Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 13 Aug 2015, 22:01
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Real name: Tim
[Request] Video Directory Quarantine Info

Can someone tell me why the video directory was quarantined?
It is for sure the author will not repair it because he has not been here for almost 2 years.
I for one will have it fixed if I know what's wrong with it., I already invested money to get the youtube api corrected so it could still be used by everyone.

Please pm me as to what is wrong with it. I have been around here long enough not to share that info, I just want to fix it.

Thank you.

Email I received...........
=================================================
** DO NOT REPLY TO THIS MESSAGE **

* Quarantine Notification *

The following modification has been 'quarantined' by vBulletin.org.

http://www.vbulletin.org/forum/showthread.php?t=200819

The author of the modification has been informed and asked to address the quarantine reason(s), until this is done the modification will remain in the vbulletin.org graveyard.

If you are currently using this modification then you may wish to consider disabling it.
If the modification consists of a product then disabling the product should be all that is required.
Do not uninstall the product as this may delete any data associated with it. If the modification also included new files then you may remove (or rename) them.

Once the author has responded to the issues you will be notified that it has been restored.

Thank you,

vBulletin.org Staff
==================================================
__________________
LONG LIVE 3.8 SERIES
National Arcade Competition Club- NACC All arcade edits will work on vb4.
Check out my heavily modified ibproarcade with over 50,000 games for you, free of charge!
Exclusive arcade addons, edits and skins were made by stangger5 owner of Next Level Arcade
Reply With Quote
  #2  
Old 14 Aug 2015, 01:19
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
No, we cannot and will not disclose such information. On occasion we will if for example its blatantly obvious but specifically identifying the culprit and disclosing to the masses is not our place or prerogative - in fact its your prerogative as a site owner to disable said modification until you know its secure again, don't place your members at risk on a "maybe".

I'd love to say I could, I like you sir but there's all sorts of low-life trolls that browse this forum daily and would simply run amok with said information and cause a ruckus for some unfortunately by taking advantage of others using info we supply. Furthermore, when you receive an email stating a modification has been moved to quarantine, its meant to be received and interpreted as "serious" and taken to heart as such meaning that if you do not know why then don't ask how later (how you were hacked), disable for now until you find out more with ANY mod that is quarantined, ever! As the saying goes "better safe than sorry".

Edit: Also as a prime example since you mentioned "investing heavily" Eddie and this goes for anyone whose ever done such; If you've made custom changes or paid someone to customize your particular version of a mod, the person who did that work may be qualified to find the security issue and patch now - this is something you must find out and decide if its worth it at said time. We will not however disclose those details and we cannot guarantee nor endorse anyone or any company who does such including but not limited to speaking of paid request - naturally you'll need to do that in private and or use the Paid OR Unpaid request forums here to discuss such. All modifications and information on this site are pretty much "as-is" meaning you need to make a well informed decision before doing anything to your forum... same as your daily routine, such is life. If anyone discloses anything on here it will be Paul, he is the primary Administrator who makes the super-duper-man-a-ma-jig type decisions when it comes down to it so you may PM him and ask.
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!

Last edited by TheLastSuperman; 14 Aug 2015 at 01:30.
Reply With Quote
  #3  
Old 14 Aug 2015, 06:51
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Real name: Jacquii Cooke
Ugh. I loathe the policy. Sure - some asshats might find it useful to exploit the info - but don't you think those of us who at least had the modification installed PRIOR to the quarantine should be given some sort of info????

What you've said is this ==> I understand your concern - but you're sh*t out of luck! Good luck hiring someone to chase down the exploit and let you know what it is. We understand that we could tell you something or at least point you in the direction of a fix.. No. We cannot do that for you. You're SOL. Thanks for using vB.org and best of luck though!!

That's non-sensical. I implore you guys to rethink the policy.
Folks like myself and Eddie, who've had the modification installed for years and took the time to click the "Install" link - should be told something. Otherwise = like your insinuated post = We're SOL. And with all due respect - that sux.

