MyBB Hacks

Obviously zinga and rateu are in a class by themselves, but how can I tell if I have secure plugins from other developers? (besides the obvious once it's too late)

MyBB version: 1.6.1

I'm currently using these plugins:

Group Post CSS (2.0) - ACTIVE
Allows you to set the CSS for a groups post.
Created by Jammerx2

Grouped Subforums (1.0) - ACTIVE
Sorts your subforums on the index into groups
Created by Janota

Footer chatbar (1.0) - NOT ACTIVE YET
A footer chatbar for users online.
Created by Janota

Extra securty question (1.0) - NOT ACTIVE YET
Adds a question to the registration process.
Created by Janota

Rss to Post (1.2.2) - ACTIVE
See the "RSS To Post" section in the ACP Configuration Menu to configure this plugin.
Created by DennisTT

XThreads (1.337) - ACTIVE
eXtend your Threads with extra fields.
Created by ZiNgA BuRgA

Thats a small list...I wish my plugin list looked like that. I can't say if they are secure, (though that Zinga guy seems an ok coder to me   )but I can say you have one missing

No php in templates? You should have that one - it goes with XThreads like bread goes with cheese

http://mybbhacks.zingaburga.com/showthread.php?tid=260 OR http://mybbhacks.zingaburga.com/showthread.php?tid=464

Good news, thank you very much lee

(01-05-2011 03:03 AM)Vapor Wrote: [ -> ]how can I tell if I have secure plugins from other developers?

Look at the code yourself and try to break it.
I honestly wish it was easier, so that there wouldn't be so much trash out there, but it isn't unfortunately.  Sometimes the community can identify problems, but from what I've seen, I'd trust myself more than the community.

Developers who are security conscious are probably more trustworthy.
I cannot guarantee that there are no security problems in my code, only that I try my best to remove any problems that I know of.

Thanks zinga I appreciate it !

My plugin list is massive...between 52-63 plugins total, plus several template edits. I've had to learn to use my default templates so that when I upload new theme I can always use the same templates without losing my template edits.

To answer your question more directly though, the only plugin I'd find questionable would probably be the chat plugin because I've often found chatboxes and shoutboxes to be rather exploitable. I now use blue imp's chatbox (but it has its own page, it's not in the footer of your forum).

I doubt I will be using the chat thing as I use STEAM all day anyways so another form of "chat" would be pointless. Shoutboxes imo defeat the purpose of forums so that is why I'm just doing away with it.

Thx

Yea, I have a shoutbox on my forum - I HATE the bloody thing, but my regulars like it. Just a comment on the Ajax chat - if you ever look at that - I DO have it installed, but tbh its NOT good if you are on a shared host due to the persistent connections. Better to go with IRC if you really want a chatroom.

(01-06-2011 09:33 AM)MasterZuFu Wrote: [ -> ]My plugin list is massive...between 52-63 plugins total

Yeah. That is a massive list (for me)

lol, yeah, I should probably disable a few of these XD lol