which obviously has negative connotations attached to it

Thank you

I think that I've put questionmarks. Also at the top I'm talking about "questions". Or I misunderstood you post??

[Clayton]

Yes, these are concerned questions put to the community and vBulletin.org

I have seen the forums go through many swings and changes over the years

[Marco van Herwaarden]

@MicroHellas

1. vB.org staff does not have control over the procedures used when a vulnerability is found in vBulletin itself. If you want to discuss the Jelsoft procedures, then please post it as a suggestion at vbulletin.com.

2. With our current procedures we will inform both the users that have installed a modification and the author at the same time if the vulnerability found is serious. The reason members are notified by email and the author by PM is merely using the tools we have available. The author is also informed on the details of the vulnerability found. We have no way of knowing if an author will read his email faster then a PM, and he/she could have email notifications of a PM. Also the author could have disabled Email as contact method, so the best way to contact them (that will always work) is by PM.

We are however at this time prepairing new procedures making it easier to communicate with the author when a vulnerability is found.

Also please note the even though we are a community that is build upon the input of many coders, if a vulnerability is found our primary goal is to protect the members.