vBulletin (abbreviated as vB) is a busy, fully networked forum with a high potential for expanding capabilities. We write on the Swedish Internet - PHP, and use the highly efficient and fast MySQL database. From this forum it is necessary to see: a speedy and effective robot with a database, an interface that consists of templates, a powerful search system, multi-mobility, support for profiles of clients, a powerful and manual admin panel estrator, the possibility of creating an unbounded number of topics and information, evaluation of topics, information by email and much more
vBulletin 3.8:
Social groups - Discussion:
* Follow on social media groups can discuss (in translation: a la citation of news, blog chatting, further - discussion)
* Discussions are sorted by author, type and other information
* Discussions can be filtered by additional full-text search in the headings (translation: just typing part of the heading)
* Discussions can be moderated on the side (Swedish moderation menu)
* Discussions are marked as read in all engine ways (DB, cookies) with the possibility of moving to the first unread message
* Customers can subscribe to conversations and receive e-mail notifications about new messages
* Subscription to conversations is confirmed in the settings of the account manager (My account)
* Particulars discussed may be social. bookmarks (kerovani koristuvachem) (type of translation: perhaps as in forum topics, only in your social groups and are adjusted not by moderators, but by the koristuvachs themselves)
* New “Can Always” (translation: permanent?) rights for creation and review of discussions and notifications with easier access.
* Videos have been redesigned for users without JavaScript.
* Moderators can quickly edit messages on social media. groupy vikorystyuchi AJAX.
* Messages are sorted according to the categories, which is more intuitively understood in thematic discussions (translation: it is not entirely clear what it means for the categories, but rather for all the numbers of notifications, thematic discussions - groups information in social groups)
* Members of the group can customize their groups so that only the leader of the group can initiate discussions.
* Moderated and remote conversations are grouped (visible) in the settings of the account manager (My account) where the modernization can be continued.
* Moderator's rights are divided for discussion and this, including the following (such as translation: “flies okrame, cutlets okramo”, etc.)
* At the hour of deleting/moving a conversation, special queries are made from the database and data to speed up the work.
* When updated from a version lower than 3.8, the main notifications will move to conversations, as well as in groups.
*Info for social. The group is welcomed if the correspondent reviews the discussion.
Change in social groups:
* Social groups are marked by reading the database and using methods based on information and discussions
* "Sign all" means that all discussions in the group have been read using AJAX
*You can subscribe to social media. Groups, group signatures are visible in the section of the account settings (My account)
* Social Groups are now visible within categories/sections
* Social categories groups are displayed in the drop-down list, group list and information about groups
* The new page displays the new group, your groups, new groups and groups created by you
* Groups you create can be navigated using AJAX and display information about the group, including members who are participating and moderated
* The list of categories (translation: like the list of tags) is displayed in the group view (with a variety of options for displaying popular ones)
* Categories can be created, deleted or merged in the admin panel
* When updating from a version lower than 3.8, the main groups are moved to the "No category" group, which can be renamed
* Groups can be filtered by categories, through categories or search extensions
* Social Groupies can mother icon. The icon is displayed in information about the group and a small icon is displayed in the list of groups
* Icons of the groups in which the account is formed are displayed in your profile
* The rights management system allows you to control the size of icons and the ability to set animated icons
* Icons can be saved both in the database and in the file system
* New rights may cover a number of social networks. groups that can be created by koristuvach
* Social Groups can be transmitted between koristuvachs. The transfer of the group will be carried out by Wikonan, as soon as the group receives it
* Moderators can transfer groups to other members. Tse can buti korisno if vlasnik groupi becomes inactive
Changes in special notices:
* Possibility of using the new “Swidka vidpovid” for vidpovid on special occasions
* New account option that allows you to save a copy of the payment notification, including sending via the form
* Features may be sorted by title, date and directory
* Features of the notification can be filtered by directory, title, date of publication
* Control will be announced. Administrators can set the time period and maximum alert time for the skin group.
* Notification selections are remembered on all pages for future actions (moving, deleting, etc.)
