MyBB Community Forums

MyBB Community Forums > 1.8 Support > Security Management and Support > Safe themes and plugins?
Full Version: Safe themes and plugins?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Ricsca

2021-07-30, 10:08 AM
How can I be sure that the themes and plugins on

https://community.mybb.com/mods.php are safe?

For example if I go to see the last theme uploaded

https://community.mybb.com/mods.php?acti...w&pid=1466

if I click on the Author I see that he is waiting for an email confirmation so he hasn't even clicked on the validation email but he has been able to insert a theme.

Couldn't this theme have files accessing the database or server?


Thanks

Matt

2021-07-30, 11:03 AM
All uploads are reviewed, although we can never guarantee there are no issues with them regardless of who's uploaded them. I have raised internally about requiring account activation first though. I've also checked this one out and it's just theme XML files and I can't see any issues with anything inside them.

Crazycat

2021-07-30, 11:15 AM
Unless it has changed, the submissions from untrusted users are reviewed and need team approval.

@Matt : what about having a review team, volunteer-based*, to approve (or refuse) submissions in extend part ?

* not from the team, I think they already lack time to spent Smile

sarisisop

2021-07-30, 12:43 PM
There is a list of Vulnerable Submissions at the bottom for plugins: https://community.mybb.com/mods.php?acti...erablesubs

lkop

2021-07-30, 02:31 PM
(2021-07-30, 11:15 AM)Crazycat Wrote: [ -> ]Unless it has changed, the submissions from untrusted users are reviewed and need team approval.

@Matt : what about having a review team, volunteer-based*, to approve (or refuse) submissions in extend part ?

* not from the team, I think they already lack time to spent Smile

+1. extension could be in "Under development" forum section and user can download the file. extension creator will submit his extension for review if creator thinks it's ready for mybb staff team review. when staff will have time and approve the extension it will be listed on mybb official download page.

obeyafriday

2021-09-30, 03:24 PM
I just love the support team here.

You guys are doing a very good work.
May God bless you all.

xXMoeXx

2021-11-13, 03:49 PM
Code is constantly changing. Even MyBB has to patch there exploits. Just going to have to take a risk. Your lucky to get a xml bomb lol. Its great the staff here manually check for sploits on the code. But, if you have an UN-experienced coder, it could be an issue.

xilou

2021-11-14, 05:17 PM
You will never be sure.
The base code of MyBB is constantly evolving, which might break older Plugins and or themes Smile

If you are in doubt, then always test on a second forum Smile

xXMoeXx

2021-11-14, 07:41 PM
(2021-11-14, 05:17 PM)xilou Wrote: [ -> ]You will never be sure.
The base code of MyBB is constantly evolving, which might break older Plugins and or themes Smile

If you are in doubt, then always test on a second forum Smile

He's right. You can get software like acunetix and run a scan and it will find known vulnerabilities in your site. Like cross site scripting, or disclosure information and more.
MyBB Community Forums > 1.8 Support > Security Management and Support > Safe themes and plugins?