Since there's a list of vulnerable plugins, I think we should have a list of hosts that have symlink enabled. I know this can be misused but our point is to warn other web masters and I doubt there would be a hacker visiting MyBB everyday just to look for a vuln, so I believe this would be useful for many people. I know many sites getting hacked by symlink recently and I think this would be the right step.
//Don't know where to post this.
I think it's possible with the majority of hosts. Just upload a symlink as a zip through cPanel...
Why take the risk though? Ex: Pay like $10 for a hosting and then you end up finding out that it's vulnerable.
Nothing is impossible, I know over 20 hosts that are vulnerable. I actually have a list of all of them saved on my PC so I don't recommend anyone or move to anyone of those hosts.
That isn't so much a MyBB issue. It would be a good list to post on an admin board though.
Umm but why not in the website development section as I think most hosting discussions are held there and I think it would be useful for most people that use the MyBB software and check the MyBB community regularly.
Why do we have a list of vulnerable plugins then? Basically to warn others and this is the same case for vulnerable hosts. Plugins are add-ons, people can run their forums without specific plugins but they NEED hosts and you can't run a MyBB forum without a host. So I do believe web hosts have something important related to MyBB.
(2013-02-10, 06:01 PM)kamz89 Wrote: [ -> ]Why do we have a list of vulnerable plugins then?
Because they are
MyBB plugins?
(2013-02-10, 06:01 PM)kamz89 Wrote: [ -> ]Why do we have a list of vulnerable plugins then? Basically to warn others and this is the same case for vulnerable hosts. Plugins are add-ons, people can run their forums without specific plugins but they NEED hosts and you can't run a MyBB forum without a host. So I do believe web hosts have something important related to MyBB.
So let's have a list of PHP builds containing vulnerabilities. And of course, a list of libraries used during compilation containing vulnerabilities, and the same applies to MySQL and other database systems. And we could also do the same for other server applications.
Ah wait, I think that has nothing to do with MyBB.
(2013-02-05, 09:23 PM)Adobe Wrote: [ -> ]Why take the risk though? Ex: Pay like $10 for a hosting and then you end up finding out that it's vulnerable.
Never buy hosting with out asking for a demo account.