bbPress support forums Tag: security

bbPress support forums Tag: security http://bbpress.org/forums/ bbPress support forums Tag: security en Tue, 02 Dec 2008 22:42:39 +0000 sambauers on "TalkPress" http://bbpress.org/forums/topic/talkpress/page/2#post-20270 Mon, 27 Oct 2008 11:55:14 +0000 sambauers 20270@http://bbpress.org/forums/ @geldlening It is safe to use the stable version of 0.9.0.2 geldlening on "TalkPress" http://bbpress.org/forums/topic/talkpress/page/2#post-20265 Sun, 26 Oct 2008 22:24:59 +0000 geldlening 20265@http://bbpress.org/forums/ So is it safe to use or should one just know a lot about it? beernews on "TalkPress" http://bbpress.org/forums/topic/talkpress/page/2#post-20138 Thu, 23 Oct 2008 02:30:09 +0000 beernews 20138@http://bbpress.org/forums/ Been a few months. Where does one keep up with the developments (other than the trac/code stuff which I dont understand)? _ck_ on "TalkPress" http://bbpress.org/forums/topic/talkpress/page/2#post-19259 Tue, 16 Sep 2008 01:23:15 +0000 _ck_ 19259@http://bbpress.org/forums/ This topic is old - bbPress has not been hacked - there was an exploit for all of a day or two back in 0.8 that was quickly fixed. What's happening is that OTHER programs on the same account or server are being hacked and what they do is attach themselves to the bbPress templates though those other programs. In over 4000 sites, I've only detected 8 XSS hacks so it's obviously coming in through other programs and not directly (or the problem would be far more widespread). (And by the way, if you keep getting hacked, that means your server has been compromised and need to be wiped and re-configured. Just re-installing the PHP programs won't fix the issue if there is a a hidden backdoor elsewhere. ) hypotheekrente on "TalkPress" http://bbpress.org/forums/topic/talkpress/page/2#post-19225 Mon, 15 Sep 2008 10:30:39 +0000 hypotheekrente 19225@http://bbpress.org/forums/ @geld_lenen Could you explain what you were using? My personal experience with bbPress is really great and hackers tried to hack some websites i have, but dont manage to get in to it. So i really wonder. Regards, Bob sambauers on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18843 Mon, 01 Sep 2008 16:05:53 +0000 sambauers 18843@http://bbpress.org/forums/ We also use bbPress to dabble in some new ideas, as our users are generally very nice and don't shout at us when we break things. : ) pab1953 on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18839 Mon, 01 Sep 2008 14:50:39 +0000 pab1953 18839@http://bbpress.org/forums/ Thanks for responses. bbPress shows great promise. _ck_ on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18833 Mon, 01 Sep 2008 07:31:10 +0000 _ck_ 18833@http://bbpress.org/forums/ bbPress is also very young so expectations should not be as high as WordPress (ie. robust plugin library). It's about equal to WordPress back in 2003. While it benefits from code development on WordPress, it's still 5 years younger. But writing plugins for bbPress is as easy for WordPress (and in some cases easier because of improvements over WordPress's legacy design). I'm definitely an example of this as I had never written a full PHP program or plugin of any kind before my bbPress plugins. sambauers on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18831 Mon, 01 Sep 2008 05:54:10 +0000 sambauers 18831@http://bbpress.org/forums/ bbPress is designed to be light and extensible. It's aim is to create a robust framework which can be extended with plugins and themes. It is designed to be adapted by developers into what they want it to be while it takes care of the core behaviour. WordPress is very similar in this regard, it just has a much older ecosystem of extensions and a much more active community. lstelie on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18824 Sun, 31 Aug 2008 19:49:27 +0000 lstelie 18824@http://bbpress.org/forums/ Thion Thanks for this clarification.. it's exactly the style of things that are not clearly announced by BBpress. This forum script is released as a simple, elegant and quick forum not as a set of library for developpers... and viewed this way it's highly different from WP that is a weblog software for the rest of us, not at all a tool for developers. Hopefully, thanks to "magic _ck_" and the marvelous plug in he provide to the BBPress comunity, the set of library starts slowly to get a new face, the one of a classical good forum software... Thion on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18823 Sun, 31 Aug 2008 