Profile:
* Customers can now choose which parts of their profile are visible and for whom
* More fields for the account manager's profile can be customized by the admin
* Images may be moved from one album to another
* The album cover is created anew if the cover image has been moved or the album is not included in the cover
Lightbox:
* Lightboxes can now be used to view all pictures from friends
* The "Forward" and "Forward" buttons can be used to navigate through attached files and change when the first/last image is reached
Other changes and additions:
* Change in the CAPTCHA system
* Topic tags can now be merged and renamed
* Tag selections on the admin panel are remembered on all pages
* The new rules have now been updated and expanded at the bottom of the pages
* The message to the list of koristuvachs has been updated: now there is a submenu on various lists of the forum (social groups, images and albums, contacts and friends and the list of koristuvachs)
* Removed and moderated messages are now lit in the menu panel
* The bells and whistles from the submenu in various parts of the forum
* Change the menu on the customer panel
* New rights for thumbnails are available to our contacts. You are allowed to look at the miniatures, but you are not allowed to look outside the image.
* View in RSS: filter
* Change templates, updated templates
* Rights in topic prefixes - prefixes can vikorize songs of a group of contributors
* TypePad anti-spam support
* Checking the availability of a customer name during registration using AJAX
* Notices can now be closed only after reading them
* The editing history is cleared through the admin panel
* Forum rules can be reviewed during the registration process
* Information through special information
* Clear subscription folders in one click
* Shvidke editing on social media. in groups in the sections “Conversations from teachers” and “Comments before the image”
* New date settings for notifications
* Improvement in the edited contact list.
Main advantages:
- Shvidka is an effective basis based on data
- Interface that consists of templates
- Pressing push system
- Bagatomovna support
- Profiles of koristuvachs
- The admin panel is manually pressed
- Unlimited number of sections/topics/disclosures
- Notification by email
- Support from COPPA
Respecting those who have demos on the forum that can be installed, the software company does not advise, I happened to install the left version, imported from some Vareznik. However, the instructions may not be entirely consistent with the process of installing a license forum. After installation, the site was visible, without any notice.
To install vBulletin, go to the hosting panel (the button with a gear opposite to the hosting in the listing), there under the “File Manager”, then go to the “www” directory. Press the button “Upload file to stream directory”:
Let's go to the file on your computer:
We see archives from vBulletin, unpack it:
We see that there are files and directories that we don’t need, including the directory of our www domain - I think that you don’t have anything that you need there. If you do not put it at the root of the site, but in the directory the site still needs it - you don’t need to delete the www directory for the domain:
We see the directory with the vBulletin installer, rename it:
Enter the name of our site as the name of the directory:
Let's go to the "Database" section of the hosting panel:
Let's create a new MySQL database and have full access rights to it:
Please note that the server and database automatically assigned a prefix to the name of your cloud account on the hosting server:
Let's go to the main page of our site and select the following vBulletin notice:
We drive in the path to the installer in the address bar, requiring you to add “install/install.php”, after which the installation program for the vBulletin forum will start:
The vBulletin installer checks the presence of files:
At the next moment, the connection with the database will be checked, but it will not go through - because The forum configuration file has incorrect data entered:
Let's go to the hosting control panel, file manager, go to the directory with the forum, then the "includes" subdirectory. Open the file "config.php":
We enter the correct data from the database to the configuration file, after which it is closed:
Let's go back to the site, to the installer. We press “F5”, from which all is well, the connection with the base has grown:
The vBulletin installer creates tables in the database:
The vBulletin installer changes the following table types:
Enter data to the database:
Movies are imported:
Styles are imported:
The following is imported:
There is no need to set up the setup, the vBulletin installation program showed everything correctly:
Standard settings are imported:
Enter vBulletin administrator details:
vBulletin Administrator successfully added:
vBulletin to hosting completed successfully:
Following the installation of the installer, unnecessary files are removed:
You can go to the vBulletin forum, reconnect, and everything works correctly:
Any engine requires special actions to optimize it for a beautiful and smooth robot. In our episode we will talk about optimization of Vbulletin 4.