J.
__________________
Call For Submissions. Come share your poetry & writing at JPiC Forum.
JPiC Forum For Writers | Celebrating Diversity With The Typed Word
Reply With Quote
  #4  
Old 14 Aug 2015, 10:20
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Real name: Tim
Well said Jacquii...


__________________
LONG LIVE 3.8 SERIES
National Arcade Competition Club- NACC All arcade edits will work on vb4.
Check out my heavily modified ibproarcade with over 50,000 games for you, free of charge!
Exclusive arcade addons, edits and skins were made by stangger5 owner of Next Level Arcade
Reply With Quote
  #5  
Old 14 Aug 2015, 11:00
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Real name: Jacquii Cooke
Originally Posted by blind-eddie View Post
Well said Jacquii...


Ah thanks. I'm just a loudmouth - thought I'd get on the soapbox for a minute LOL
The complaint has merit though. I've never really quite understood why the shroud of secrecy around quarantined modifications. I think if we are to err - then we should err on the side of helping the community. And the majority of this community are novice hobbiests who like to better their forums. We're not advanced coding gurus who can easily delve into code as to find and fix modification exploits. The current policy should take that into consideration - especially for those of use who do tend to stay tuned to the modifications we install by subscribing to installed mods. What good is a QUARANTINED! stamp on the thread when we have no further information as for what course of action to take. "Uninstall the modification and wait until someone gets back to you ... if indeed anyone ever gets back to you." Is not an appropriate solution. It's cold splash of water in the face. I mean - the quarantined email woke many of us up. But what the hell can we do about it??

The policy needs to be revisited if anyone on vB.org Staff would even care to do so...

J.
__________________
Call For Submissions. Come share your poetry & writing at JPiC Forum.
JPiC Forum For Writers | Celebrating Diversity With The Typed Word
Reply With Quote
  #6  
Old 14 Aug 2015, 11:42
weave weave is offline
 
Join Date: Jun 2011
Well this outright sucks ass....The coder left 3 years ago and now runs on ZenForo....the odds of him fixing whatever you emailed him are about NONE to NEVER.

Now to find out how to remove this without messing up the rest of the forum......and then find some sort of valid replacement.

We need another "legit" coder to take this over and you guys can send him/her the issues and they can fix it and get the community back on their feet. Otherwise, this one is DEAD.
Reply With Quote
  #7  
Old 14 Aug 2015, 20:30
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
The policy does not need attention, in the least. Remember all, I was once once of you, I voiced the same concerns in fact if you search my past posts you'll find me spouting off to Paul and others long ago... it sounded like the same gibberish you typed above no offense but the forcing someone into doing something over being loud, proud, and funny when calling them or the sites policies into question is my JOB Ooooootay? Also - we're both loud Jacqii and nothings wrong with that unless its Movie night . See I'm still being funny while also beating a dead horse, policy won't change but we can surely poke and prod that poor dead horse until the cows come home, pigs fly, or the thread is closed and I'm pretty sure which one will happen first! "How Now Brown Cow"

Edit: Info to those who already downloaded or installed it? What about the 1000x illegal/hacker/download 599 vb4 Mods in this .zip type of sites? Remember that most mods are available illegally and perhaps with tons of injected code or similar in the files so we can't just trust anyone #X-Files.

Now corny humor aside, I feel your pain. I also hate the fact when some coders remove their mods (over spite or similar, while nothing is wrong with the mod at all) and I fix tons of hacked sites... my method is restore the site to how it was 100% then upgrade if required - issue comes into play when the mod is in the graveyard and I can't download to help "fix" their site back to original so if you hate just being sol, then try just being sh**ted on eh? Basically what some have done in the past yet we don't see threads about that and those mods broke the mold for sure, some of them. So we can all have our opinions and justify why something should or should not be done but the rules are the rules, I've argued with Paul before and he politely pointed out many oversights in my logic and they just made sense once I took his point of view into consideration. See my post above, if its within your budget many coders here are qualified to change a few lines of coding to make it secure again - this is why we have an unpaid + paid request area for you to utilize. Furthermore you could open a new thread in vB4 programming discussions and ask for advice or what others might see as a vulnerability.

