MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > vulnerability check (Plugins)
Full Version: vulnerability check (Plugins)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

SammyOsborn

2013-01-27, 10:56 AM
Are these plugins okay to use? I don't want my forum to get hacked, I converted from SMF to MyBB after that they uploaded a script somehow which caused our whole public_html to be wiped.

Plugins that I have activated:

Disable portal.php Plugin (1.1)
AdvancedProfile (3.0)
Akismet (1.2.2)
Guest warn (1)
Bad Behavior (1.0.0)
Custom Forum Icons (1.0)
Usergroup Legend (3.0)
Header Announcements (1.0)
User IP Log (1.1)
Last Visitors in Profile (1.1)
Login Password Conversion (1.3)
MyShoutbox (1.7)
MyTabs (1.32)
Show Users Who Have Been Registered Today (1.0)
Register Time (1.1)
Registration Security Question (1.2)
Stop Forum Spam (1.4)
Facebook Like Button 1.0
Follow us!

Would these plugins listed above be safe?

Ryan Loos

2013-01-27, 11:08 AM
This isn't really "private enquiry" material.

Moved.

SammyOsborn

2013-01-27, 11:16 AM
(2013-01-27, 11:08 AM)Ryan Loos Wrote: [ -> ]This isn't really "private enquiry" material.

Moved.

Alright, I was told to post it as private enquiry.

StefanT

2013-01-27, 11:21 AM
http://community.mybb.com/thread-133559.html

Nathan Malcolm

2013-01-27, 11:21 AM
Disable portal.php Plugin - Not really necessary at all.
Akismet - Safe, maintained by us.
Login Password Conversion - Safe, maintained by us.
MyTabs - Latest version is safe.
Register Time - Safe, also implemented in to MyBB 1.8.

I can't speak to the others. I haven't seen any public vulnerabilities for any of them AFAIR.

Ryan Loos

2013-01-27, 11:23 AM
I'm not sure why. It concerns everyone, not just you + staff (which is what the PI forum is for, mostly).

I think you'll find that anything available on the mods site is deemed as secure. Any plugins found to have vulnerabilities and are brought to our attention are removed and we contact the author to update it.

SammyOsborn

2013-01-27, 12:08 PM
(2013-01-27, 11:21 AM)Nathan Malcolm Wrote: [ -> ]Disable portal.php Plugin - Not really necessary at all.
Akismet - Safe, maintained by us.
Login Password Conversion - Safe, maintained by us.
MyTabs - Latest version is safe.
Register Time - Safe, also implemented in to MyBB 1.8.

I can't speak to the others. I haven't seen any public vulnerabilities for any of them AFAIR.

I couldn't find another way to disable the portal, is there any other ways that does not require a plugin?

Nathan Malcolm

2013-01-27, 12:10 PM
Delete portal.php and remove the link from the header.

Adobe

2013-01-28, 12:21 AM
(2013-01-27, 11:08 AM)Ryan Loos Wrote: [ -> ]This isn't really "private enquiry" material.

Moved.

But why? I was once told that if someone provides a list of plugins they have and want a security check and if someone from the MyBB team posts the vulnerable plugin on the thread then everyone would know that the plugin is vuln., they said it's better through PI.

Edited

Changed my thought after post #6 on this thread.

s3_gunzel

2013-02-02, 04:36 AM
You do realise that it's irrelavent if the plugins are safe or not, you'll probably get hacked anyway. If someone wants in, they'll get in.

There's just less chance of that happening if the plugins are safe.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > vulnerability check (Plugins)