Strange things at VB.com

Status
Not open for further replies.
I can go to youtube and they work. But I can't view a video on another website, such as here, or my own.
Because when you go to YouTube directly on your iPad/iPod your device type is likely being detected and the display method being used to show the videos is likely h.264 instead of using a Flash SWF object.

I suspect that if XF used the iframe method for embedding videos then it would work on your iPad as well (http://apiblog.youtube.com/2010/07/new-way-to-embed-youtube-videos.html). I maintain a strict "No Apple products!" household so somebody else would need to test & verify. :p

EDIT: I should mention... Safari also has some weird mumbo-jumbo code in it for detecting YouTube links and displaying them using the YouTube app on the device instead of the usual embed methods.
 
I suspect that if XF used the iframe method for embedding videos then it would work on your iPad as well
Which is exactly why I use the iframe embed code on my site :)

Code:
<iframe class="youtube-player" type="text/html" width="640" height="390" src="http://www.youtube.com/embed/{$id}?wmode=opaque" frameborder="0"></iframe>
 
Which is exactly why I use the iframe embed code on my site :)

Code:
<iframe class="youtube-player" type="text/html" width="640" height="390" src="http://www.youtube.com/embed/{$id}?wmode=opaque" frameborder="0"></iframe>
How and where do you use this?
 
In the BB Code Media Sites - replace the existing YouTube code in the Embed HTML field.
 
How and where do you use this?

Whack it on an html page and you have your very own beginnings of a Justin Bieber song book :) It's straight web page code, but check the actual vids before putting the code up as there's the odd stoopid thing on youtube.
 
If you take a trip over to vB.com and view the profile of their VP of technology you will find a photograph in his "iPhone Album" of a white board with SECRETS clearly displayed :D:ROFLMAO:

We ought to grab a copy of that for the XF lawyers ... (y)
 
Here's some more strange stuff for you. If you run any vB 3.8 site, with the CYB Rules add-on, your site might have been compromised:

http://www.vbulletin.com/forum/showthread.php/379072-Site-hacked-can-someone-please-help

Here's instructions on how to go about getting rid of the infection, courtesy of vB user vktechnology:

http://www.vbulletin.com/forum/show...-please-help?p=2154415&viewfull=1#post2154415

Code:
[B]1) Search for new update file and delete it[/B]
 go to your root forum
 
 and run this command to fine new update file
 login as shell
 
 find . -mtime -1 -print
 
 (-1 is day of update file)
 
 you might see this file and delete it
 
 index.php
 index.html
 admincp/index.php
 admincp/index.html
 modcp/index.php
 modcp/index.html
 
 and delete unknow files
 
 and Upload load original files you just delete it
 
 
 [B]2)reset admin login to admin cp[/B]
 
 upload tools.php to admincp
 and reset admin login
 
 [B]3)login to admincp and disable Cyb rules [/B]and install new version do not foget to over write it
 
 [B]4)Go to phpmyadmin[/B]
 go to Table: user 
 
 4.1delete everything in this field = usertitle
 UPDATE user SET usertitle = ''
 
 4.2update this field customtitle =0
 UPDATE user SET customtitle = '0' where customtitle = '1'
 
 4.3. deelte user id that over '13371337'
 
 4.4 Table: user > AUTO_INCREMENT set number to you real latest user
 
 [B]5)Go to admincp > user group > adminstrators[/B]
 Delete user that you didn't add
 
 [B]6) admincp > update counter > update user title[/B]
 this step you will get users title back
 [B]
 7) turn on board[/B]
 
 ---all done ---

Working on my board as we speak. Screw this, though. I'm moving that board to XF ASAP.
 
