Originally posted by Rock_It
The deal with upgrades is you have to know whether you can upgrade without causing issues with what you have. Many of these forums have mods to the software, many of them have tricks coded in, many of them have "special tools", all of that has to be compatible. It's not as simple as just upgrading to the next version. Some versions have more bugs and can cause more issues than if you left it alone.
Originally posted by Rock_It
The deal with upgrades is you have to know whether you can upgrade without causing issues with what you have. Many of these forums have mods to the software, many of them have tricks coded in, many of them have "special tools", all of that has to be compatible. It's not as simple as just upgrading to the next version. Some versions have more bugs and can cause more issues than if you left it alone. They just got the e-mail server working again. I hate spam too, but they will deal with it. It's not like it's taking over here or anything. The mods have this place well under control. Spammers are dealt with severely...they are banned. I know the post you guys saw. Trust me, they just haven't seen it yet. They will, and they will definitely ban the sucker. I can assure you of that. I bet by 10am at the latest it'll be gone. Give them time to get up, get woke up, go to work or whatever they need to do in their lives, and they'll check in.
Originally posted by Rock_It
Explain to me why my online "buddy store" went and exploded 2 versions ago over at ADO. When we went to the backup the problems disapeared. The only difference was the upgrade. They don't always work with 3rd party add-on's.
Thios is not really an upgrade issue anyway. You'll never be able to stop people from signing on. The last one we saw was an actual user. That wasn't a bot driven post. Somebody actually posted that. The mods have to get those.
In fact, it's 7:58am, and the spammer is gone...beat the 10am by 2 hours. Now that's better moderating that I'd expect from anyone. Heck it's free too.
Originally posted by wilsotr
Be careful what you ask for .... I liked Rocketry Online a lot until it was "upgraded."
Originally posted by wilsotr
Be careful what you ask for .... I liked Rocketry Online a lot until it was "upgraded."
Originally posted by KermieD
Running a registration script is way different than trying to hack into the admin IDs of the forum, which you would need to hack into the root directory.
Right now, the issue of an upgrade is not a monetary issue...it's about free time. The admins just don't have a solid chunk of time to do a full backup and then the upgrade. Since the version that TRF runs on and the latest version are several increments apart now, upgrading *can* be an issue for stability, so we want to have the "insurance policy" to fall back on if needed.
CQBArms is correct that, in the event of an upgrade, you probably wouldn't see much change up front.
Originally posted by wilsotr
Be careful what you ask for .... I liked Rocketry Online a lot until it was "upgraded."
Originally posted by KermieD
I believe you're misinterpreting what is going on with the bots as an "automated login script". The auto-registry bots are merely crawling the Web for BB sites and autocompleting a standardized form. The feature that prevents that in current versions is merely the insistence that a user fill in the "type the code you see in this image" field. There's really no script-insertion involved and what's going on in this situation is completely unrelated to cross-site scripting.
Originally posted by KermieD
If you will research the vulnerabilities in the version currently used on TRF, you will not see an index.html insertion scripting vulnerability. The only insertion vulnerability out there is one that allows you to perform new SQL searches across the entire database, including the mod and admin forums. Since vB references this info in SQL by thread and post number and not by name, you would have to make a lucky guess to actually find anything in a restricted area.
The cross-site scripting vulnerability that you reference in your link was subsequently shown to be a hoax and, even were it not a hoax, would not have compromised any internal directories were it to be used in an attack.
Originally posted by CQBArms
So we agree to disagree on the need for upgrading the software. Such is life.
Enter your email address to join: