[The Ottoman]

Cool idea for a hack.

What version of VBplaza is this for?


Also, I installed it, and am missing the information on the right hand side, and the VbPlaza tab is empty.

[ry215]

Originally Posted by The Ottoman

Cool idea for a hack.

What version of VBplaza is this for?


Also, I installed it, and am missing the information on the right hand side, and the VbPlaza tab is empty.

for version 1.5

the VbPlaza tab is empty<< Maybe you have no gifts or ribbons!

[The Ottoman]

Originally Posted by ry215

for version >1.5.8

the VbPlaza tab is empty<< Maybe you have no gifts or ribbons!

Okay.. I'm running 2.0. That is what my problem is.


Any plans on porting it over?

[jerx]

I don' t think this mod should be used!

VbPlaza 1.58 had been removed from vb.org, because it had security problems. I don' t know wether these have been addressed yet, but when I remember correctly vbplaza author announced a fix, but could not come up with one.

[chatzworld]

i get the error Fatal error: Cannot redeclare class vB_ProfileBlock_vbplaza in /home/chatsuk/public_html/member.php(452) : eval()'d code on line 129

can you help

[OrionsMom]

Everyone talks about the plaza having major security issues but no where can I find information on the actual issues. I have been told it had to do with putting in gifts and ribbons, but what kind of security issue could that possibly be? People can add ribbons and gifts or steal your ribbons and gifts? How does this effect the entire board enough to be concidered a major security issue? I asked over on the vbPlaza site and they just said there's no details so people won't hack. I can't help but wonder if the real issue was that the creator of vbPlaza put so much time and energy into creating it that they wanted to charge for it. I'm not saying that's bad, I just wish there was more information on exactly what the issue was. I have members asking if the plaza will be back, I would love to add it but the $50 is just too much to get the license and even worse the $20 a year afterward...$20 a year for a $50 product is asking too much IMHO. I know it takes a lot to create this sort of thing and I wouldn't even begin to think it was an easy task, it just seems like a lot. I have debated over and over again adding the 1.58 version back onto my board, but I can't get a straight answer as to whether the major security issue is a board wide issue or just a plaza issue. What kind of damage can really be done using the old plaza?

[Greek76]

Im still using vbplaza...

[chatzworld]

i was using the old version for 9/10 months without a problem

[CallieJo]

Thanks for this. I haven't installed it as I'm still pondering on whether or not to add vbplaza back. I found some mentions of where security issues were from reading the forums here. However, no one can conclude if there were more yet to be fixed.

I did run vbplaza on my site for many months with the few fixes I found here. But, I can't say it was wise or secure even.

I just wish someone would provide a mod that would fix the known issues that the rest of us are unaware of apparently. Or a tutorial atleast. I know many people still run it on their forums. Atleast a fix would prevent them from getting hacked. Many are unaware of any issues with it. And some who are feel that there is nothing better out there and don't want to lose it. Then you have some like me who really don't want to buy another encrypted hack/script/whathaveyou since I've been burned too many times and left unsupported and money lost. Besides, I already donated several times to the free one and now I have no support for it.

I'd love to download your mod someday. I've bookmarked it for future reference. Thanks for your hard work.

[bigcurt]

vBPlaza ( the older version ) had an exploit that allowed any user access to full admin rights ( somehow ). You may believe that or not, but vBulletin.org had NO REASON to just make it up. The newer version however I have heard is fixed..who knows though as it still isn't released here.

[jerx]

I have never used vbplaza and I do not have enough knowledge to judge, but I would not install version 1.58. Everyone running it, should uninstall it.

I don' t think that it just has been banned from vb.org, just because the author wanted to charge for the hack. Vbplaza people seem to have admitted the security hole, so from my point of view there should not be any doubt on its existence. That you have not been hacked, does not mean that your site is safe. Even vbulletin needs to be updated from time to time, because new risks have been discovered, but not every site is updating.

Everyone in need of a point system should have a look at vbcredits or vbexperience. I think vbplaza has a lot more to offer, but those hacks should be good enough for most sites.

[ZGeek]

vbplaza was an awesome mod. I wish it would come back.

[MaxiMal]

Originally Posted by ZGeek

vbplaza was an awesome mod. I wish it would come back.

+1. v.1.5.8 really vulnerable. I have "tested" it on myself. :-(

[Marco van Herwaarden]

If a modification is removed from vB.org because of vulnerabilities, then this is done after a vulnerability was reported by a member and confirmed by staff.

What you do with this information is up to you, but using a modification that is known to have exploits is not something i would advertise.