Announcement

**Mr_Butter** · Tue 16 Aug '05, 12:35pm

If it has no hacks it can raise an eyebrow.

**Matthew Gordon** · Tue 16 Aug '05, 12:46pm

Originally posted by ATI4EVER

If it has no hacks it can raise an eyebrow.

No. Illegal boards can get hacks through some warez sites and anybody can chose not to install hacks (in fact, most people chose not to).

The one thing I'd look for is some "NULLED BY XXXXX" at the top of the PHP source.

**Jose Amaral Rego** · Tue 16 Aug '05, 12:51pm

The only way to make sure is to report it to

http://www.vbulletin.com/piracy.php or alternatively you can email [email protected].

But I do not know if you are lookong for a way to delete your client from your server for breaking any of your server rules or you just do not like them. Jelsoft Enterprises Ltd. will not tell you if your client has an illeagal board unless they need to.

*edit
squall14716 is right on that part, just right-click and view source, but it is better to report and not to go gun-ho and shoot everything that looks suspect.

**MikeWalczak** · Tue 16 Aug '05, 12:55pm

Thank you all for your suggestions but to LEAD WEIGHT, I know about reporting them, but I wanted to see if there were any big things that could alert me to a possible pirated board. We have so many vbulletin boards hosted and I am willing to bet that at least a few of them are illegal.

**Mr_Butter** · Tue 16 Aug '05, 12:56pm

Originally posted by squall14716

No. Illegal boards can get hacks through some warez sites and anybody can chose not to install hacks (in fact, most people chose not to).

The one thing I'd look for is some "NULLED BY XXXXX" at the top of the PHP source.

That is not true. A lot of people choose to mod their boards. Yes, some people do not mod them which is why I said "it can raise an eyebrow" instead of saying its illegal. Also yes, they can get it off warez sites but its difficult.

You can try looking at config.php.new to see if they still have it.

**DirectPixel** · Tue 16 Aug '05, 1:07pm

First off, the biggest indication is that the board is an old version. Anything running 3.0.0 Beta these days is pretty suspicious, especially since there have been pretty major security holes discovered in them.

Also, if you want to be sure, go take a look at their files' source code and see if you can still find the original "call home" code. If you can't, then chances are it's an illegal copy.

**Jose Amaral Rego** · Tue 16 Aug '05, 1:09pm

Originally posted by MikeWalczak

Thank you all for your suggestions but to LEAD WEIGHT, I know about reporting them, but I wanted to see if there were any big things that could alert me to a possible pirated board. We have so many vbulletin boards hosted and I am willing to bet that at least a few of them are illegal.

A good way is to let them give you access to the adminstration area. It is the good way of seeing that. You need to understand that nulled boards do not need to have nulled by xxxxx cause that is the easy way to figure it out and some copyright's are removed cause it was purchase that way so like I said the best way is to report them or see in the admin area and look for the popular 'nulled by scriptmafia'

**Mr_Butter** · Tue 16 Aug '05, 2:37pm

Also, nulled versions dont have "Latest vBulletin version (X)" on the top of the admincp.

What is the "call home" code? Is it in php or in templates?

**daemon** · Tue 16 Aug '05, 3:14pm

Originally posted by ATI4EVER

That is not true. A lot of people choose to mod their boards. Yes, some people do not mod them which is why I said "it can raise an eyebrow" instead of saying its illegal. Also yes, they can get it off warez sites but its difficult.

You can try looking at config.php.new to see if they still have it.

Actually, Wayne and Steve have said on numerous occasions that the majority of customers don't modify the source.

Originally posted by ATI4EVER

Also, nulled versions dont have "Latest vBulletin version (X)" on the top of the admincp.

What is the "call home" code? Is it in php or in templates?

As the Admin CP doesn't have templates, it's in the code

.

**Floris** · Tue 16 Aug '05, 4:20pm

You can run a bash script to run through .php files and match against known tag lines from warez groups.

**MGM** · Tue 16 Aug '05, 4:22pm

Originally posted by Floris

You can run a bash script to run through .php files and match against known tag lines from warez groups.

Wouldn't that be an invasion of privacy against his customers?

MGM out

**Floris** · Tue 16 Aug '05, 4:27pm

He is root - and has a policy that doesn't allow customers to store files that break intl property. To enforce this he can browse the content of his web server. He could ensure their privacy by not actually looking inside the files but matching against a string from it, and return with an echo which file in which dir is breaking his policy. And then suspect the user for running unlicensed, temp suspend the account, email Jelsoft with a copy to the account holder and job done. If this actually is a privacy breach .. he has to check with the laws in his country and the country where he's hosted. I wouldn't know. Personally: I don't think so.

To bypass this..
he could write a crawl bot to go through all the domains he hosts and find for example vBulletin_global.js and see if the crackgroup_tag is in the footer of that file. This file is publicly downloadable .. everybody with an internet connection can view this.

Doing it as a root user directly on the server is just quicker and more accurate.

**MikeWalczak** · Tue 16 Aug '05, 9:08pm

Wow Floris thank you so much for your help with this matter. I think we are going to attempt to write a crawl bot which will do as you instructed.

Thanks to everyone else for their suggestions. If you have any more suggestions be sure to post them

**ManagerJosh** · Tue 16 Aug '05, 10:45pm

my suggestion is this personally.

Locate all sources of vbulletin_global.js. Identify the user. From there, open up any PHP files from that user that's related to vBulletin.

Most of these hackers are getting rather wise, and leaving the .js files intact, making it look legit.

Announcement

Illegal Board Signs?

Illegal Board Signs?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment