YaBB 2.6 Forum - Suggestion for 2.6.2

(UTC)

YaBB 2.6 Forum › General Category › General Board › Suggestion for 2.6.2

‹ Previous Topic | Next Topic ›

Page Index Toggle

Pages: 1

Hot Topic (More than 10 Replies)

Suggestion for 2.6.2 (Read 19458 times)

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #10 - Sep 12^th, 2014 at 3:48pm	Print Post
	Dandello wrote on Sep 12^th, 2014 at 3:46pm: The 'Optional bday' mod would be good as well - I suspect most forums don't need mandatory birthdates. I want that in 2.6.2


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #9 - Sep 12^th, 2014 at 3:46pm	Print Post
	Back on topic - I think Carsten's Ex-Member Mod would be a good addition to 2.6.2. I have an updated version of it but still haven't heard back from Carsten as to whether or not we have permission to update/distribute his mods. (His copyright info explicitly states that written permission is required.) I think maybe possibly this one could also be modified to save things like member vars and other ancillary member files so the member could be reinstated if necessary. The 'Optional bday' mod would be good as well - I suspect most forums don't need mandatory birthdates.

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #8 - Sep 7^th, 2014 at 8:19am	Print Post
	They forget that I can understand 13 different languages... No matter what encoding they use for hidden messages, I can decrypt them... lol Thread ID: '1315302929 Result: íå íàøëîñü ôîðìû äëÿ îòïðàâêè' This one looks like garbage, but it's actually Russian message, and says "Couldn't find the form to send"


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #7 - Sep 6^th, 2014 at 10:21pm	Print Post
	Monni wrote on Sep 6^th, 2014 at 9:44pm: I'm out to get them... ...They ran through the briars and they ran through the brambles and they ran through the bushes where a rabbit couldn't go. They ran so fast that the hounds couldn't catch 'em... (It's from an American folk song... )

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #6 - Sep 6^th, 2014 at 9:44pm	Print Post
	I'm out to get them... Just like when write Mandarin Chinese with some of my friends who are too lazy to keep in touch with me... One sure way to get their attention...


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #5 - Sep 6^th, 2014 at 9:26pm	Print Post
	Is it paranoia when they really are out to get you?

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #4 - Sep 6^th, 2014 at 9:15pm	Print Post
	Maybe it's just me following too closely the error logs for forum of one of my clients, but I've noticed several cracking attempts per day... So far all have failed, but they're clearly collecting valid file name and path patterns so they can find vulnerable software. I've added stub error pages in Apache so that minimal information is returned on failed requests.


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #3 - Sep 6^th, 2014 at 9:09pm	Print Post
	Made the changes and uploaded it here for testing. I have no idea why those error calls were changed since obviously we don't want to give the crackers any more information than we absolutely have to.

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #2 - Sep 6^th, 2014 at 8:51pm	Print Post
	Something like this: Code --- C:/Users/Mika/AppData/Local/Temp/Security.pm-revBASE.svn000.tmp.pm Tue Sep 02 07:28:23 2014 +++ C:/build/yabb/trunk/cgi-bin/yabb2/Sources/Security.pm Sat Sep 06 23:50:09 2014 @@ -53,13 +53,13 @@ if ( !-e "$datadir/$curnum.txt" ) { if ( eval { require Variables::Movedthreads; 1 } ) { if ( !$moved_file{$curnum} ) { - fatal_error( 'not_found', "$datadir/$curnum.txt" ); + fatal_error( 'no_topic_found', $curnum ); } while ( exists $moved_file{$curnum} ) { $curnum = $moved_file{$curnum}; next if exists $moved_file{$curnum}; if ( !-e "$datadir/$curnum.txt" ) { - fatal_error( 'not_found', "$datadir/$curnum.txt" ); + fatal_error( 'no_topic_found', $curnum ); } } $INFO{'num'} = $INFO{'thread'} = $FORM{'threadid'} = $curnum; @@ -130,7 +130,7 @@ } fopen( BOARDFILE, "$boardsdir/$currentboard.txt" ) - or fatal_error( 'not_found', "$boardsdir/$currentboard.txt", 1 ); + or fatal_error( 'no_board_found', $currentboard, 1 ); while ( $yyThreadLine = <BOARDFILE> ) { if ( $yyThreadLine =~ m{\A$curnum\\|}oxsm ) { last; } }


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: Suggestion for 2.6.2 Reply #1 - Sep 6^th, 2014 at 8:43pm	Print Post
	Good idea.

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Suggestion for 2.6.2 Sep 6^th, 2014 at 8:30pm	Print Post
	As error "not_found" is shown for guests, I think it would be best to split as "no_topic_found" and "no_board_found", so we wouldn't need to display paths to the files or file names to guests... This makes it harder for crackers to inject malicious files using vulnerabilities on other software installed on same user account. The messages actually already exist in my language files...
	« Last Edit: Sep 6^th, 2014 at 9:45pm by Monni »

	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Page Index Toggle

Pages: 1

‹ Previous Topic | Next Topic ›

« Board Index ‹ Board Top

Top

YaBB 2.6 Forum » Powered by YaBB 2.6.12!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid XHTML

Valid CSS

Powered by Perl

Source Forge