*Do not forget though, that a coder can fix a mod then contact staff and if we review and confirm its fixed we can add the fixed mod as an attachment to the first post, the liability IF any at all then does not fall on the new coder nor the original author, it would then fall on you the person downloading and using as it would still be use as-is and at your own risk we would simply verify if a security risk is still present or not. Some coders also fix a mod and attach the fixed file to the mods thread so it stays within the thread and does not violate the do not re-release this mod blah blah as its still within the mods thread here - since its quarantined now and not a misc issue i.e. its a security issue the only way to go about it that way would be to contact staff directly and voice interest in fixing said mod so we can work with you then restore the mod with the fixed version in place ready for download.
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!

Last edited by TheLastSuperman; 14 Aug 2015 at 20:40.
Reply With Quote
  #8  
Old 14 Aug 2015, 20:47
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Real name: Tim
Ooooootay....

I respect everything you are say but, how would I go about wording a thread in the paid section ask for assistance to fix the video directory addon?

Example:
Hi, I am in need of someone willing to install the video directory addon on their site and wait to be hacked so they can then find out what the exploit was and fix it?

I am at a loss here.
How about this, for a fee, would you fix the exploit after my site gets hacked?
__________________
LONG LIVE 3.8 SERIES
National Arcade Competition Club- NACC All arcade edits will work on vb4.
Check out my heavily modified ibproarcade with over 50,000 games for you, free of charge!
Exclusive arcade addons, edits and skins were made by stangger5 owner of Next Level Arcade
Reply With Quote
  #9  
Old 14 Aug 2015, 22:07
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Cool

Originally Posted by blind-eddie View Post
Ooooootay....

I respect everything you are say but, how would I go about wording a thread in the paid section ask for assistance to fix the video directory addon?

Example:
Hi, I am in need of someone willing to install the video directory addon on their site and wait to be hacked so they can then find out what the exploit was and fix it?

I am at a loss here.
How about this, for a fee, would you fix the exploit after my site gets hacked?
Nah just post saying:

A recent vulnerability in the Video Directory Remixed mod was discovered however not disclosed. I would like a coder to view the file(s) and ensure everything is updated to be fully secure.
Alternatively you could also say something along the lines of:

A recent vulnerability in the Video Directory Remixed mod was discovered however not disclosed. I would like a coder to view the file(s) and ensure everything is updated to be fully secure then I want to share the file with staff so the mod can be restored for all members to enjoy again!
The coder may or may not want to do that, it won't hurt to ask and will surely benefit everyone else or you may not simply want to do that, its your money and your prerogative HOWEVER I would honestly post in unpaid requests or vB4 programming discussion first asking for help - some folks LOVE to be helpful, after all its a nice thing to do!

The coder already knows its not secure, they can be given access to your site OR duplicate your site and test in a dev/test environment if you're fret'n about anything but it should be a non-trivial fix with a little bit of rewriting not much. Point being anyone whose anyone in vBulletin and dealing with modifications of this nature and/or security in general will see the issue right away and know how to fix it, I mean I saw it sure enough - there it was like a snake in the grass named Charlie... HALP! CHARLIE BIT ME!
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #10  
Old 15 Aug 2015, 21:54
weave weave is offline
 
Join Date: Jun 2011
I am very curious what this would cost to fix AND update. If it is reasonable, I might be willing to foot the bill....worst case is the community pools their funds together and gets a legit coder to fix it up and make it current. I do NOT want to rip it off my site but I have disabled it until I know more about why it was quarantiend.

I am not faulting the ORG at all....I just want it fixed and updated so I can enable it on my site again.....
Reply With Quote
  #11  
Old 18 Aug 2015, 01:49
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Real name: Jacquii Cooke
Originally Posted by TheLastSuperman View Post
The policy does not need attention, in the least. Remember all, I was once once of you, I voiced the same concerns in fact if you search my past posts you'll find me spouting off to Paul and others long ago... it sounded like the same gibberish you typed above no offense but the forcing someone into doing something over being loud, proud, and funny when calling them or the sites policies into question is my JOB Ooooootay? Also - we're both loud Jacqii and nothings wrong with that unless its Movie night . See I'm still being funny while also beating a dead horse, policy won't change but we can surely poke and prod that poor dead horse until the cows come home, pigs fly, or the thread is closed and I'm pretty sure which one will happen first! "How Now Brown Cow"

Edit: Info to those who already downloaded or installed it? What about the 1000x illegal/hacker/download 599 vb4 Mods in this .zip type of sites? Remember that most mods are available illegally and perhaps with tons of injected code or similar in the files so we can't just trust anyone #X-Files.

