Welcome, Guest. Please Login or Register.
November 27, 2024, 08:36:29 PM
Home Help Search Log in Register
News: SMF is the next generation in forum software, almost completely re-written from the ground up, make sure you don't fall for cheap imitations that suffer from feature bloat!

YaBB SE Community  |  General Category  |  Feedback  |  YaBB SE banned.... « previous next »
Pages: [1] 2 3 4 Reply Ignore Print
Author Topic: YaBB SE banned....  (Read 12476 times)
MashedBuddha
Noobie
*
Posts: 9


I'm a llama!

YaBB SE banned....
« on: May 20, 2003, 01:06:23 PM »
Reply with quote

I wanted to make the developers aware of a recent situation with my host where all derivatives of YaBB have been banned because of security issues.  I do this only because I would like to keep using this forum, and I would like to know how I can convince my host that the 1.52 update (which I will update if I'm allowed to keep my forum) will fix these security issues.   I have some leeway with this host (long story) and I may be able to keep my forum with some more detailed information.  Here's their official announcement:

"We have taken the decision to ban all versions of YaBB bulletin board. There are numerous security problems that keep cropping up with this script, some of which are very serious indeed and have resulted in servers being compromized by enabling anyone to upload a binary to the server to either crash it or perform DoS attacks.

Whilst security problems occur on many scripts, YaBB seems to have more than its fair share, and the creators do not work fast enough to patch them and are very unprofessional in their manner about resolving them."

Please help.

thanks.

John
Logged
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:YaBB SE banned....
« Reply #1 on: May 20, 2003, 01:40:45 PM »
Reply with quote

What host?
Logged

Douglas
aka The Bear
Support Team
YaBB God
*****
Posts: 1050


Bears rule! Llamas rule too!

WWW
Re:YaBB SE banned....
« Reply #2 on: May 20, 2003, 01:47:09 PM »
Reply with quote

QuoteI wanted to make the developers aware of a recent situation with my host where all derivatives of YaBB have been banned because of security issues.  I do this only because I would like to keep using this forum, and I would like to know how I can convince my host that the 1.52 update (which I will update if I'm allowed to keep my forum) will fix these security issues.   I have some leeway with this host (long story) and I may be able to keep my forum with some more detailed information.  Here's their official announcement:

"We have taken the decision to ban all versions of YaBB bulletin board. There are numerous security problems that keep cropping up with this script, some of which are very serious indeed and have resulted in servers being compromized by enabling anyone to upload a binary to the server to either crash it or perform DoS attacks.

Whilst security problems occur on many scripts, YaBB seems to have more than its fair share, and the creators do not work fast enough to patch them and are very unprofessional in their manner about resolving them."
Hiyas, John!  This, unfortunately, is becoming the standard response we're hearing from several people that utilize YSE as their forum of choice.

What you could do is point your hosting company to

http://www.yabbse.org/community/index.php?board=1;action=display;threadid=22799

and have them read this.  Any time there is a security exploit, the YSE team works hard to close that hole and gets a fix out ASAP, in most cases within a few hours of the exploit.  Several of us scan SecurityFocus and BugTraq several times a week, as well as trying to exploit our own installations to ensure that all bugs and security holes are plugged.

Right now, 1.5.2 is the most secure version of YaBB SE available, and was released within two days after 1.5.1 Final was released due to a new exploit being exposed.

There were rumors about SSI.php having an exploit, which the entire Devel team has proven as a fallacy.  The person that originally posted the exploit did not take the time to investigate the "exploit" further.  We did.  With the way that settings.php is configured, it was impossible to re-produce the exploit.

Being a web host and a custom database programmer myself, I certainly wouldn't expose any of my sites, my client's sites or my client's servers to any system that poses a security risk.  With the speed that the YSE Devel team comes out with a fix for exploitable issues, I have full confidence in the team's work in ensuring that this is one heck of a stable forum software, and that these folks genuinely care when something is exposed.

I know I certainly wouldn't continue to support the system if they weren't on the ball with issues that needed to be addressed.