Here's some more strange stuff for you. If you run any vB 3.8 site, with the CYB Rules add-on, your site might have been compromised:

http://www.vbulletin.com/forum/showthread.php/379072-Site-hacked-can-someone-please-help

Here's instructions on how to go about getting rid of the infection, courtesy of vB user vktechnology:

http://www.vbulletin.com/forum/show...-please-help?p=2154415&viewfull=1#post2154415

Code:
[B]1) Search for new update file and delete it[/B]
go to your root forum

and run this command to fine new update file
login as shell

find . -mtime -1 -print

(-1 is day of update file)

you might see this file and delete it

index.php
index.html
admincp/index.php
admincp/index.html
modcp/index.php
modcp/index.html

and delete unknow files

and Upload load original files you just delete it
 
[B]2)reset admin login to admin cp[/B]

upload tools.php to admincp
and reset admin login

[B]3)login to admincp and disable Cyb rules [/B]and install new version do not foget to over write it

[B]4)Go to phpmyadmin[/B]
go to Table: user

4.1delete everything in this field = usertitle
UPDATE user SET usertitle = ''

4.2update this field customtitle =0
UPDATE user SET customtitle = '0' where customtitle = '1'

4.3. deelte user id that over '13371337'

4.4 Table: user > AUTO_INCREMENT set number to you real latest user

[B]5)Go to admincp > user group > adminstrators[/B]
Delete user that you didn't add

[B]6) admincp > update counter > update user title[/B]
this step you will get users title back
[B]
7) turn on board[/B]

---all done ---

Working on my board as we speak. Screw this, though. I'm moving that board to XF ASAP.
This happened to a forum my friend works for yesterday.

Hopefully its the deciding factor in using XF.
 
Why would a 3rd party add-on having an exploit be the deciding factor?
Exactly. Anyone who installs mods and hacks without doing a code audit will most likely be hacked sooner or later and I cannot say I would feel sorry for them. Playing with things you don't fully understand can be dangerous and I often wonder why people do this and then complain when something goes wrong. Would the same people fix their gas operating water heating device without having the necessary knowledge and then complain when the thing blows up their houses?

Many of these mods are written by amateurs and I've seen mods where you can tell they are likely to cause security issues after reading the first 5 lines of the code.

These are the bloody facts and it doesn't matter which forum software you run - it can happen with any software.

This hack is just another example of what can happen when a developer violates the most important and basic rule of designing client-server applications: Don't trust the client. Ever. Fail to verify and sanitize input that comes from the client and someone will exploit it. Guaranteed.
 
Why would a 3rd party add-on having an exploit be the deciding factor?
They were in the process of considering whether or not to stay with vB3, upgrade to vB4, or to switch to XF or IPB.

This was just one of the deciding factors because they've seen vBulletin go down hill (mods being abandoned for example), and they can't be sure of their future with the platform now.

Exactly. Anyone who installs mods and hacks without doing a code audit will most likely be hacked sooner or later and I cannot say I would feel sorry for them. Playing with things you don't fully understand can be dangerous and I often wonder why people do this and then complain when something goes wrong. Would the same people fix their gas operating water heating device without having the necessary knowledge and then complain when the thing blows up their houses?

Many of these mods are written by amateurs and I've seen mods where you can tell they are likely to cause security issues after reading the first 5 lines of the code.

These are the bloody facts and it doesn't matter which forum software you run - it can happen with any software.

This hack is just another example of what can happen when a developer violates the most important and basic rule of designing client-server applications: Don't trust the client. Ever. Fail to verify and sanitize input that comes from the client and someone will exploit it. Guaranteed.

A lot of administrators aren't capable of doing code audits, and most wouldn't think of doing it in the first place.
 
Why would a 3rd party add-on having an exploit be the deciding factor?

Yep. This could happen to XenForo too.

I think Digitalpoint once said that they write all their add-ons for their site themselves. No third-party add-ons there. :eek:
 
This was just one of the deciding factors because they've seen vBulletin go down hill (mods being abandoned for example), and they can't be sure of their future with the platform now.

An update for that particular mod came out within a day or so. Definitely not abandoned.
 
Yep. This could happen to XenForo too.

I think Digitalpoint once said that they write all their add-ons on their site themselves. No third-party add-ons there. :eek:
Me too:)

Only add-ons coded by me, or add-ons with an big code review are installed on my boards..
That's why i have/had to write add-ons for vBulletin3, vBulletin4, mybb & ipb for my boards...

1. so i get the best performance
2. and i can find at least the small security issues and fix them or choose to not install the add-on^^
 
Status
Not open for further replies.
Top Bottom