Now corny humor aside, I feel your pain. I also hate the fact when some coders remove their mods (over spite or similar, while nothing is wrong with the mod at all) and I fix tons of hacked sites... my method is restore the site to how it was 100% then upgrade if required - issue comes into play when the mod is in the graveyard and I can't download to help "fix" their site back to original so if you hate just being sol, then try just being sh**ted on eh? Basically what some have done in the past yet we don't see threads about that and those mods broke the mold for sure, some of them. So we can all have our opinions and justify why something should or should not be done but the rules are the rules, I've argued with Paul before and he politely pointed out many oversights in my logic and they just made sense once I took his point of view into consideration. See my post above, if its within your budget many coders here are qualified to change a few lines of coding to make it secure again - this is why we have an unpaid + paid request area for you to utilize. Furthermore you could open a new thread in vB4 programming discussions and ask for advice or what others might see as a vulnerability.

*Do not forget though, that a coder can fix a mod then contact staff and if we review and confirm its fixed we can add the fixed mod as an attachment to the first post, the liability IF any at all then does not fall on the new coder nor the original author, it would then fall on you the person downloading and using as it would still be use as-is and at your own risk we would simply verify if a security risk is still present or not. Some coders also fix a mod and attach the fixed file to the mods thread so it stays within the thread and does not violate the do not re-release this mod blah blah as its still within the mods thread here - since its quarantined now and not a misc issue i.e. its a security issue the only way to go about it that way would be to contact staff directly and voice interest in fixing said mod so we can work with you then restore the mod with the fixed version in place ready for download.

I didn't realize posting a suggestion would get me insulted by vB.org staff. And you guys wonder why member activity has slowed to a tedious trickle here..

The policy does need to be revisited in my opinion, and likely in the opinions of lots of folks left out in the dark as concerns quarantined modifications. It could and should be bettered for legitimate vBulletin license holders. And to be perfectly honest - I can't be bothered to give a damn about folks using illegally shared modifications with their nulled software. That's immaterial here.

What's important here is the 706 people who've legitimately marked "Install" on the modification - who are now (by vB.org official policy) sh!t out of luck, no useful information whatsoever coming out of vB.org



Originally Posted by TheLastSuperman View Post
See my post above, if its within your budget many coders here are qualified to change a few lines of coding to make it secure again - this is why we have an unpaid + paid request area for you to utilize. Furthermore you could open a new thread in vB4 programming discussions and ask for advice or what others might see as a vulnerability.
  1. Who has a budget???? We're broke LOL
  2. So we can open a thread and discuss the possible exploits and possible fixes to our little hearts content? Meh. If the exploit truth is going to come out this way - you may as well make it easier so that the 706 people who (again) legitimately marked the modification as installed.

Meanwhile in reality = The 706 folks you shot the useless quarantine subscription email to are SOL.. That's extremely frustrating.
vB.org can do better.

J.
Attached Images
File Type: png vdr.png (23.6 KB, 44 views)
__________________
Call For Submissions. Come share your poetry & writing at JPiC Forum.
JPiC Forum For Writers | Celebrating Diversity With The Typed Word
Reply With Quote
  #12  
Old 18 Aug 2015, 03:10
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Insulted?!?!?!?!

Come now Jacquii, your sense of humor is greater than that I know from experience! It was supposed to make that intellect of yours go "well that snazzy terd, look what he did there" in a sense - he basically said that once, he said the same thing like gibberish, was supposed to be witty humor, I tried!

Tone, the only thing missing on a forum!