19:26:02 +0000 Thion 18823@http://bbpress.org/forums/ For me it's clear - bbPress puts user first, but it sucks without developer - I'm talking about board developer, not script developers ;). Someone need to set up forum first, and he is using this great engine-core as I'm calling it with additional plugins he need - if one is creating forum for php coders, then he don't need bbcode or any form of editor, as users will know stuff. This forum for example don't need editor because its target is people who are developing using bbPress. For me, it's a library of functions ready to set up a great, huge and fast forum - if you want a board like "set up and forget about it" then go and use phpbb3 - huge, slow with thousands of useless options. But if you're a developer, then there's nothing better than bbPress for you. lstelie on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18817 Sun, 31 Aug 2008 13:55:41 +0000 lstelie 18817@http://bbpress.org/forums/ Hello, Notice : there is no pun intended in what follow, no troll intended, no critic, no aggressive talk and so on. Pat1953 question is an interesting one, a question that I asked to myself sometimes. The « problem » with BBpress is that for an average user (perhaps it’s different for developers) there is no clear direction about where the software is going. I was very early WP user (and I’m still a very happy WP user) so when BBPress appears a lot of years (in internet time) ago, i tried it. Then I used several other package more polished, more feature packed and so on. I came back to BBPress learning that Automattic was founded hopping this could mean a strong development for the forum software and hopefully a real integration with WP. What is strange with BBPress is that despite it’s a rather old forum software, it is still (from a user perspective) far behind scripts that are developped by a single guy (for example in the WP world, Simple :Press is far more sophisticated and integrated) and it has a very strange way of describing it self. For example reading The Philisophy it’s written “Put the user first”… despite the fact BBpress is now probably the only forum script without any editor (even a BB code functionality requires a third part plug in), the only one which end users are supposed to know a little bit of HTML. The integration with WP is also a very strange aspect. By integration I’m not talking about sharing users base and connection, but real semantic integration. WP lacks a forum part. I maintain a personal website since now close to 10 years and it’s clear for me now (it was not clear at first) that comments, and forum discussions are not the same things, and that they address different needs. A comment will be buried in the weblog archives after a few days so finding it will be near impossible for a classic visitor. On the other hand, forum post are better ordered, easier and more natural to find out and son on. So if I write a blog post about my holidays and two readers answer “cool, it seem it was great”.. comments are exactly what I need. If I write a blog post about a very interesting thing that will be still of a great interest two years later (even two months later) its better to redirect people to a forum topic, because the discussion will be interesting and deserve to be kept and easy to find out. So after many years of WP use, I think BBpress is a required integrated part of WP. But nothing is very clear in BBpress documentation about where the project is heading. Luc Thion on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18810 Sun, 31 Aug 2008 07:23:51 +0000 Thion 18810@http://bbpress.org/forums/ > What do I get with bbPress? The most coder-friendly Engine Core I ever seen :P. If you know how to code of course - coding plugins for bbPress is a pure pleasure. chrishajer on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18807 Sun, 31 Aug 2008 00:58:13 +0000 chrishajer 18807@http://bbpress.org/forums/ > What do I get with bbPress? Free forum software that is under active development > Is it secure? Yes. > Will it get spammed to death? No. It comes with Akismet to prevent spammers from posting, and you can use the <a href="http://bbpress.org/plugins/topic/human-test/">Human Test plugin</a> to prevent them from registering in the first place. > Is it stable? Yes. Even the latest Alpha version has been stable for me. > Is it designed for personal sites or can businesses > use it with confidence? It's designed for people who need forums. Businesses and individuals alike use it. <a