Page Index Toggle Pages: [1] 2 
Topic Tools
Hot Topic (More than 10 Replies) v.2.1 security patch dead link (Read 4,586 times)
J Sheedy
YaBB Newcomer
*
Offline



Posts: 2

YaBB 2.5
v.2.1 security patch dead link
Feb 4th, 2013 at 5:06pm
Post Tools
The links in the following post are dead.

/codex/YaBB.pl?num=1192140319

Can anyone point me to a live copy of this patch or are there more security issues with 2.1 than this will solve and I should be looking at full upgrade 2.1=>2.5. Also if full upgrade is nessisary does anyone have wild ball parks on time involved and relative headache?

Thanks.
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,684
Location: Los Angeles

YaBB 2.5
Re: v.2.1 security patch dead link
Reply #1 - Feb 4th, 2013 at 5:34pm
Post Tools
J Sheedy wrote on Feb 4th, 2013 at 5:06pm:
The links in the following post are dead.

/codex/YaBB.pl?num=1192140319

There's simply a misspelling of that link in that post. The correct link for Boardmod is as follows:

http://www.boardmod.org/

Unfortunately, nobody's minding the store at YaBB's codex any more, so mistakes like that won't be corrected anytime soon.

Edited:
Oops! I see you meant the zip file that was referenced, and right you are.

Quote:
404 - File Not Found

The requested file wasn't found!

Perhaps you mistyped the URL?
Try going to our homepage at http://www.yabbforum.com to locate the file you were looking for.


Actual bad link: http://www.yabbforum.com/yabbfiles/codexAttachments/profile_register_patched.zip

Thankfully, this forum has staffers on top of everything, so hopefully they'll give you a correct link in a timely fashion.


****************************************

To those of you on YaBB's team, can you please get somebody - anybody - to attend to YaBB's codex? Every few months for the last couple of years I've requested that the language icons be properly linked so that the page renders properly in Firefox. It's a very easy fix that should only take a few short minutes to correct. Thanks.

« Last Edit: Feb 4th, 2013 at 5:43pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,591
Location: UK:Scotland/livingston

None
Re: v.2.1 security patch dead link
Reply #2 - Feb 4th, 2013 at 6:33pm
Post Tools
J Sheedy wrote on Feb 4th, 2013 at 5:06pm:
The links in the following post are dead.

/codex/YaBB.pl?num=1192140319

Can anyone point me to a live copy of this patch or are there more security issues with 2.1 than this will solve and I should be looking at full upgrade 2.1=>2.5. Also if full upgrade is nessisary does anyone have wild ball parks on time involved and relative headache?

Thanks.

from the page
Quote:
This patch was included in the code for Y2.2 and still is for newer versions.
so YaBB 2.2 has this fix built into it as to the .zip i cannot find a copy of this for you sorry  Sad

also to the time for upgrading from 2.1 to 2.5.2 will depend on if you have mods on the forum also how big the forum is a standard size forum can take up to 90 minutes this includes all the preparation work as well e.g. backup of the old forum running full Maintenance settings on it setting up and testing YaBB 2.5.2 then make a backup of it then copying all files over that you need from 2.1 to 2.5.2 then running full Maintenance settings on this then testing the forum is working as you you want also checking all settings
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
depablo
YaBB Moderators
YaBB Next Team
Beta Testers
***
Offline



Posts: 577
Location: UK

None
Re: v.2.1 security patch dead link
Reply #3 - Feb 4th, 2013 at 6:46pm
Post Tools
I was looking for that security patch, Cap'n John sent me a link but its long gone.

As for the Codex not enough hands to do everything at once.
  

Taking a peek behind the mask Wink
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,913
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: v.2.1 security patch dead link
Reply #4 - Feb 4th, 2013 at 7:03pm
Post Tools
Version 2.1 is no longer actively supported and patching it should not be considered as a viable solution.  Its not primarily a security issue, its a problem both with the current crop of very capable spam-bots (who will auto-register until you want to pull your hair out) and providing support (other than myself, I doubt there's anyone around that has worked much with YaBB 2.0 or 2.1) [or Bill perhaps Wink ].

2.5.2 Has many improvements, plus built-in anti-spam  Smiley

As Xnoddyx indicated, if your forum does not have a lot fo modification, upgrading should not be terribly difficult.