Since the engine of our forum is constantly being updated, I will not write about optimization of earlier versions of Vbulletin, but will start with version 4.1.12. Although we would like to gradually update this article and optimize it for older versions, not everyone will switch to the newest ones.
Here I will provide a number of examples to make your Vbulletin forum stronger and simpler (starting with the simplest speeches, moving on to more complex ones). Be gentle, be respectful that the speeches that are being made with me will not necessarily be made with you. Therefore, you make all changes at your own risk.
Thanks to the list of koristuvachs.
There is a simple way, just turn on the AdminCP function. (Settings -> Options -> User Listing Options)
This is not globally important, and you can skip it and not work, just supply yourself with food and what you need? So, given the list, traders can sort it out, see who has more knowledge, reputation, and so on. Do your mercenaries profit from this? Singingly, didn’t you… if you yourself rebelled against this list?
As for me, it seems to me that the lists are given only to benefit spammers, as this is the easiest way to collect all the participants in the Vbulletin 4 forum for distributing spam in special messages.
In addition, it is necessary to generate a list of clients, it is costly for database servers and can lead to great destruction of the server.
Increased speed of processing will be provided to the list of special persons.
If you have not imported information features from external devices using Impex or other features, you can safely rely on sorting by ID for special information. Sorting by ID will work in such a way that your database server does not have to dump the particular information into the time table for sorting by name (roblechi will be filled with a lot more).
To do this, you need to write a small module with private_messagelist_filter and write in the next step:
If ($sortfield == "pmtext.dateline") $sortfield = "pm.pmid";
And that’s it, you only earned private.php by ~20% more.
We are adjusting the effective search for the rest to inform the correspondent.
Let's go to FTP, look for the file includes /class_userprofile.php, and replace it in the new data with this name, look like:
$getlastposts = $this->registry->db->query_read_slave(" SELECT thread.title, thread.threadid, thread.forumid, thread.postuserid, post.postid, post.dateline FROM " . TABLE_PREFIX . "post AS post INNER JOIN " . TABLE_PREFIX . " thread AS thread USING (threadid) WHERE thread.visible = 1 AND post.userid = " . $this->userinfo["userid"] . " AND post.visible = 1 ORDER BY post.dateline DESC LIMIT 20");
and is replaced by ce (more specifically, ORDER BY):
$getlastposts = $this->registry->db->query_read_slave(" SELECT thread.title, thread.threadid, thread.forumid, thread.postuserid, post.postid, post.dateline FROM " . TABLE_PREFIX . "post AS post INNER JOIN " . TABLE_PREFIX . " thread AS thread USING (threadid) WHERE thread.visible = 1 AND post.userid = " . $this->userinfo["userid"] . " AND post.visible = 1 ORDER BY post.postid DESC LIMIT 20");
It’s important to drink a few of the correct ones, but it will appear in this form. In this manner, you won’t be able to efficiently sort into a time table. For clients with more than 1000 notifications, the output will take about 10 seconds, and in our case it will take much less. First of all, this is the profile of the Vbulletin 4 account manager, for the rest of the details, please inform.
Checking the topic index.
If your forums have a sorting order, and they are installed without changes, such as we have done before, make sure that all your indexes are in their tables. There were problems when indexes began to change for reasons unknown to me and certain forums were not opened.
I suggest doing it in such a way that the sorting of the tasks is based on the date (what is called a “dateline”), and to achieve this, we will finally write:
ALTER TABLE thread ADD INDEX forumid2_dp (forumid, visible, sticky, dateline)
This will ask you to be more specific, your fault forumid2_dp is your mother’s fault. Vikorist at your own peril and rizik.
Be careful when installing accessories.
Just because you want to work with modules and hacks, it doesn’t mean that they have been created for you, they have been practicing on the great Vbulletin 4 forums and there are no mercy. It is an excellent way to serve as an awareness of mass evils, through those other hacks.
Of course, we can assume that the developers cannot understand everything, and go through all the hacks so that the smells do not conflict, but... Reconfigure that the Vbulletin module does not require great value in the database, reconfigure that the hack has potential for protection SQL in' Ektsіy or XSS. Unfortunately, there are thousands of additions and modifications, and it’s simply not possible to check everything. It would be better if you write all the hacks yourself, or ask someone else. Yours and yours are yours.
