thincom2000
Senior Member
Last Activity: Thu 17th May '18, 2:19pm
Joined: Thu 1st Mar '07
Location:
-
Well, they could do that anyway with any kind of distributed attack, but it is harder to accomplish. By contrast, the session table attack I've discussed requires very few resources or coordination and... -
I can certainly do that, and probably will, moving forward. However, it is not a standard vBulletin setup to list cron.php in the server's crontab -- that is, it is not in the installation instructions...Leave a comment:
-
First, the kind of attack we're discussing affects very small hobby and niche forums with low traffic -- I've mentioned that low traffic is required to perform that attack successfully. As soon as non-attackers...Last edited by thincom2000; Tue 6th Jan '15, 2:00pm.Leave a comment:
-
I'm dealing with 0 real users online at the same time and 50,000 attackers at the same time that have the same user ID and IP address(es). Thus cron.php never runs and they are able to keep creating sessions...Last edited by thincom2000; Tue 6th Jan '15, 10:19am.Leave a comment:
-
Five legitimate users with the same user ID? That doesn't make sense to me. If you want to account for guest users, you can make two limits, one for guests (higher, maybe 1000) and one for logged in users...Last edited by thincom2000; Tue 6th Jan '15, 10:17am.Leave a comment:
-
It turns out the vulnerability I noticed was not attempting to cause email SPAM but was instead attempting to cause a Denial of Service. See: http://tracker.vbulletin.com/browse/VBIV-16057Leave a comment:
-
Had a similar problem. Logged-in SPAM users have been using entry.php?do=sendtofriend&do=sendtofriend to fill up the session table completely. This repeats every couple of days. That seems like a...Leave a comment:
-
Unfortunately that JIRA link now only shows PERMISSION VIOLATION, and unfortunately after reviewing the code for vB 4.2.1 (implied heavily as the fix release in http://www.vbulletin.com/forum/forum/v...Last edited by thincom2000; Mon 15th Apr '13, 9:25am.Leave a comment:
-
So in other words, we have to modify core files. There's no hooks or template hooks? For a premium add-on product, modifying files is not something we ever want to ask our customers to do as part of an...Leave a comment:
-
Facebook App - Does it Support Modifications?
I have been asked by some customers to look into the Facebook app in order to integrate our own third-party vBulletin product VaultWiki into it. However, it will be useless to purchase the Facebook app... -
thincom2000 commented on Creating A Test Site (Updated)Yup, I borked my live installation once because my testvb used the same datastore prefix.
Also, the DISABLE_MAIL pleases me since we can specify email addresses that are okay, but is there a syntax to list more than 1 OK address?... -
You have to upgrade the mod. Old versions of mods are not compatible with vB 4.1.4 because vB changed its WYSIWYG code. They told us when vB came out that it would break mods, I don't know why they didn't...Leave a comment:
-
Hasn't seemed slow to me at all. Perhaps the issue was during the upgrade attempt 1 and actual upgrade. If they were making changes to the database structure and file system, this would definitely cause...Leave a comment:
-
Reviewed the code for Cyb - Advanced Forum Rules and this can be the culprit as I see an exploit there: you can inject SQL and modify the database if you tamper with the HTML form when agreeing to the...Last edited by Trevor Hannant; Wed 4th May '11, 6:45am.Leave a comment:
-
If vbf.php is the backdoor, it's not a default vBulletin file. A simple google search implies it stands for vbFreelancers, which is a group that has made a number of modifications for vBulletin. If all...Last edited by thincom2000; Wed 4th May '11, 1:58am.Leave a comment:
-
While there may be some browser tools to read web pages in other languages, as mentioned above, services like these will not be perfect.
When you want to switch the forum from one language...Leave a comment:
-
After downloading the ZIP again, I notice it hasn't been updated since last January. Will there be an update soon for the icons used in the Mobile style? -
1. I don't believe so, vBulletin doesn't have shopping cart support and leaves it up to the site owner to integrate a third-party cart (except for paid subscriptions). If you are talking about a paid...Leave a comment:
-
You can set a number of image paths using the stylevar system. When editing stylevars, search for the imgdir variety.
For background gradient images, search for "background" and...Leave a comment:
-
You don't need an extra license for the CMS. Simply create 2 "sections", English and Spanish, and give them the custom URLs /en and /es. Then just create your language content in the appropriate...Leave a comment:
No activity results to display
Leave a comment: