(2008-10-06, 08:48 PM)Matt_ Wrote: [ -> ]You can check if you are using the most recent version by clicking one button in the ACP, and it reminds you every 2 weeks to check.
I know this already! As I said before I don't have time to be doing this. The forum is installed for clients, I don't use it myself, and have no reason to visit it, and I have many better things to be doing.
If I was receiving emails about it before and keeping it up-to-date for my client, there was no need to login to the admin section of their forum, and it's not unreasonable to presume I would continue getting these emails.
(2008-10-06, 08:50 PM)lufbra Wrote: [ -> ]Contact the Admin here regarding to the emails not getting through or try using a different email address, and if it was my forum having such problems, I'd be checking for upgrades/updates through the ACP very often!
Yes I can see I'm going to have to have my eyes glued to the update checker. That or change forum software.
If it's installed for clients, surely you should make time to make sure it's up to date, as you're providing them with a service??
Takes less than a minute to make sure it's running the latest version.
(2008-10-06, 09:00 PM)Matt_ Wrote: [ -> ]If it's installed for clients, surely you should make time to make sure it's up to date, as you're providing them with a service?? Takes less than a minute to make sure it's running the latest version.
Matt I've explained myself enough.
It's not your job to tell me off, maybe you take criticism of MyBB as a personal insult or something.
I didn't come here asking for how to check the ACP more often, I came here because I was concerned about the number of vulnerabilities, and I want to know the likelihood of MyBB becoming insecure again in the future, because the chances are I will drop these clients, I don't need the hassle. Or alternatively investigate alternative forums and if I can port it over easily.
I wasn't 'telling you off'
And why would I take it as a personal insult??
How can anyone know if it will be 'insecure' again?? It wouldn't be planned
Surely it can only get more secure as problems get found and fixed??
Do you know how MyBB got hacked, i.e. what the vulnerabilities were??
(2008-10-06, 09:14 PM)Matt_ Wrote: [ -> ]Do you know how MyBB got hacked, i.e. what the vulnerabilities were??
I was hoping someone here would.
Anyone developing it can shed some light?
Didn't the software go through a security audit?
(2008-10-06, 09:35 PM)Bey Brad Wrote: [ -> ]Didn't the software go through a security audit?
Yes, MyBB 1.4.2 is the direct result of this audit with many security bugs fixed.
Also, for the OP, it is possible that MyBB is not the only way you could be hacked. For instance, with a shared server (most users are on a shared hosting server btw) it is sometimes possible for an attacker to compromise all accounts on the server if even one account has a security hole in a script or the host isn't keeping up with security. Also any plugins you have installed also add an extra place where your forum may be vulnerable. So your MyBB may be perfectly secure but an attacker can get in through the plugins you have installed, so make sure they are secure and from trusted sources.
BMR777
(2008-10-06, 09:31 PM)Te 8 Wrote: [ -> ] (2008-10-06, 09:14 PM)Matt_ Wrote: [ -> ]Do you know how MyBB got hacked, i.e. what the vulnerabilities were??
I was hoping someone here would.
Anyone developing it can shed some light?
Well seeing as we have no idea what exactly happened they wouldn't know where to start
What exactly happened when you were hacked??
(2008-10-06, 09:47 PM)BMR777 Wrote: [ -> ] (2008-10-06, 09:35 PM)Bey Brad Wrote: [ -> ]Didn't the software go through a security audit?
Yes, MyBB 1.4.2 is the direct result of this audit with many security bugs fixed.
Also, for the OP, it is possible that MyBB is not the only way you could be hacked. For instance, with a shared server (most users are on a shared hosting server btw) it is sometimes possible for an attacker to compromise all accounts on the server if even one account has a security hole in a script or the host isn't keeping up with security. Also any plugins you have installed also add an extra place where your forum may be vulnerable. So your MyBB may be perfectly secure but an attacker can get in through the plugins you have installed, so make sure they are secure and from trusted sources.
BMR777
That's what I was trying to get across in my first post, admittedly not half as well. If the server has weak protection, someone can get in and do a lot of damage, even though the MyBB structure is perfectly fine. For instance, they could access the database, which is part of the server, not MyBB per se, and edit that, create an admin account, gaining control of the forum, and then tear it apart from the inside.
It's confirmed that MyBB is responsible and has been in the past (when it was the only thing on a particular server). I don't have any plugins and the only things hosted on the server are my things.
(2008-10-06, 09:58 PM)Matt_ Wrote: [ -> ]Well seeing as we have no idea what exactly happened they wouldn't know where to start What exactly happened when you were hacked??
How about every time it's posted "fixed <this many> high risk vulnerabilites", we could find out what was causing those. That would be interesting for me.
How do you know it was MyBB and not the database being attacked??
And whenever that is shown, it's with a new release, no?? So at that point, all the known problems have been taken care of.