IntegraMOD

[DjPorkchop]

Do you all believe this late in phpBB life that spammers/Hackers actually still search the term Powered by phpBB? And if so, why are we the only ones who ever discussed using image files powered by the language files for the phpBB link instead of text to deter said search? I always wondered why phpBB themselves never attempted to thwart such efforts by hackers/spammers (trash).

Just a random thought I had today while sitting here battling a mild to moderate case of insomnia. Way to much Death Wish Coffee Company Coffee this morn (I'm a day sleeper).

Have a great day all.

[Helter]

heres another thought. Should we even keep the phpBB link? phBB2 has been EOL for a vey long time and the phpBB staff actually get a little hostile when member even mention it.

[Vendethiel]

I want to remove the "protected by ctracker" in the footer, the links are dead and I don't think it ever made sense in the first place.

[DjPorkchop]

heres another thought. Should we even keep the phpBB link? phBB2 has been EOL for a vey long time and the phpBB staff actually get a little hostile when member even mention it.

I am all for giving credit where credit is due but if they get pissy about people asking now a days and as you pointed out, it's EOL has long since come and gone, I see no harm in 86'ing it.

My reasoning behind the answer is because we all know far too well that no matter how many times we say NO support is offered at phpBB for the phpBB 2.x line any longer, they will STILL go anyhow. And why send someone somewhere where someone is going to just get cranky with them?

My $0.02 on that one. Thanks for kicking this dead dog back to life Helter.

[DjPorkchop]

I want to remove the "protected by ctracker" in the footer, the links are dead and I don't think it ever made sense in the first place.

It may make sense now that links are dead but back in the day I am sure it made perfectly good sense to give the credit. And Integramod (as bad as I HATED and was vocal about it) was dependant on CTracker for a good while. phpBB as a whole got hammered bad there for a stretch and that stopped it in it's tracks for a while. I think once a patch or two was released it was pretty much not needed. I shut it completely down on my sites that I maintained and never had an issue. However, I always informed the owners that by doing so, no support at Integramod was likely IMO by staff unless it was turned back on.

But as far as the links and all being dead now a days, I hate nothing more than having a dead link on any website that I build or maintain or own. Would others enjoy dead links on their website?


On a side note, I Really REALLY hated cracker tracker. lol and still do. Maybe worse than PCP But once we got a grip on it blocking and nagging about everything we attempted to do , it wasn't so bad.

[Helter]

we should probably remove all copyrights from the footer and mods and replace them with a simple 'credits' link to the mod in the mods list and edit all phpbb back links to a post at integramod.com

once we put the ctracker code on a file so it can be edited, what protections are still enforced on that file?

[DjPorkchop]

Is Ctracker still necessary all these years later? The "what" part of the protections is what I ma wondering as well. That kind of goes back to the conversation we had the other day about phpBB being relatively secure and patched pretty quickly. Is Ctracker even smart enough to block anything any new aged script kiddies would come up with? I was scrolling through the mods vault and ran across phpBB Security by Austin and wondered the same question really.

And as far as a "Credits" page goes, I am all for that! It was done in AD&R mod as a matter of fact. I do not recall if it was the base mod or an addon but it worked out really well. I think that would clean our footer area up and clear it for .. gulp Ads.... or whatever else someone wished to put there. I like where you are headed with the links heading back and all that you mentioned. Not a bad idea at all. Kudos are still given, no stolen valor, none of that. I like it.

[Helter]

In the entire IM project only phpBB and integramod are still around. Every other link is dead

[Helter]

I’m wondering if we remove it will we be vulnerable to exploits like this?
https://www.exploit-db.com/exploits/33772

I know there was an issue with the NL version of 141 but I think Mike fixed that for our version but security was never my forte

Also there is this
https://www.exploit-db.com/exploits/6390
I think I addressed this with an index and htaccess but I never considered the file name issue
I’ll have to look at the acp to confirm but can’t we change the backup folder name in the acp? It’s been so long i don’t remember. I just remember integramods backup folder was dbackupsd but I may have edited files to make it so

[DjPorkchop]

both valid points that I 100% completely forgot about.

I am not certain if the KB exploit was ever fixed in the mod itself or not, guessing not. And I do recall plain as day the backup folder issue. I think a hta and renaming the folder in ACP in phpBB security was the only "fix". That is the folder phpBB security used to store the DB backups.So in all fairness, I would call that a phpBB Security issue, not truly was it a Integramod issue. We were just victim of circumstance really.

Boy that rolls back the memories of posts galore rolling in.

[DjPorkchop]

In the entire IM project only phpBB and integramod are still around. Every other link is dead

That is most certainly believable. So at that point, they are considered abandonware? So are links / kudos necessary at that point even anymore? The only folks I know of with websites online with mods they created / took over are Luca and OzzieOne. Ozzie is a person rarely to never heard of, Maybe years in between posts and Luca is Luca. Busy fella and jumps on as he wishes. I believe Ven know Luca's situation much better as he was one of the fellas helping Luca as well.

I don't believe we used anything of Ozzie's did we? Nah. I don't believe. FAP (It's been far too long, I don't recall what we used) can still be accessed via Luca's website in the forums in the archived mods, styles and Support Thread.

[Helter]

Ozzie's a member here so he’s welcome to chim in if we step on his toes in any way. I wasn’t aware he wrote any mods though. I thought he stockpiled them and maintained a few. Haven’t heard from him in probably 20+ years

[DjPorkchop]

I think he mainly contributed to the RPG world. I do know that he was here and helped work on PCP integration for some RPG style AD&R stuff as well for his mods that he wrote. As far as Mods for integramod, he never did as far as I know. It has been a few 3 or 4 years since I last spoke with Ozzie. I updated a couple of his mods and asked permission to share them with whom ever wanted them. Pretty awesome fella and smart as a whip too. His wife is / was really good with graphics too.

[Vendethiel]

I only remember Ozzie's contributions to the AD&R scene. Looking at the mods list I have on EzArena, he's credited for 2 AD&R mods.
I did use to check up on his forum regularly but I lost the link now and I can't seem to find a working one

I checked that particular KB exploit and it was fixed in the mod, the backups were an issue and I think they still are.
There's no .htaccess still in the git version. The index.html removes the listing, but you can guess the filenames and download them.
One option actually would be to store them in a different format. We could masquerade them as .php files (so .sql.php) and prefix them with something like this:

Code: Select all

-- <?php exit; ?>
...sql here...


So whenever you need to import the backup, it's valid SQL (the -- make a comment), but if you try to access it, it will only print these -- then exit the page.

I believe Ven know Luca's situation much better as he was one of the fellas helping Luca as well.

I haven't had direct contact with MG for a long, long while. He did ask me to help port IP to PHP8, which I might do if the IM1.5 port even gets finished lol.

[DjPorkchop]

The backups are from phpBB Security though. Are we able to reformat the saves so they are not the same guessable format via the mod? That would be mighty nice if so.

[Vendethiel]

I don’t think it’s a good idea to let them be plaintext anyway.
My PHP comment idea seems sane, I’ll mull over it

[DjPorkchop]

I like it and agree. That would truly breath a little fresh air back into the security and backups.

I think it seemed decent back in the day when Austin blazed that trail. It worked when we badly needed it until someone figured that out.