(2012-07-08, 04:30 AM)kavin Wrote: [ -> ] (2012-07-07, 11:45 PM)Josh H. Wrote: [ -> ]I am hoping that with MyBB 2.0, plugins are able to be marked vulnerable and all forums using it are notified via the ACP. What would need to happen, at least for ones on the MyBB site, is a database of bad plugin IDs are maintained. Whenever the ACP is logged in to, then the forum phones home for that database (max. one time daily). It then compares installed plugin IDs to the database, and if any are found, a warning is shown.
But the problem is, we can't control plugins downloaded from 3rd party sites. 
But if we have an ID of a plugin from a third party website It could be added to a blacklist kind of system?
(2012-07-08, 04:37 AM)JamieJackson Wrote: [ -> ] (2012-07-08, 04:30 AM)kavin Wrote: [ -> ] (2012-07-07, 11:45 PM)Josh H. Wrote: [ -> ]I am hoping that with MyBB 2.0, plugins are able to be marked vulnerable and all forums using it are notified via the ACP. What would need to happen, at least for ones on the MyBB site, is a database of bad plugin IDs are maintained. Whenever the ACP is logged in to, then the forum phones home for that database (max. one time daily). It then compares installed plugin IDs to the database, and if any are found, a warning is shown.
But the problem is, we can't control plugins downloaded from 3rd party sites.
But if we have an ID of a plugin from a third party website It could be added to a blacklist kind of system?
But unless we force that those 3rd party plugins need an ID from MyBB database for installation, we can't make them have an ID.
Peoples sites get hacked because they share their cpanel information without any care in the world, or they have free hosting off someone, and the person with the reseller hacks their account.
It has nothing to do with Mybb, it's their idiotic faults.
(2012-07-08, 05:56 PM)Online™ Wrote: [ -> ]Peoples sites get hacked because they share their cpanel information without any care in the world, or they have free hosting off someone, and the person with the reseller hacks their account.
It has nothing to do with Mybb, it's their idiotic faults.
Yes but also people come here when someone gets into their AdminCP but thats there fault for having a week password
(2012-07-08, 05:56 PM)Online™ Wrote: [ -> ]Peoples sites get hacked because they share their cpanel information without any care in the world, or they have free hosting off someone, and the person with the reseller hacks their account.
It has nothing to do with Mybb, it's their idiotic faults.
It can go a lot further than just that. And it does. There are hundreds of ways your forum could be hacked. It's not always the fault of the administrator.
(2012-07-08, 07:23 PM)JamieJackson Wrote: [ -> ]Yes but also people come here when someone gets into their AdminCP but thats there fault for having a week password
You could have a 120 character password, but if someone manages to install a keylogger on your PC password strength is irrelevant.
My point is you can't immediately point the blame at the administrator.
(2012-07-07, 03:43 PM)mattias Wrote: [ -> ]Almost every time I visit these forums I read about someone being hacked again. We all now that MyBB is not to blame here, but nonetheless these "I have been hacked" threads have a negative impact to MyBB's reputation.
Does the person that stated they have been hacked have a strong password? THAT's probably what is causing it...