Good Luck
Wink

« Last Edit: Feb 4th, 2013 at 7:35pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: v.2.1 security patch dead link
Reply #5 - Feb 4th, 2013 at 7:11pm
Post Tools
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,684
Location: Los Angeles

YaBB 2.5
Re: v.2.1 security patch dead link
Reply #6 - Feb 4th, 2013 at 7:40pm
Post Tools
depablo wrote on Feb 4th, 2013 at 6:46pm:
As for the Codex not enough hands to do everything at once.

John, that's a reasonable explanation. I'm with you on that.

However, there's really no good excuse for ignoring relatively simple requests to make a correction here and there to YaBB's codex. Please keep in mind that some of these requests have been made repeatedly over the last couple of years with nothing being done about them; literally nothing. That's inexcusable.

Thankfully, you and the rest of YaBB's team working here in the forum have been doing an outstanding job, and should be applauded. My hope is that your collective minds, in regard to YaBB's codex, will take this lack of management seriously enough to actually do something about it.

So please, to you and the other YaBB team members, apply whatever pressure you can to get things moving along in the way that you've been able to do with this forum.

By the way, I realize it's most certainly a big job to get YaBB's codex back in shape, no doubt. But seriously, is it that unreasonable to ask for an occaisional fix from time to time? Some of these fixes should only take a couple of minutes to correct.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
depablo
YaBB Moderators
YaBB Next Team
Beta Testers
***
Offline



Posts: 577
Location: UK

None
Re: v.2.1 security patch dead link
Reply #7 - Feb 4th, 2013 at 7:50pm
Post Tools
Derek Barnstorm wrote on Feb 4th, 2013 at 7:11pm:

Thanks Derek
I have an old forum and was wishing to check if this had been installed, sure it was at the time, will check later.
  

Taking a peek behind the mask Wink
Back to top
 
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,591
Location: UK:Scotland/livingston

None
Re: v.2.1 security patch dead link
Reply #8 - Feb 5th, 2013 at 12:33pm
Post Tools
Derek Barnstorm wrote on Feb 4th, 2013 at 7:11pm:

Thanks Derek i was thinking http://www.boardmod.org/mods.php was for 1.x only  Embarrassed i will need to go have a look and see what else is in there as well.
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
J Sheedy
YaBB Newcomer
*
Offline



Posts: 2

YaBB 2.5
Re: v.2.1 security patch dead link
Reply #9 - Feb 10th, 2013 at 12:55am
Post Tools
Thanks for the help. Bill, I couldn't post the full link to that post because new users cannot post links or things that remotely resemble them apparently I tried the old (dot) method too. Sorry for the initial confusion there.

It seems a reasonable policy... except when the link is the same domain as the site running the forum like this was.

Thanks again for getting me that file and for giving me a better grasp on what to expect for time on task for the real solution.
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,684
Location: Los Angeles

YaBB 2.5
Re: v.2.1 security patch dead link
Reply #10 - Feb 10th, 2013 at 3:55am
Post Tools
J Sheedy wrote on Feb 10th, 2013 at 12:55am:
I couldn't post the full link to that post because new users cannot post links ...

It seems a reasonable policy... except when the link is the same domain as the site running the forum like this was.

I'm in agreement with you. Sad

I'm pretty sure the restriction on posting links is so that spammers can't come in to spam the forum. But that doesn't actually work. The irony is that spammers simply make enough posts so that they can include links before they are discovered, and their posts are subsequently deleted or moved to a private area of this forum for further review.

So YaBB's policy of restricting links only ends up hurting new forum members whom of course sometimes have a need to post links. Go figure.

The real solution is for this support forum to install, and enable anti-spam measures that are known to work so that there are little or no restrictions placed on new members who come here for help.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,913
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: v.2.1 security patch dead link
Reply #11 - Feb 10th, 2013 at 7:22pm
Post Tools
Unfortunately Bill - there is a terrible logic error in your argument.

Quote:
The real solution is for this support forum to install, and enable anti-spam measures that are known to work so that there are little or no restrictions placed on new members who come here for help.


The logic error is that ONLY human spammers [hu-bots] are currently able to post here on yabbforum.com, and human spammers can that read/write the 'registration languages' can always defeat a Turing test of any sort - that is its definition.

We also are no longer getting any bot-registrations due to a clever admin.