href="http://bbshowcase.org/forums/view/top100">Check out these people using bbPress</a>. pab1953 on "Is BBPress Any Good?" http://bbpress.org/forums/topic/is-bbpress-any-good#post-18805 Sat, 30 Aug 2008 20:30:24 +0000 pab1953 18805@http://bbpress.org/forums/ In vBulletin, if I want to pay $180, I could get the Porsche (reportedly) of message boards. In phpBB, if I want to grapple with a sizable infrastructure, I could get perhaps the most seasoned of the free forum systems. What do I get with bbPress? Is it secure? Will it get spammed to death? Is it stable? Is it designed for personal sites or can businesses use it with confidence? Here's one very specific question: How do I add a link to bbPress to take people back to my WordPress home page? BTW, the installation was a breeze. :) sambauers on "TalkPress" http://bbpress.org/forums/topic/talkpress/page/2#post-17197 Fri, 11 Jul 2008 17:24:57 +0000 sambauers 17197@http://bbpress.org/forums/ bbPress is not a competitor to WordPress, it is a complimentary product. Anonymous on "TalkPress" http://bbpress.org/forums/topic/talkpress/page/2#post-17140 Wed, 09 Jul 2008 07:39:43 +0000 Anonymous 17140@http://bbpress.org/forums/ Why switch to bbpress? Wordpress is highly configurable and there are a lot of plugins. And if you want you can change the source code on your own server..... prathik on "Security issues?" http://bbpress.org/forums/topic/security-issues#post-16945 Thu, 26 Jun 2008 01:40:21 +0000 prathik 16945@http://bbpress.org/forums/ I have never been hacked while using it but after reading about the recent security issues with Wordpress 2.3 and script kiddies hacking those sites, I have to make sure that its completely safe. Were you ever hacked while using bbpress on your website. Thanks for your opinion and views. sambauers on "TalkPress" http://bbpress.org/forums/topic/talkpress#post-16739 Fri, 13 Jun 2008 06:25:03 +0000 sambauers 16739@http://bbpress.org/forums/ @geld_lenen That's a fairly serious accusation and warrants an investigation if true. Can you be more specific please? bbPress does a lot of filtering of user input to avoid these things. What part of bbPress was exploited? A topic, a profile? Code injection in bbPress installs is usually a symptom of insecure shared hosting, not bbPress itself. geld_lenen on "TalkPress" http://bbpress.org/forums/topic/talkpress#post-16730 Thu, 12 Jun 2008 19:42:08 +0000 geld_lenen 16730@http://bbpress.org/forums/ BBpres is extremely hackable for Iframe attacks and code injection. My BB was hacked 3 times, always used last version. Looking for another now.... 0aron Maya on "TalkPress" http://bbpress.org/forums/topic/talkpress#post-16358 Wed, 21 May 2008 01:35:56 +0000 0aron Maya 16358@http://bbpress.org/forums/ That sounds great. You know that the same framework, the same look and the same feel do drive us crazy. Forums should not be restricted but varied. glanceup on "Plug In Needed -- Only Active Members Can Post URLs" http://bbpress.org/forums/topic/plug-in-needed-only-active-members-can-post-urls#post-15406 Tue, 15 Apr 2008 18:51:14 +0000 glanceup 15406@http://bbpress.org/forums/ I am switching my board from phpbb to bbpress and am very worried about porn spamming robots that register and post urls to porn sites. In phpbb, there is a mod that didn't stop the registration, but was COMPLETELY EFFECTIVE in stopping the posting of porn sites. It simply would not allow brand-new members to post URLs. Is anyone capable of writing such a plug in for bbpress? Here's a link to the phpbb mod -- <a href="http://www.phpbb.com/mods/db/index.php?i=misc&mode=display&contrib_id=1649&sid=11350f22f9dec93e4361bf7b1d53a801" rel="nofollow">http://www.phpbb.com/mods/db/index.php?i=misc&mode=display&contrib_id=1649&sid=11350f22f9dec93e4361bf7b1d53a801</a> beaulebens on "TalkPress" http://bbpress.org/forums/topic/talkpress#post-14411 Tue, 11 Mar 2008 19:08:00 +0000 beaulebens 14411@http://bbpress.org/forums/ Also, for people's interest -- here's Matt talking about BackPress at WordCamp 07; <a href="http://www.viddler.com/explore/cdevroe/videos/228/241.45/BackPress/" rel="nofollow">http://www.viddler.com/explore/cdevroe/videos/228/241.45/BackPress/</a> harryworld on "Wordpress/BBPress Single Sign On" http://bbpress.org/forums/topic/wordpressbbpress-single-sign-on#post-14369 Sun, 09 Mar 2008 12:27:24 +0000 harryworld 14369@http://bbpress.org/forums/ Sorry for misleading. I mean I got a similar case as you do, thus case 2 and thanks for the link. horrorshow on "Wordpress/BBPress Single Sign On" http://bbpress.org/forums/topic/wordpressbbpress-single-sign-on#post-14341 Fri, 07 Mar 2008 18:53:40 +0000 horrorshow 14341@http://bbpress.org/forums/ Funny that my settings are screwy and there are better ways at accomplishing single sign on? Or funny: "yes, this is the closest that I am able to get to single sign-on, and I get the same results"? If it's the first case, then please enlighten me. If it's the second case, then this link might help you. <a href="http://bbpress.org/forums/topic/cookies-subtle-bug-single-sign-on-bbpress-and-wordpress" rel="nofollow">http://bbpress.org/forums/topic/cookies-subtle-bug-single-sign-on-bbpress-and-wordpress</a> harryworld on "Wordpress/BBPress Single Sign On" http://bbpress.org/forums/topic/wordpressbbpress-single-sign-on#post-14327 Fri, 07 Mar 2008 09:09:30 +0000 harryworld 14327@http://bbpress.org/forums/ horrowshow, I tried your settings, and it's funny that if you login on either on side, you cannot log out on the other side. If I login WPMU first, I can only logout through WPMU. horrorshow on "Wordpress/BBPress Single Sign On" http://bbpress.org/forums/topic/wordpressbbpress-single-sign-on#post-14246 Mon, 03 Mar 2008 21:45:05 +0000 horrorshow 14246@http://bbpress.org/forums/ Hi, I am trying to integrate bbpress(0.8.3.1) with wordpress mu (1.3.3), and I am having some issues with cookies for login/logout. I've tried setting this: ("MD5hash" replaced with my MD5) <pre><code>$bb->usercookie = 'wordpressuser_MD5hash'; $bb->passcookie = 'wordpresspass_MD5hash';</code></pre> However, that didn't seem to synchronize login(meaning, if I am log into wp, go to bbpress and find myself already logged and vice versa) Watching the cookies during the login/out process on WP MU, I found that the cookie names that WP MU uses are: "wordpresspass" and "wordpressuser" So in config.php for bbpress, I used: <pre><code>$bb->usercookie = 'wordpressuser'; $bb->passcookie = 'wordpresspass';</code></pre> This works somewhat, let me explain: This scenario works: Log into WPMU, refresh bbpress page, I find myself already logged into bbpress. Log out of WPMU, refresh bbpress page, I find myself logged out of bbpress. Log into BBpress, refresh WPMU, I find myself logged into WPMU This doesn't work: Log into BBpress, refresh WPMU (I find myself logged into WPMU) AND THEN when I try to log out from WPMU, I can't log out. I refresh BBpress page, and I am not logged out either. If I log out from BBpress at this point, then I am logged out of WPMU as well. I have a feeling it might be something with WPMU, but I thought I'd post here first since this is where I found all the information about the integration. Thanks for your help. I am appending my config.php relevant to the integration part. <pre><code>$bb->wp_table_prefix = 'wp_'; $bb->wp_home = 'http://achillesblog.com'; $bb->wp_siteurl = 'http://achillesblog.com'; $bb->usercookie = 'wordpressuser'; $bb->passcookie = 'wordpresspass'; $bb->cookiepath = '/';</code></pre> thanks for your help. lenen on "TalkPress" http://bbpress.org/forums/topic/talkpress#post-13943 Tue, 19 Feb 2008 16:20:37 +0000 lenen 13943@http://bbpress.org/forums/ Looks like a lot of trouble to fix in the future. I never had any problems with bbPress, but that's probably because there aren't a lot of users active :) sambauers on "TalkPress" http://bbpress.org/forums/topic/talkpress#post-13625 Mon, 04 Feb 2008 13:43:29 +0000 sambauers 13625@http://bbpress.org/forums/ Also, BackPress may or may-not be incorporated into WordPress. bbPress is a testing ground for the concept. If it doesn't get incorporated into WordPress it doesn't really matter, hopefully we'll at least have a better structured core in bbPress as a result. sambauers on "TalkPress" http://bbpress.org/forums/topic/talkpress#post-13624 Mon, 04 Feb 2008 13:40:23 +0000 sambauers 13624@http://bbpress.org/forums/ I don't think the concept of upgrading plugins to met the new requirements of a version is unheard of or that big a deal. Most deprecated functions will probably be maintained via the deprecated.php include file, but we are actually considering clearing out most of that deprecated.php include when 1.0 is released. We have generally searched the current plugin repository for each of the few functions we have dropped so far during the BackPress migration. If we don't find it we have been reasonably confident that dropping the function won't cause any problems. We will attempt to work with the current plugin devs to get their plugins up to scratch when the time comes.