Support - YaBB Development & Mods

Support - YaBB Development & Mods http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?catselect=sup1 Support - YaBB Development & Mods en-us YaBB Development & Mods Tue, 17 Oct 2017 05:46:35 GMT http://blogs.law.harvard.edu/tech/rss YaBB 2.7.00 Revision: 1917 30 YaBB 2.6.0 and 2.6.1 Support - YaBB 2.6.12 http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1504324386/1#1 YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1504324386/1#1 no-email@yabbforumsoftware.com (Dandello) Sat, 2 Sep 2017 13:28:00 GMT Feel free to use the wall bash smilie <img rel="[smiley=wallbash.gif]" src="http://yabbforumsoftware.com/yabbfiles/Smilies/wallbash.gif" alt="Smiley" title="wallbash" /> I use it a lot. YaBB 2.6.0 and 2.6.1 Support - ContextTips problems http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1423804300/6#6 YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1423804300/6#6 no-email@yabbforumsoftware.com (Batchman) Wed, 25 Feb 2015 03:44:18 GMT OK, can't be the operating system or the browser ... has to be something with the code, somehow, because the tool tips on this sight disappear when they are clicked outside of, but the tool tips on my site stay there. By the way, since this has nothing to do with the mod, do you want to split this and the previous 6 messages to a separate topic or something? YaBB 2.6.0 and 2.6.1 Support - Redirecting YaBB http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1419039004/2#2 YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1419039004/2#2 no-email@yabbforumsoftware.com (Dandello) Sat, 20 Dec 2014 15:29:18 GMT <a href="http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1419039004/1#1">Red Barchetta wrote</a> on Dec 20th, 2014 at 4:35am: <div id="07303178173427363D302121345500">Does the .httaccess redirect method support a message? </div> No - it just sends the browser to the new place with '301' (permanently moved) flag. For .htaccess ***Go to Post to see Code*** The above is from the redirect from a subdomain on dandello.net to here when I moved this site to its domain. Also see: <a href="http://httpd.apache.org/docs/2.0/misc/rewriteguide.html" target="_blank">http://httpd.apache.org/docs/2.0/misc/rewriteguide.html</a> YaBB 2.6.0 and 2.6.1 Support - Member Group Stars http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1414666730/1#1 YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1414666730/1#1 no-email@yabbforumsoftware.com (Dandello) Thu, 30 Oct 2014 15:00:26 GMT The new files are pngs - if this is an upgraded forum, try changing the file names in the MemberGroups section. (OR upload your old stars into yabbfiles/Templates/Forum/default) <img rel=":-)" src="http://yabbforumsoftware.com/yabbfiles/Smilies/smiley.gif" alt="Smiley" title="Smiley" /> Edited: <div>And while you're at it, make a few quick posts... <img rel=";D" src="http://yabbforumsoftware.com/yabbfiles/Smilies/grin.gif" alt="Grin" title="Grin" /></div> Security Announcements - Error log http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1410968247/39#39 YaBB Development & Mods/Security Announcements http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1410968247/39#39 bill@myersproductions.com (Bill Myers) Sun, 5 Oct 2014 21:38:11 GMT <a href="http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1410968247/37#37">Monni wrote</a> on Oct 5th, 2014 at 8:57pm: <div id="0D292B210C4001">But without people like me, some projects just die slowly because there is no-one to push people to the limits. </div> I definitely agree with that because that is indeed what happens. I also feel the same as Red in liking that a register error can instead be a redirect to a forum's registration page, or better yet to explain it, an informational non-error message that links to the registration form whenever an admin enables that option. Ironically, a redirect would solve the problem of producing entries onto the error log, which helps to address the subject of this topic. <img rel="8-)" src="http://yabbforumsoftware.com/yabbfiles/Smilies/cool.gif" alt="Cool" title="Cool" /> On a related note outside of our forum, I've employed redirects for spam-bots or hot linkers that have generated many thousands of dollars over the years, i.e., they bring our site fresh traffic, which is often targeted to our niche audience, and that's when the ratio of hits per sale becomes very beneficial. Security Announcements - Bash Bug http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1411768217/1#1 YaBB Development & Mods/Security Announcements http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1411768217/1#1 no-email@yabbforumsoftware.com (Dandello) Sat, 27 Sep 2014 06:26:21 GMT If YaBBForum is in Maintenance it's because JonB is running some tests to determine if there are any potential risks to YaBB from this exploit. Security Announcements - Guardian Vulnerability - all 2x versions http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1403363083/0#0 YaBB Development & Mods/Security Announcements http://yabbforumsoftware.com/cgi-bin/yabb2/YaBB.pl?num=1403363083/0#0 no-email@yabbforumsoftware.com (Dandello) Sat, 21 Jun 2014 15:04:43 GMT From YaBB Forum: YaBBforum.com and the YaBB development team have been at work on revisions and improvements to site security and performance. During our analysis, we believe we have located a possible minor security vulnerability. THIS ONLY AFFECTS THE GUARDIAN - so if you do not have it activated, it is not an issue. The other banning tools for users, IP's, e-mails are not affected as they do not use the .htaccess file in the YaBB root; they use YaBB data files. The Vulnerability: It may be possible for third parties, by way of specially crafted URLs, to remove selected IPs from the .htaccess files maintained by YaBB's The Guardian if it is enabled in the Admin Center. Affected Versions: YaBB 2.0 - 2.52 What may be affected: - the .htaccess file that resides in the 'YaBB root' (wherever YaBB.pl is located on a server) Security impact: - traffic only. Previously Guardian blocked IP's on YaBB files may be allowed to submit http: requests (a .htaccess blocked URL would normally get a 403 error). This DOES NOT affect how YaBB authenticates users. Limitations: - the attacker would need to know that the IP exists in the Yabb files Deny from.. section of the .htaccess file. Only submitted URL's with 'yabb' requests in the cgi-bin/yabb2/ folder and below are affected. Mitigations; - You could always manually move the Deny From IP's & URLS into the top section of the .htaccess file. Method: - Although the Guardian script has been refactored over time, this vulnerability has stayed in place. A 'remove' action is part of the options/actions that could be performed without Admin or GM use of the Admin Center. For the Guardian to work automatically, it works as it it were a user - by submitting a request to itself. Note: The 'remove' action in Guardian is not called anywhere within YaBB itself that we can find. Therefore it can ONLY be called by a specially formed query string. Code fix: In Sources/Guardian.pl find: ***Go to Post to see Code*** And replace the entire line it's in with: ***Go to Post to see Code*** The actual line has changed over time and so has several variations, but looking for that bit of code will find the line with the vulnerability. We do not know by whom or why this method was added, and there may be a completely logical explanation (including that whomever added it thought it was needed for the Guardian to work properly). We have tested out the revised code on yabbforum.com and it works correctly. New Releases: YaBB 2.6 now contains an improved version of the Guardian that does not contain this option AND should improve performance in board with large numbers of Guardian blocked IPs. Many Thanks to all YaBB Supporters... <img rel="8-)" src="http://yabbforumsoftware.com/yabbfiles/Smilies/cool.gif" alt="Cool" title="Cool" />