Please let me know when some one comes up with a measure that can do more.

Good Luck
Wink
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,684
Location: Los Angeles

YaBB 2.5
Re: v.2.1 security patch dead link
Reply #12 - Feb 10th, 2013 at 8:42pm
Post Tools
JonB wrote on Feb 10th, 2013 at 7:22pm:
Unfortunately Bill - there is a terrible logic error in your argument.

That's the irony about the error you perceive as my "terrible logic" even though I remain open to your more logical explanation. After all, you may very well be correct; at least with the semantics, which has nothing to do with the actual facts.

So in any case, what remains a fact is that there are forums whose admins have been able to stop both hu-bots and spam-bots where this forum still has a problem with what you believe are hu-bots. So we've either been incredibly lucky, or as it's more evident, we've simply utilized YaBB's otherwise superb anti-spam features, which this forum clearly has not.

Please give these anti-spam measures a try. They were written specifically for YaBB, and I think you'll be pleasantly surprised at how wonderfully effective they are.

As for those hu-bots you describe, that's the brilliance of the automated programming of spam-bots. Even an expert such as you is easily fooled into thinking that an actual person is the one spamming this forum.

Logically, the only human involved is the person who's been able to fool experts like you into thinking their spam-bot automation is a human. Again, this is brilliant on their part.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,913
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: v.2.1 security patch dead link
Reply #13 - Feb 10th, 2013 at 10:26pm
Post Tools
Bill - You are entitled to your opinion.

I am inclined to believe that anyone who has stopped hu-bots "stop both hu-bots and spam-bots" has created a question list where only those with specialized knowledge can successfully answer the questions (such as location--or-culture specific, math, fishing, or science questions for instance).  That is an unacceptable method for a general purpose forum, as folks like you or I would not be able to register, eh? (say if we didn't know how to evaluate derivatives, know what the square root of -1 is, or the color of a bass's eye)  Lips Sealed

I will remind you that spam-bots (as far as we know) - can't post after running an automatic registration.  If they could all YaBB Forums would be over-run with SPAM posts, and they aren't.  Wink

Speaking of which - we (yabbforum.com) have no spam-bot registration problem currently. The reason for which I will be explaining in the next few days - it has nothing to do with Anti-spam tools, it does have to do with using YaBB's built-in architecture.  We are discussing if revealing the fix will result in Spam-bots being able to resume registering.  Wink

Please also recall we are not, ever, going to try to 'fix' the 3.0 beta software installed here - we WILL be replacing it in the next few months (as was pointed out in another thread).

And that is that...

Smiley
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,684
Location: Los Angeles

YaBB 2.5
Re: v.2.1 security patch dead link
Reply #14 - Feb 11th, 2013 at 1:09am
Post Tools
Jon, call them whatever you want; hu-bots or spam-bots or magical leprechaun-bots. The fact remains, spammers do indeed continue to post in this forum where they do not in other YaBB forums that use proven anti-spam measures to stop them.

By the way, I agree with you that it's unacceptable for a forum to ask questions that only people with a specialized knowledge can successfully answer.

To that point, just to better identify if hu-bots or spam bots were registering in our forum, I actually included answers with the questions I asked, and I explained this to registrants.

I'm using a different method of spam control now, but for a while we had the following alternating questions on the registration page of our forum:

Quote:
To help stop spam-bots, please answer this question: What is 1 + 1 (the answer is 2)?

To help stop spam-bots, please answer this question: What is 2 + 2 (the answer is 4)?

Can a hu-bot answer these questions with the answers provided? Of course they can, which is why it was determined that except on the rarest of occassions, only spam-bots were making attempts to register in our forum.

Silly, silly, silly, but it did make me laugh. Cheesy

Oh, and if you think spammers haven't been able to post spam links in this forum, you haven't been around to see that it happens. They simply post a dozen or so times all over the place to accomplish this task. Thankfully, YaBB's moderators have zapped them away in a timely fashion.

Meanwhile, new members who come here for help are unable to post links as they may need to do. Then again, at least they're able to request help right after they've registered, and that's what counts.

Hopefully we can agree on at least one thing about spam in this forum. That is, it doesn't happen that often, and when it does, YaBB's moderators are pretty quick to get rid of it.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Page Index Toggle Pages: [1] 2 
Topic Tools
 
  « Board Index ‹ Board  ^Top