Ohh and remember that certain things are not useless, such as the quarantine email - now you/them have the choice to make a decision on whether to disable or remove it until something viable whether that be a fix or replacement comes along. Staff here also does everything on this site, in their spare time Paul and Lynne included... even if they're on staff for vBulletin themselves they ARE NOT PAID for time spent on vbulletin.org so please don't assume that we're responsible for breaking the bank, we're just investors as well and the tedious trickle, vB5 for sure .
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!

Last edited by TheLastSuperman; 18 Aug 2015 at 03:19.
Reply With Quote
  #13  
Old 18 Aug 2015, 09:27
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Real name: Jacquii Cooke
Originally Posted by TheLastSuperman View Post
Insulted?!?!?!?!

Come now Jacquii, your sense of humor is greater than that I know from experience!
Nothing wrong with a wee bit of melodrama :P

Originally Posted by TheLastSuperman View Post
Ohh and remember that certain things are not useless, such as the quarantine email - now you/them have the choice to make a decision on whether to disable or remove it until something viable whether that be a fix or replacement comes along. Staff here also does everything on this site, in their spare time Paul and Lynne included... even if they're on staff for vBulletin themselves they ARE NOT PAID for time spent on vbulletin.org so please don't assume that we're responsible for breaking the bank, we're just investors as well and the tedious trickle, vB5 for sure .
Ha. I know and well understand. I'm just making some (imo well-deserved) noise and hope it gets your attention. I wouldn't say the things I've said if I didn't think the policy could be bettered... And for most of us - the email is absolutely useless. Other than hiring someone to investigate what the exploit *could be* and hoping that once they've solved the 'what is it' of the Great Exploit Caper ... Meh. I just think a lot of time and a bit of money could be saved if you guys had some sort of transparency. That's all.

Anyway. Yeah. A wee bit of melodrama for your nerves. Hope it made you smile - or more appropriately - I hope it made you roll your eyes like I did once I started wondering what to do about the quarantine LOL

J.

--------------- Added 18 Aug 2015 at 09:30 ---------------

Originally Posted by weave View Post
I am very curious what this would cost to fix AND update. If it is reasonable, I might be willing to foot the bill....worst case is the community pools their funds together and gets a legit coder to fix it up and make it current. I do NOT want to rip it off my site but I have disabled it until I know more about why it was quarantiend.

I am not faulting the ORG at all....I just want it fixed and updated so I can enable it on my site again.....
I'd be interested in the cost and possibly slinging a few dollars to the cause. It's a nice modification that I've appreciated for years. I hate that there's an exploit - but I hate even more that there's an exploit and we apparently have not even clue #1 as to where even begin to address it ... other than hiring a coder. At anyrate - I'm the brokest Bytch in the great state of Tennessee - but I could throw a tiny amount to the cause.

J.
__________________
Call For Submissions. Come share your poetry & writing at JPiC Forum.
JPiC Forum For Writers | Celebrating Diversity With The Typed Word
Reply With Quote
  #14  
Old 18 Aug 2015, 20:19
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
World wouldn't be quite the same without a few "characters" in it, now would it?! Character - love that word and its uses! All of you have it and we're all quite a character as well I'd dare say, in that good type of way!

I would contact Blind-Eddie who posted above, looks as if he has a paid request up already and perhaps you all could split that, something you would need to contact him over though.
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
  #15  
Old 18 Aug 2015, 20:22
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Originally Posted by weave View Post
I am very curious what this would cost to fix AND update. If it is reasonable, I might be willing to foot the bill....worst case is the community pools their funds together and gets a legit coder to fix it up and make it current. I do NOT want to rip it off my site but I have disabled it until I know more about why it was quarantiend.

I am not faulting the ORG at all....I just want it fixed and updated so I can enable it on my site again.....
Never uninstall, disable and rename all .php file i.e. video.php to .gthdhyu675r5.php and leave it until time to patch/update. I say this because then those looking for specific files to take advantage of won't find them right away and those not talented enough won't. Furthermore if you remove the mod then all data associated with it goes as well, so with that being said if someone didn't know and uninstalled thinking that was correct, then re-installed once it was patched/fixed and wondered where all their videos links and such went too - they're gone forever! This is why you disable+rename instead of uninstall.
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 00:40.

Layout Options | Width: Wide Color: