Copyright Footer Modification

[frm]

I suggest making the copyright footer something along the lines of Software by Xenforo or Powered by Xenforo.

As the copyright is now, Forum software by XenForo® © 2010-2020 XenForo Ltd., I could argue that it is too long and too big, quite possibly taking 2 lines on some mobile viewports. However, my main argument is scraping and security vulnerabilities. If the copyright isn't until 2020 (such as with 1.5 instances or, soon to be 2.2 with 2021 [HOPEFYLLY APPROACHING] soon), it somewhat reveals what platform a site is running.

With this information, black hatters can generate a list of XF installs on various versions a lot easier than picking through source code and seeing differences (as that may not even be a tell-all with different styles).

I would suggest the above two, and possibly even an xF favicon placed before the new text as well as being more prominent (as it's losing some real-estate being so long with the company name and copyright) with a larger font or even bold, centering it would put more focus on the eye as well, instead of being read LTR.

This is how WordPress was (I haven't touched it in a minute so don't know if they still put it on there).

I know that competitors add the company/copyright, but don't see any reasoning behind it. It can be beautified and still allow people to know that the forum is by Xenforo. Maybe some staff can clarify the reason behind this? Perhaps add it in the alt/title attribute instead?

Suggested Examples:

• Software by Xenforo
• Software by Xenforo
• Software by Xenforo
• Software by Xenforo
• Powered by Xenforo
• Powered by Xenforo
• Powered by Xenforo
• Powered by Xenforo

I believe many of these stick out like a sore thumb and would still do the job.

Thanks for listening and/or answering why the copyright/company needs to be in there (as the company name is redundant to the software itself too), which could look something like this instead:

Forum Software by Xenforo Ltd.

 

[webbouk]

What if the site uses several software from different sources?
The current notice is specific to the forum software

 

[frm]

What if the site uses several software from different sources?
The current notice is specific to the forum software

Then it would be up to those developers to keep the same long (and off-putting) copyright notices attached to it or to slim it down to "Add ons by XYZ" or "Style by ABC" as that is a 3rd party issue at that time.

 

[webbouk]

But that's not what you are asking.

 

[frm]

But that's not what you are asking.

Yes I am.

I'm suggesting XF modify their copyright footer from Forum software by XenForo® © 2010-2020 XenForo Ltd. to one of the provided examples below for both security reasons and a better UI at the footer (imagine being clumped up with 5 copyright footers, all with add on name, copyright, and company name).

Again, seen below:

Suggested Examples:

• Software by Xenforo
• Software by Xenforo
• 
  Software by Xenforo
• 
  Software by Xenforo
• Powered by Xenforo
• Powered by Xenforo
• 
  Powered by Xenforo
• 
  Powered by Xenforo

I believe many of these stick out like a sore thumb and would still do the job.

Thanks for listening and/or answering why the copyright/company needs to be in there (as the company name is redundant to the software itself too), which could look something like this instead:

Forum Software by Xenforo Ltd.

This is essentially XF following in the footsteps of WordPress and breaking away how competitors mark their 'branded' software.

I wouldn't mind if the font is larger or even bold, even with the favicon to stand out more, as security aside, it's more eye-appealing shown like that.

 

[Mr Lucky]

Wordpress:



The main issue I see is that the date could be important to any legal action in regard to the intellectual property. Don't ask me for specifics, but it is always standard practice to cite the date on a copyright.

 

[Mendalla]

Wordpress:

View attachment 234643

The main issue I see is that the date could be important to any legal action in regard to the intellectual property. Don't ask me for specifics, but it is always standard practice to cite the date on a copyright.

Because copyright does have a date. It isn't retroactive, for instance. And it does expire if not maintained (e.g. copyright for authors expires either 50 or 70 years post-mortem depending on what country you are in). I do not really see any issues with how Xenforo does it. The security one, in particular, makes no sense. People trolling the Internet for particular software can identify it in many ways, not just the copyright mark.

So I am happy with it as is and anyone who doesn't like it has the option of buying branding removal.

 

[frm]

The main issue I see is that the date could be important to any legal action in regard to the intellectual property. Don't ask me for specifics, but it is always standard practice to cite the date on a copyright.

Do end-users need to see this date or would it suffice in the ACP?

 

[frm]

People trolling the Internet for particular software can identify it in many ways, not just the copyright mark.

If you search G for Forum software by XenForo 2010-2018 XenForo Ltd., you will find unsupported EOL software. You may even change it to 2020 (in 2021) and see all those still running 2.1. And, search 2021 to see all those on XF 2.2.

If they aren't using the default style, it makes it a bit harder to see which version they are using. However, the copyright date is a dead giveaway.

Say someone finds an exploit in 2.1 and immediately scrapes all sites copyrighted -2020 to pound them one by one before XF can patch it, if it's not EOL. Then what?

Removing the date is somewhat more secure than displaying the date as the source code needs to be examined to see otherwise.

 

[Mr Lucky]

Do end-users need to see this date or would it suffice in the ACP?

A copyright exists in a the software as soon as it is published (as with other "works") so strictly speaking it is not necessary. However I think legal precendents have shown that in spite of that, any kind of legal action is easier to emforce if the notice is showing to the public, ie any potential infringers.

• For example I could release an album and not put a copyright notice on it.
• Somebody then steals my tunes.
• I sue them
• In court they plead "How was I to know it was copyright?"

You will often see some copyright notices going further and explianing (even though they don't technically have to)

"ALL RIGHTS OF THE OF THE PRODUCER AND OF THE OWNER OF THE WORK REPRODUCED RESERVED. UNAUTHORIZED COPYING, HIRING, LENDING, AND BROADCASTING OF THIS PUBLICATION PROHIBITED."

 

[frm]

I would even think this is better (visually), but disagree with it security-wise (as it has the end date, but, it's still technically under copyright for 70 years in the UK):

This would cover all bases (with 2020 being updated yearly): Forum software by XenForo® © 2020

Its initial copyright is in 2010... and is essentially copyrighted every year they release it (unsure about UK) by just adding 1 letter to any part of the file. Or, you could still put Copyright XXXX (current year) and it should still be under copyright as 70 years will not pass without something breaking. Therefore, all versions will have the same date (if we get to 2090 and someone is illegally running XF 1.5, they can handle it then).

This shows the copyright, registered trademark, and the first or last date it filed for copyright (I'd argue it's always the year until they actually get over the 70-year mark).

The only thing it doesn't show is the start period of 2010, which is a flex. However, a competitor does/did that too... with a start period sooner. They are not first to the market.

I'll end this with a security flaw in vB that is blasted to all which shows dates in an "intext" search (telling you how to find vulnerable sites). Reverse the roles to XF and 2010-2018 to exploit potential 1.5 sites... 2020 for 2.1, and 2021 for 2.2, before patches are made, unless EOL (even security).

vBulletin 4.2.2 Cross Site Scripting - CXSecurity.com

Gray Hat Group has realised a new security note vBulletin 4.2.2 Cross Site Scripting

cxsecurity.com

 

[Paul B]

There are other ways to determine the software version, other than the copyright, so it's a moot point.

 

[frm]

There are other ways to determine the software version, other than the copyright, so it's a moot point.

Yes, such as source code. However, not all forums run the same style so it's not entirely moot.

 

[Paul B]

The style is irrelevant - I'm not talking about the visual appearance.

 

[frm]

The style is irrelevant - I'm not talking about the visual appearance.

I'm speaking of the style's source code that can signify a good guess on which version it's running, especially if it's the default theme. A custom style may be harder to determine, but possible. Unless the version is passed in other ways (cookies, headers, etc.), I am failing to see how else a version can be detected with other than the copyright or style's source code.

You may PM me if you wish and don't want to divulge that for security reasons.

 

[frm]

Further, you can definitely tell between 2.2 and 2.1 by just seeing the editor (if post before registration is enabled). So, there is that for when the time comes for 2.1 exploits to be found. I'm sure there are a lot of things in 1.5 that are snap it has to be 1.5, despite this code snap because it has X, Y, and Z.

However, an intext to find the copyright date will prevent most of that.

Security aside, sites are compiled by using Google search techniques with this phrase. Later on, you can expect Xrumer to come back if there is an exploit to bypass spam filters they find... all because of the date.

Grey-hat knowledge: WordPress comment spam was done by Googling "niche topic"+"Powered by WordPress" with the comments spun and posted dozens if not hundreds of times across all these sites (depending on how many times you could spin a great paragraph to stay unique and under the radar).