If you (or your host) have any questions, please encourage them to come to this very thread and post their concerns, or to email us.  They can certainly email me, if they wish (webmaster at therealms dot net) or David (david at yabbse dot org).  We'll be more than happy to work with them to help them close up any issues that need to be addressed.  :)
Logged

Need help? Please SEARCH first.  No need for a bad attitude, we like helping positive minded people.
ComeHit.us Short URL  redirection svcs with YSE powered forums, COMING SOON!
Want to say thanks?  Check out http://comehit.us/?u=3
Peter Duggan
Llama Chameleon
Global Moderator
YaBB God
*****
Posts: 1793


You come and go...

WWW
Re:YaBB SE banned....
« Reply #3 on: May 20, 2003, 02:47:05 PM »
Reply with quote

Quote from: MashedBuddha on May 20, 2003, 01:06:23 PM
Here's their official announcement:

"We have taken the decision to ban all versions of YaBB bulletin board. There are numerous security problems that keep cropping up with this script, some of which are very serious indeed and have resulted in servers being compromized by enabling anyone to upload a binary to the server to either crash it or perform DoS attacks.

Whilst security problems occur on many scripts, YaBB seems to have more than its fair share, and the creators do not work fast enough to patch them and are very unprofessional in their manner about resolving them."

Quote from: Jeff Lewis on May 20, 2003, 01:40:45 PM
What host?

I'm prepared to hazard a guess:

Quote from: oldiesmann on May 14, 2003, 05:08:39 PM
This just in from the folks at eMark Hosting...

QuoteDear Users,

We have taken the decision to ban all versions of YaBB bulletin board. There are numerous security problems that keep cropping up with this script, some of which are very serious indeed and have resulted in servers being compromized by enabling anyone to upload a binary to the server to either crash it or perform DoS attacks.

Whilst security problems occur on many scripts, YaBB seems to have more than its fair share, and the creators do not work fast enough to patch them and are very unprofessional in their manner about resolving them
Logged

Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:YaBB SE banned....
« Reply #4 on: May 20, 2003, 02:58:08 PM »
Reply with quote

The thing is, go to http://www.securityfocus.com and search for any forum package, they all have their fair share. It just so happens that there is a smear campaign against SE but a couple of destructive people who can't code their own stuff.
Logged

MashedBuddha
Noobie
*
Posts: 9


I'm a llama!

Re:YaBB SE banned....
« Reply #5 on: May 20, 2003, 03:34:39 PM »
Reply with quote

QuoteThis just in from the folks at eMark Hosting...

No, that's not my host.  Our site(s) are very large and we use a reseller account directly for this, without reselling space.  Because it's the same message, eMark Hosting apparently resells space from the same host that we use.  

To Peter: Thanks for your response, I've already contacted my host and so far they won't budge.  I gave them this:

http://www.yabbse.org/community/index.php?board=9;action=display;threadid=21830

But their response was so quick that there was no further investigation to the cause.  Here's what they said:

"Hi John,

There are still security issues that we have found with even this version of YaBB SE which have resulted in major vulnerabilites, and so it must still remain banned.

Use phpBB, Invision or vB and you are guaranteed a professional long term bulletin board, designed by people who care about ensuring that it remains secure. The team behind YaBB just don't cut it for us, they make very unprofessional comments and their patching leaves a lot to be desired. Until we can see a noticable improvement in not only their software, but also with their ability to fully and correctly patch them, we like many other hosts will not be authorizing the use of their software.

If you have not already converted, you must so so ASAP as we have already started removing remaining copied of YaBB from our servers. When we can lift the ban on this script, we of course will, although that will be when we make a public announcement about this and not before. I realize that this is an inconvenience, but you must realize that server security must come first every time."
Logged
David
Destroyer Dave
Global Moderator
YaBB God
*****
Posts: 5761


I'm not a llama!

WWW
Re:YaBB SE banned....
« Reply #6 on: May 20, 2003, 04:26:36 PM »
Reply with quote

If they are so unwilling to budge move to Infodoma. :P
Logged

andrea
Global Moderator
YaBB God
*****
Posts: 4400


Peace on Earth

WWW
Re:YaBB SE banned....
« Reply #7 on: May 20, 2003, 05:02:20 PM »
Reply with quote

QuoteThere are still security issues that we have found with even this version of YaBB SE which have resulted in major vulnerabilites, and so it must still remain banned.

