Excluding Custom Files from Suspect File Diagnostic

Collapse
X
Collapse
  •  

  • Excluding Custom Files from Suspect File Diagnostic

    If you have custom files, you can create an md5 sums for your smilie directory if you want. Inside the /do_not_upload folder of your download package is a checksum sub-folder. That will create custom md5_sums files.
    1. Copy the included sample_checksum_config.php file to smilies_config.php.
    2. Enter in your forum root.
    3. Give it a product id like 'smilies'.
    4. Delete the existing directories and files in the scanpaths.
    5. Add in '/core/images/smilies', under the directories comment.
    6. Run the command php vB5Checksum.phar --config smilies_config.php --out md5_sums_smilies.php
      • Depending on location of the files and server permissions you may need to run this as SUDO.
    7. Move the file to your /core/includes/ directory.


    Here is an example configuration file that I created:
    Code:
    <?php
    
    // Sample config file for creating checksum config.
    // Run  php vB5Checksum.phar --help  for sample usage.
    
    
    //    ****** REQUIRED ******
    
    $forumroot = '/var/www/html/vbulletin5/live';
    $productid = 'smilies';
    /*
    Contents of these directories will be added to the checksum file.
    These paths must be relative to $forumroot above and must be
    inside $forumroot.
    
    Do not use directory traversals (/../) in these paths as they may
    not work as expected and specified files outside of $forumroot
    will not be scanned by the diagnostics tool even if listed in the
    manifest.
    
    These paths may be directories or files.
     */
    $scanpaths = [
    # directories
    'core/images/smilies',
    # single files
    
    # don't do this. It may resolve & add entries to the manifest, but will NOT be scanned
    # '../externalfolder',
    ];
    
    
    //    ****** OPTIONAL ******
    
    /*
    If any of your custom files have a version header like "vBulletin 5.6.0"
    you must specify that version here. If missing, the diagnostic tool may
    show erroneous warnings like
    "File version mismatch: found 5.6.0, expected "
    If your files do not have a version header, you can skip this.
     */
    //$version = '5.6.0';
    This is the file generated:
    Code:
    <?php
    // smilies, 09:45:44, Mon Aug 24th 2020
    $md5_sums = array(
    '/core/images/smilies' => array(
    'biggrin.png' => 'aaabf341165fc64cc86c33aa791fc030',
    'confused.png' => '6a892dc0ccc349c4653a26dcf0f2956b',
    'cool.png' => 'fbfc75e899a2f973db9ec22c02090f39',
    'eek.png' => '0fcb5fd47fb0c8d33dc34fb4d96f5ff6',
    'frown.png' => 'ade3c5116480bd6c8f53bb7bb7acfa4e',
    'index.html' => '68b329da9893e34099c7d8ad5cb9c940',
    'mad.png' => '395f02aa18e8003b672e3d896b9a7d9a',
    'redface.png' => '1404b771355ed12a0b58a3e7e9b13017',
    'rolleyes.png' => '8a7fbb11f2b0b6b0cc45d6edea5150ab',
    'smile.png' => '34fc6dc3ee0c950fd5aafc2cb4e9b695',
    'tongue.png' => '28e5a34cba8989f2c726d6cee85166a5',
    'wink.png' => '5a96cbfc622b34f77f6b5257dd9d300f',
    ),
    );
    $md5_sum_softwareid = 'smilies';
    $md5_sum_versions['smilies'] = '';
    $scanRoot = DIR . '/..';
    ?>
    This article was copied from this discussion.
    Attached Files
    Last edited by Wayne Luke; Thu 29 Sep '22, 9:06am.

    • Craig
      #1
      Craig commented
      Editing a comment
      Does this need to be done with each update/upgrade, or just once?

    • Wayne Luke
      #2
      Wayne Luke commented
      Editing a comment
      You would have to re-run the Checksum script after you add new files to the directory. This particular application shouldn't need to rebuilt on vBulletin Upgrade though.

      An example that would need to be updated after vBulletin upgrades would be creating MD5 files for /core/cache/ if you store CSS and/or Templates as files. Or if you delete the contents of these folders and recreated them for any reason.

      If you built a file for /core/customavatars, you would probably need to update that periodically. Though, I believe there is an improvement request to skip this directory and prompt for manual inspection. Since it should only contain images, it should be easy to find problematic files here.

    • Craig
      #3
      Craig commented
      Editing a comment
      Thanks, Wayne.
    Posting comments is disabled.

About the Author

Collapse

Wayne Luke A curious juxtaposition of nature, technology and sustainability. Find out more about Wayne Luke

Article Tags

Collapse

administration (1) beginner (3) channels (1) cloud (1) connect (1) Custom (1) Google (1) how to (1) howto (1) https (1) Intermediate (2) MYSQL (1) passwords (1) recovery tools (1) security (2) seo (1) sftp (1) ssl (1) ssl certificate (1) style (1) tls (1) tutorial (2) users (1) vb5howto (5) vbcloud (1)

Latest Articles

Collapse

  • Changing your site's favicon
    by Wayne Luke
    The favicon allows you to extend your brand identity to the browser tab. This can often be the only thing a user sees if they have many tabs open. The favicon is a special 16 X 16 icon that the browser automatically looks for in the root directory of your site. vBulletin also ships with one in its root directory. If vBulletin is installed in the root directory of your site, you can overwrite the provided icon to change it for your users. However, you will need to remember to do this with every version...
    Tue 21 Nov '23, 11:39am
  • About .htaccess
    by Wayne Luke
    .htaccess is a configuration file for the Apache Web Server. It allows you to customize how your server works. Depending on how your hosting provider has the server configured, you can redirect people to different locations, secure directories and files, tell browsers how long to cache files, update PHP variables, and more. vBulletin comes with a pretty extensive .htaccess file that does a these things for you. Location vBulletin comes with a file named htaccess.txt in the original download. When ...
    Mon 11 Sep '23, 12:57pm
  • Answered Topics
    by Mark.B
    In vBulletin 5.6.5, we added a new feature - Answered Topics.

    Topics can now be marked as "Answered." This is a special status applied to a specific post within the topic. The post that is marked as the Answer will be highlighted and show directly under the starting post in the topic.

    The ability to mark posts as the Answer in a topic is controlled by permissions. There are three different permissions to control this.
    Usergroup and Channel Permissions both...
    Sun 8 Jan '23, 12:43pm
  • Custom Node Fields
    by Mark.B


    In 5.7.2, we have added a new feature - Custom Node fields.

    This new feature allows Administrators to define text and text area fields that are assigned to channels (eg forums).
    When a user creates a new topic, defined custom node fields will be available.
    1. The Administrator will create Field Categories in the AdminCP. Each category is assigned to one or more channels.
    2. Within each category, the Administrator can create one or more fields that will get assigned
    ...
    Thu 29 Dec '22, 3:19am
  • Using User Ranks
    by Wayne Luke

    User ranks allow the administrator to set up image and HTML rewards for their users once they reach specific goals. In versions before vBulletin Connect 5.7.1, ranks could only be triggered by the number of posts and the usergroups assigned to the user. In vBulletin Connect 5.7.1, User Ranks have been expanded to allow more flexibility in creating individual ranks. Now you can build combinations of different criteria to create unique ranks for your site.

    ‚Äč Ranks can be created using th...
    Tue 25 Oct '22, 1:04pm
  • Excluding Custom Files from Suspect File Diagnostic
    by Wayne Luke
    If you have custom files, you can create an md5 sums for your smilie directory if you want. Inside the /do_not_upload folder of your download package is a checksum sub-folder. That will create custom md5_sums files.
    1. Copy the included sample_checksum_config.php file to smilies_config.php.
    2. Enter in your forum root.
    3. Give it a product id like 'smilies'.
    4. Delete the existing directories and files in the scanpaths.
    5. Add in '/core/images/smilies', under the directories comment.
    6. Run the command
    ...
    Mon 24 Aug '20, 9:48am
Working...
😀
😂
🥰
😘
🤢
😎
😞
😡
👍
👎