Announcement

Collapse
No announcement yet.

Getting tired of the ipb iframe injections

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • monkeyboy
    replied
    my site has been down for 3 day waiting for ips to reinstall.....

    Leave a comment:


  • feldon23
    replied
    When you say ipb iframe injections, do you mean that users are pasting IFRAME code into their posts and causing problems? If so, that will happen on any forum that you allow unfettered posting of HTML.

    There is a Plugin (not sure why it's not built into vBulletin) at vBulletin.org which takes 5 seconds to install that lets you pick and choose which usergroups can post HTML and which can't. My forum is set to allow Admins to post HTML and block everyone else. Anything starting with < is rendered as text instead of HTML.

    If ipb iframe injections means something completely different, then I apologize for wasting the reader's time.

    Leave a comment:


  • Fusion
    replied
    I'm sorry you're having such problems. While no software can be guarranteed 100% problem-free, the people that make vBulletin try to be as upfront about any issues that occur as they can be.

    In my experience their response-time to security issues related to the software or to software vBulletin is dependent on, like PHP, is very short indeed.

    I suggest you browse these forums and see for yourself what the past reactions have been.

    Leave a comment:


  • Neal-UK
    replied
    switch to vb, you will not regret it ;-)

    Leave a comment:


  • monkeyboy
    replied
    well i snoozed and i lost, my site has been down over 24 hours, php files and .htaccess files were found in pretty much every directory AGAIN, less then 24 hours after I am told there are no "confirmed" security issues a patch is released. Incredibly frustrating.

    I can browse around the internet and find several holes on russian sites. BTW, i think the secuna db says the same thing about ipb so i dont know how comforthing that is LOL

    Leave a comment:


  • Mike Anime
    replied
    Originally posted by monkeyboy View Post
    it honestly wouldn't be as bad if i could get some honesty, but i open a ticket and get "there's no issues with the software check that your files are updated", then less then 24 hours later there is a security patch. Now i can't help but think that the security issue was present and known about when they replied to that ticket.

    that is just one reason i went with vB they are honest.

    Leave a comment:


  • gulldarek
    replied
    The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects vBulletin 3.x.

    This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

    Currently, 0 out of 10 Secunia advisories, are marked as "Unpatched" in the Secunia database.
    That is the best summary

    Leave a comment:


  • monkeyboy
    replied
    it honestly wouldn't be as bad if i could get some honesty, but i open a ticket and get "there's no issues with the software check that your files are updated", then less then 24 hours later there is a security patch. Now i can't help but think that the security issue was present and known about when they replied to that ticket.

    Leave a comment:


  • Reeve of Shinra
    replied
    You need to do whats best for yourself and your site.

    Converting to vbulletin should be fairly painless and I believe there are some threads around here about increasing your security.

    Leave a comment:


  • monkeyboy
    replied
    i have installed each update within hours of release. i have even had ipb re-install the board, complete clean install and am still having this issue, they deny there are any security issues, then two days later i see patch released.

    Security focus mentions a couple of issues and a quick scan on the internet indicates i am not one of the few having this and similar issues.

    Leave a comment:


  • Quillz
    replied
    What version of IPB were running? The latest is 2.1.6, and a security update was just released today.

    Anyways, I recall having a flawless conversion from IPB 2.0.4 -> vB 3.0.9, so I assume the most recent versions would work well, too. The only things that are lost are passwords and a few file attachments.

    Leave a comment:


  • monkeyboy
    started a topic Getting tired of the ipb iframe injections

    Getting tired of the ipb iframe injections

    Just wondering if your ipb import script is good and solid and are you having any similar security issues?

    I have had a ticket open with them for days, they have reinstalled my board twice and it still happens. Which leads me to the conclusion that i may need to look for a new forum software.
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X