Support - YaBB Development & Mods Support - YaBB Development & Mods en-us YaBB Development & Mods Wed, 21 Apr 2021 14:55:30 GMT YaBB 2.7.00 Revision: 2044 30 YaBB 2.6.0 and 2.6.1 Support - missing YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support (Dandello) Sat, 1 Jun 2019 12:26:32 GMT That code was from the version from a modded build on my test bed. it was probably  ***Go to Post to see Code***  for your version. YaBB 2.6.0 and 2.6.1 Support - Software error 2.6.11 YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support (Dandello) Sun, 21 Apr 2019 23:47:44 GMT @XTC - Perl 5.24 <b>should</b> have behaved okay without the need for adding back the '.' BUT, who knows if the host actually installed all the required libraries or set a security setting to something odd. <br /><br />In terms of the Setup -Pyragony and I got it to the point where it was supposed to write the cookies list to Variables but it didn't have permission to actually write to the file - which points to a folder/file ownership or permissions issue.<br /> YaBB 2.6.0 and 2.6.1 Support - YaBB 2.6.12 YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support (Dandello) Sat, 2 Sep 2017 13:28:00 GMT Feel free to use the wall bash smilie¬† <img rel="[smiley=wallbash.gif]" src="" alt="Smiley" title="wallbash" /> I use it a lot. YaBB 2.6.0 and 2.6.1 Support - ContextTips problems YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support (Batchman) Wed, 25 Feb 2015 03:44:18 GMT OK, can't be the operating system or the browser ... has to be something with the code, somehow, because the tool tips on this sight disappear when they are clicked outside of, but the tool tips on my site stay there.<br /><br />By the way, since this has nothing to do with the mod, do you want to split this and the previous 6 messages to a separate topic or something? YaBB 2.6.0 and 2.6.1 Support - Redirecting YaBB YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support (Dandello) Sat, 20 Dec 2014 15:29:18 GMT <a href="">Red Barchetta wrote</a> on Dec 20<sup>th</sup>, 2014 at 4:35am:<br /><div id="07303178173427363D302121345500">Does the .httaccess redirect method support a message? <br />                     </div><!--07303178173427363D302121345500--><br />No - it just sends the browser to the new place with '301' (permanently moved) flag.<br /><br />For .htaccess ***Go to Post to see Code*** <br />The above is from the redirect from a subdomain on to here when I moved this site to its domain.<br />Also see: <a href="" target="_blank"></a><br /> YaBB 2.6.0 and 2.6.1 Support - Member Group Stars YaBB Development & Mods/YaBB 2.6.0 and 2.6.1 Support (Dandello) Thu, 30 Oct 2014 15:00:26 GMT The new files are pngs - if this is an upgraded forum, try changing the file names in the MemberGroups section. (OR upload your old stars into yabbfiles/Templates/Forum/default)¬† <img rel=";&#45;&#41;" src="" alt="Smiley" title="Smiley" /><br /><b>Edited: </b><br /><div>And while you're at it, make a few quick posts...  <img rel=";&#45;&#41;" src="" alt="Grin" title="Grin" /></div><!--edit--> Security Announcements - Error log YaBB Development & Mods/Security Announcements (Bill Myers) Sun, 5 Oct 2014 21:38:11 GMT <a href="">Monni wrote</a> on Oct 5<sup>th</sup>, 2014 at 8:57pm:<br /><div id="0D292B210C4001">But without people like me, some projects just die slowly because there is no-one to push people to the limits. </div><!--0D292B210C4001--><br />I definitely agree with that because that <i>is indeed</i> what happens. I also feel the same as Red in liking that a register error can instead be a redirect to a forum's registration page, or better yet to explain it, an informational non-error message that links to the registration form whenever an admin enables that option.<br /><br />Ironically, a redirect would solve the problem of producing entries onto the error log, which helps to address the subject of this topic. <img rel=";&#45;&#41;" src="" alt="Cool" title="Cool" /><br /><br />On a related note outside of our forum, I've employed redirects for spam-bots or hot linkers that have generated many thousands of dollars over the years, i.e., they bring our site fresh traffic, which is often targeted to our niche audience, and that's when the ratio of hits per sale becomes very beneficial.<br /><br /> Security Announcements - Bash Bug YaBB Development & Mods/Security Announcements (Dandello) Sat, 27 Sep 2014 06:26:21 GMT If YaBBForum is in Maintenance it's because JonB is running some tests to determine if there are any potential risks to YaBB from this exploit. Security Announcements - Guardian Vulnerability - all 2x versions YaBB Development & Mods/Security Announcements (Dandello) Sat, 21 Jun 2014 15:04:43 GMT <b><span>From YaBB Forum</span><!--size--></b>:<br /><br /> and the YaBB development team have been at work on revisions and improvements to site security and performance.  During our analysis, we believe we have located a possible minor security vulnerability.  <br /><br /><i>THIS ONLY AFFECTS THE GUARDIAN</i> - so if you do not have it activated, it is not an issue.  <span>The other banning tools for users, IP's, e-mails are not affected as they do not use the .htaccess file in the YaBB root; they use YaBB data files.</span><!--underline--><br /><br /><b>The Vulnerability:</b> It may be possible for third parties, by way of specially crafted URLs, to remove selected IPs from the .htaccess files maintained by YaBB's The Guardian if it is enabled in the Admin Center.<br /><br /><b>Affected Versions:</b> YaBB 2.0 - 2.52<br /><br /><b>What may be affected:</b> - the .htaccess file that resides in the 'YaBB root' (wherever is located on a server)<br /><br /><b>Security impact:</b> - traffic only. Previously Guardian blocked IP's on YaBB files may be allowed to submit http: requests (a .htaccess blocked URL would normally get a 403 error).  <span>This DOES NOT affect how YaBB authenticates users.</span><!--underline--> <br /><br /><b>Limitations:</b> - the attacker would need to know that the IP exists in the Yabb files Deny from.. section of the .htaccess file. Only submitted URL's with 'yabb' requests in the cgi-bin/yabb2/ folder and below are affected.<br /><br /><b>Mitigations;</b> - You could always manually move the Deny From IP's & URLS into the top section of the .htaccess file.<br /><br /><b>Method:</b> - Although the Guardian script has been refactored over time, this vulnerability has stayed in place. A 'remove' action is part of the options/actions that could be performed without Admin or GM use of the Admin Center.  For the Guardian to work automatically, it works as it it were a user - by submitting a request to itself.<br />Note: The 'remove' action in Guardian is not called anywhere within YaBB itself that we can find. Therefore it can ONLY be called by a specially formed query string.<br /><br />Code fix:<br />In Sources/ find:     ***Go to Post to see Code*** <br />And replace <b>the entire line it's in</b> with:     ***Go to Post to see Code*** <br /><br />The actual line has changed over time and so has several variations, but looking for that bit of code will find the line with the vulnerability.<br /><br />We do not know by whom or why this method was added, and there may be a completely logical explanation (including that whomever added it thought it was needed for the Guardian to work properly).  We have tested out the revised code on and it works correctly.<br /><br /><b>New Releases:</b><br />YaBB 2.6 now contains an improved version of the Guardian that does not contain this option AND should improve performance in board with large numbers of Guardian blocked IPs.<br /><br />Many Thanks to all YaBB Supporters...<br /><br /> <img rel=";&#45;&#41;" src="" alt="Cool" title="Cool" />