Somebody of the dev team should ask them which precise vulnerabilities they believe to know are still in the current version...
Logged

Angel Skin
Full Member
***
Posts: 128


I'm a llama!

WWW
Re:YaBB SE banned....
« Reply #8 on: May 20, 2003, 05:14:16 PM »
Reply with quote

Yes, surely by utilising this knowledge the dev's could resolve this issue and rebuild yabbse's reputation with web hosts.
Logged
David
Destroyer Dave
Global Moderator
YaBB God
*****
Posts: 5761


I'm not a llama!

WWW
Re:YaBB SE banned....
« Reply #9 on: May 20, 2003, 05:24:40 PM »
Reply with quote

Second guess, bmhost.com.
Logged

Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:YaBB SE banned....
« Reply #10 on: May 20, 2003, 06:08:24 PM »
Reply with quote

Or rochenhost  ::)

It's funny, YaBB has been around four years almost and you still get these lame comments like "Use phpBB, Invision or vB and you are guaranteed a professional long term bulletin board".

Just goes to show the knowledge of your host, I'd take my money elsewhere as they obviously have an alterior motive.

Look through any security site, all of those forums have the same security issues.
Logged

Ben_S
Disciple of Joe
Support Team
YaBB God
*****
Posts: 1586


I Love YaBB SE!

WWW
Re:YaBB SE banned....
« Reply #11 on: May 20, 2003, 06:10:46 PM »
Reply with quote

Quote from: Angel Skin on May 20, 2003, 05:14:16 PM
Yes, surely by utilising this knowledge the dev's could resolve this issue and rebuild yabbse's reputation with web hosts.

I doubt there is a ny knowledge, just a host without a clue.

Vote with your feet and move host is my advice, or keep trying to convince them...
Logged
MashedBuddha
Noobie
*
Posts: 9


I'm a llama!

Re:YaBB SE banned....
« Reply #12 on: May 20, 2003, 06:28:19 PM »
Reply with quote

I agree with your suggestions, and believe me we are very close to switching as there have been other serious issues.  What's stopping me?  The sheer agony of moving everything including our secure cert, scripts (although that's not too painful), etc, etc.  I only work a couple days a week that need to be devoted more to web marketing and design....

BTW, you still haven't guessed the host but keep trying ;)

Most recently they did say they are thinking about it, as they are reviewing the information I gave them from the most helpful (free) developers here.

Also an interesting note: at the site you mentioned http://www.securityfocus.com
I did a search on YaBB SE and got a page of security issues.  A search on phpBB (my host's recommended forum script) resulted in SIX pages of vulnerabilities.  Told my host about that too.
Logged
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:YaBB SE banned....
« Reply #13 on: May 20, 2003, 06:52:33 PM »
Reply with quote

And your site is hostnoc.com? Your upstream provider rather...

And yes I told you about that securityfocus site :) Chances are they are getting bad information from some people.
Logged

skoen
Longing For a Title
YaBB God
*****
Posts: 601


Official translator and local mod.

ICQ - 164554802hoyreskoen@hotmail.com WWW
Re:YaBB SE banned....
« Reply #14 on: May 20, 2003, 09:03:01 PM »
Reply with quote

Or maybe YaBBSE is so new, that the owners of the host haven't heard of YaBBSE before. Probarbly it's not the YaBBSE forum that creates the big security issue. It is maybe something else. But since they don't recognize YaBBSE, they blame it on that. phpBB, vB and Invision are more used by a bigger userrate. But I must say that YaBBSE is the easiest forum to administrate and configure. Though my host only allow working of one YaBBSE forum in one folder. But at least that host don't blame the secturity issues on YaBBSE.

My host is Interland by the way.
Logged

Proud to be Norwegian

Feel free to send me an IM if you got any questions or comments regarding YabbSE or my translation.

My portfolio(Norwegian)

Caught 43 llamas.
Pages: [1] 2 3 4 Reply Ignore Print 
YaBB SE Community  |  General Category  |  Feedback  |  YaBB SE banned.... « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.103 seconds with 20 queries.