Announcement

Collapse
No announcement yet.

vBulletin Bug / Exploit

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    We're looking into it now.

    Comment


    • #17
      Even if there is an exploit (which I highly doubt), it's BETA and you install it on your own risk.
      That's the end of that!

      Comment


      • #18
        Originally posted by MrNase View Post
        Even if there is an exploit (which I highly doubt), it's BETA and you install it on your own risk.
        Indeed, but it's always nice to let the public know how to keep their forum secure and safe.

        Comment


        • #19
          Wayne

          Wayne, I read that vbulletin says not to allow html in posts, pm's or signatures.

          Where do we go to turn that feature off? Can we hav eit so we, the Admin can do it only?

          And why have that as a choice for members if we should not allow it?

          Thanks.

          Comment


          • #20
            Originally posted by NewbieGuy View Post
            Wayne, I read that vbulletin says not to allow html in posts, pm's or signatures.

            Where do we go to turn that feature off? Can we hav eit so we, the Admin can do it only?

            And why have that as a choice for members if we should not allow it?

            Thanks.
            HTML is off by default on new installations. There is no option to have it on for Administrators only outside of a plugin that is available at www.vbulletin.org. It is offered because many of our customers use the software in a controlled browser environment such an intranet and they need the feature for their work. Since they know who exactly is accessing their forums there is less risk than enabling it on an open internet site.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment


            • #21
              Originally posted by Wayne Luke View Post
              HTML is off by default on new installations. There is no option to have it on for Administrators only outside of a plugin that is available at www.vbulletin.org. It is offered because many of our customers use the software in a controlled browser environment such an intranet and they need the feature for their work. Since they know who exactly is accessing their forums there is less risk than enabling it on an open internet site.
              I know, Where do we turn it on?

              Is it safe to have on?

              I think it already is on my site since when I put http://www.whatever you can click on the link.

              Is that html?

              Thank you

              Comment


              • #22
                Originally posted by NewbieGuy View Post
                I know, Where do we turn it on?

                Is it safe to have on?

                I think it already is on my site since when I put http://www.whatever you can click on the link.

                Is that html?

                Thank you
                That's just parsing links in posts, nothing to do with allowing HTML coding in posts.

                Comment


                • #23
                  lol

                  Originally posted by Trevor Hannant View Post
                  Can't recall anyone posting here about being hacked due to an exploit in vB code directly - all seem to have been running add-ons/plugins/mods which have cuased the problem.

                  As someone who suffered an attack in the past, it was caused by FlashChat which was tied in to my boards, not the board software itself.
                  Shows how much the vBulletin team goes to exploit sites to look. There are 100's of exploits to obtain admin status over the years available on MANY exploit sites directly related to sloppy coding of the vBulletin core.

                  Comment


                  • #24
                    Originally posted by wired420 View Post
                    Shows how much the vBulletin team goes to exploit sites to look.
                    In January 2008 I wasn't staff - didn't join the team until December 2009...
                    Vote for:

                    - *Admin Settable Paid Subscription Reminder Timeframe*
                    -
                    *PM - Add ability to reply to originator only*
                    - Add Admin ability to auto-subscribe users to specific channel(s)
                    - "Quick Route" Interface...

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...
                    X