Announcement

Collapse
No announcement yet.

Getting tired of the ipb iframe injections

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Getting tired of the ipb iframe injections

    Just wondering if your ipb import script is good and solid and are you having any similar security issues?

    I have had a ticket open with them for days, they have reinstalled my board twice and it still happens. Which leads me to the conclusion that i may need to look for a new forum software.

  • #2
    What version of IPB were running? The latest is 2.1.6, and a security update was just released today.

    Anyways, I recall having a flawless conversion from IPB 2.0.4 -> vB 3.0.9, so I assume the most recent versions would work well, too. The only things that are lost are passwords and a few file attachments.
    Forums

    Comment


    • #3
      i have installed each update within hours of release. i have even had ipb re-install the board, complete clean install and am still having this issue, they deny there are any security issues, then two days later i see patch released.

      Security focus mentions a couple of issues and a quick scan on the internet indicates i am not one of the few having this and similar issues.

      Comment


      • #4
        You need to do whats best for yourself and your site.

        Converting to vbulletin should be fairly painless and I believe there are some threads around here about increasing your security.
        Plan, Do, Check, Act!

        Comment


        • #5
          it honestly wouldn't be as bad if i could get some honesty, but i open a ticket and get "there's no issues with the software check that your files are updated", then less then 24 hours later there is a security patch. Now i can't help but think that the security issue was present and known about when they replied to that ticket.

          Comment


          • #6
            The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects vBulletin 3.x.

            This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

            Currently, 0 out of 10 Secunia advisories, are marked as "Unpatched" in the Secunia database.
            That is the best summary

            Comment


            • #7
              Originally posted by monkeyboy View Post
              it honestly wouldn't be as bad if i could get some honesty, but i open a ticket and get "there's no issues with the software check that your files are updated", then less then 24 hours later there is a security patch. Now i can't help but think that the security issue was present and known about when they replied to that ticket.

              that is just one reason i went with vB they are honest.

              Comment


              • #8
                well i snoozed and i lost, my site has been down over 24 hours, php files and .htaccess files were found in pretty much every directory AGAIN, less then 24 hours after I am told there are no "confirmed" security issues a patch is released. Incredibly frustrating.

                I can browse around the internet and find several holes on russian sites. BTW, i think the secuna db says the same thing about ipb so i dont know how comforthing that is LOL

                Comment


                • #9
                  switch to vb, you will not regret it ;-)
                  [URL="http://www.aviationweb.net/"]Aviation Web[/URL="http://www.aviationweb.net/"]

                  Comment


                  • #10
                    I'm sorry you're having such problems. While no software can be guarranteed 100% problem-free, the people that make vBulletin try to be as upfront about any issues that occur as they can be.

                    In my experience their response-time to security issues related to the software or to software vBulletin is dependent on, like PHP, is very short indeed.

                    I suggest you browse these forums and see for yourself what the past reactions have been.
                    Toddler from Hell

                    Comment


                    • #11
                      When you say ipb iframe injections, do you mean that users are pasting IFRAME code into their posts and causing problems? If so, that will happen on any forum that you allow unfettered posting of HTML.

                      There is a Plugin (not sure why it's not built into vBulletin) at vBulletin.org which takes 5 seconds to install that lets you pick and choose which usergroups can post HTML and which can't. My forum is set to allow Admins to post HTML and block everyone else. Anything starting with < is rendered as text instead of HTML.

                      If ipb iframe injections means something completely different, then I apologize for wasting the reader's time.

                      Comment


                      • #12
                        my site has been down for 3 day waiting for ips to reinstall.....

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X