Discussion in 'Off Topic' started by mrGTB, May 10, 2011.
Read then link: http://www.vbulletin.com/forum/show...-please-help?p=2155343&viewfull=1#post2155343
I presume that you are joking. But even in jest such a thread title on a different company's forums for problems of a rival should not be made.
That's pretty stupid. I can't believe someone actually posted that.
Oh wait, what am I saying.......
best response here
It's weird, but I suppose that whole thread shows how many people never realised that an addon could be exploited. They were all blaming the VB software until a few users made a link to that cyb advanced forum rules mod.
I got caught out the hard way with keeping my scripts and stuff up to date - we use Podcast Generator as part of our site, and an exploit was found in that software that allowed privilege escalation. Someone used it to quietly hijack my server, I only noticed when I saw extra IRC sessions opening up and an increase in bandwidth use. Luckily I knew my way around linux well enough to work out what they'd done, how they'd got in, and to close the hole.
Ever since then I've subscribed to update mailing lists for everything I run on a box exposed to the net, and I make a habit out of checking the author's websites on a regular basis to confirm I'm running the most recent version and there's no issues with it. I only install third-party addons for my sites where there is no alternative.
A daily running backup of my SQL databases (with the last 5 backups archived) to another box is also worth doing, in case someone does manage to get onto our box with a 0-day exploit...
CBY wasn't your average run of the mill mod releaser, he was well respected as being one the best at vB.org and why so many used his mods that's resulted in many forums getting hacked. Anyone can make a mistake and that seems to be what's happened here, but it went unnoticed for 4 years Paul.M pointed out.
Prime example also of why you should be very wary about using 3rd Party mods
It takes hard-work to build a good reputation, but only a few seconds to destroy it.
I wish Cyb (Valter) the best.
That was me.
It's a post by an idiot who has spent way too long reading conspiracy theories ... or it could be the Vice President of Silly Statements for IB, who would know with this interweb thing.
And this incident just goes to illustrate the point of why people prefer for the main developers to release stuff and not reley on add ons, which some people seem to think is better over here like in the cms thread etc.
Yes because exploits just as bad never happen to them, only to 3rd party developers.
It really does suck when that happens, but the best you can do is either roll back before the exploit and remove the mod, attempt to fix it, or get a patch from the developer.
I think it's the dreaded "this is unsupported, please go ask someone else" written off attitude is what was a bit disturbing. The impression I got was that it was most definitely not vBulletin's fault because you have third-party mods installed and since you have those, it must be the fault of those mods.
That impression somewhat wasn't what I'd like as it would have been nice to for some validation to occur before making such claims. Imagine if it was not the mods but indeed the application itself. Talk about "Open mouth, insert foot".
Disclaimer: It was an impression, not necessary what was the outcome. There could have very well been developers who looked it over and concluded it was a third-party mod
I believe phpBB users might point to a certain issue with that product a couple of years ago that had nothing to do with 3rd party developers. Note the forum companies have a tendency to blame modders, skinners, and about anyone else for issues, without first checking what might actually be causing the issue. At least that was how another company approached things.
Pleased to note xenForo aren't jumping on this approach
Or secure your site with something like http://phpids.org/ which will catch *most* common attacks.
Another infamous thread by the dubious MrGTB.
I have not read the whole thread, or the link, or any posts, nor do I care who made the post and who made the threads or whatever.. but meh. **** it. here is what I have to say:
look, another thread about vbulletin.com on xenforo.com.
Why don't we just keep the two sites separate? Life would be a whole lot nicer, simpler, and easier. You're on XenForo now, enjoy the non buggy ride.
This thread is now going in an unsurprising direction, isn't it?
Separate names with a comma.