Don't corrupt tables in InnoDB.
Here, of course, I can be slandered, since this topic has already been discussed a million times, but I can say with my own evidence that I work 100% on MyISAM tables for any purpose. I can process 1000 requests per second.
If you are already starting to get crazy when asking questions, everything freezes, especially in the new Vbulletin search, change InnoDB MyISAM tables. MyISAM ensures that there is more flexibility around the record, so there is no need to block other records. InnoDB offers a wide range of options, and only allows you to save queries instantly. If your queries are written directly under MyISAM, you do not need to switch to InnoDB. IMHO.
Statti rating
0%
Rating
User Rating: 0.35 (1 votes)
- View:
- Registered: 2014.07.07
- Posts: 3,796
- I just like PunBB:
- 5 years, 7 months, 6 days,
- Likes: 470
Topic: What forum is better than vBulletin or PunBB
VBulletin (Vobla or Bulka, as we like to call him) is one of the oldest commercial forum engines written using the additional technologies of PHP and MySQL. Beginning with the release of the first version in 2000, a colossal increase in functionality was carried out, which allowed VB to be reduced to the list of shortest software products.
A VBulletin license will cost you around 250 dollars. Don’t doubt that the cost will be fully justified and will definitely pay for itself in the savings of working hours and nerve cells. Most of these pennies go to developers and programmers, who would spend them on improving the functionality and releasing patches and additions (so, in the future, all updates will be delivered to you without cost).
2 Reply by PunBB
- View: Moscow, Sovkhoznay 3, apt. 98
- Registered: 2014.07.07
- Posts: 3,796
- I just like PunBB:
- 5 years, 7 months, 6 days,
- Likes: 470
Redesigning all the functions of VBulletin makes no sense. There they implemented practically everything that the forum administrators might need. Podcasting, multi-quote support, social group sharing and coverage, rating system (reputation). The basic package can be supplemented with third-party extensions.
The VBulletin forum engine creates a serious impact on the server, especially when third-party add-ons and scripts are installed. To avoid problems with your favorite sites, you will have to invest in decent hosting. Especially if you predict a great increase in your resource in the future.
3 Reply by PunBB
- View: Moscow, Sovkhoznay 3, apt. 98
- Registered: 2014.07.07
- Posts: 3,796
- I just like PunBB:
- 5 years, 7 months, 6 days,
- Likes: 470
What forum is better than vBulletin or PunBB
VBulletin, due to its extreme resistance to evil and spambots, recommendations for vikoristan in great serious projects. In addition, standard settings and configuration files can be easily changed in your own way, achieving an even greater effect. On the Internet there are endless instructions and guides from folk experts, although you can’t trust just one of them.
VBulletin implements large-scale ideas in the simplest way. Continuous updates, high-quality service, additional expansions and reliable safety mechanisms – all of the money spent on the product is truly true.
4 Reply by PunBB
- View: Moscow, Sovkhoznay 3, apt. 98
- Registered: 2014.07.07
- Posts: 3,796
- I just like PunBB:
- 5 years, 7 months, 6 days,
- Likes: 470
What forum is better than vBulletin or PunBB
All functions are overpowered without any sense - in the new one (or in additional ones) practically everything that an administrator might need to create a forum is implemented. There is a multi-quote, and support for podcasting, and community of correspondents, and social groups, a great reputation system and much more.
Of course, for vBulletin there is a large number of additional and costly staff, so there will be no usual problems with maintenance, especially with the assurance that there is an official support service. The downside of vBulletin, although not very great, is the additional payment, for example, for the blogs of a freelancer.
Behind the great rakhunko, there are no shortcomings in the forum. It can be recommended for large, serious projects due to its reliability and resistance to all attacks. As a result, it creates a significant impact on the server, especially with the installation of add-ons, but for serious projects, call for serious servers and serious administrators.
You, melodiously, repeatedly downloaded the forums on the vBulletin engine. Forums are no longer at the height of fashion, but vBulletin, as before, was one of the most popular engines. This remaining (fifth) version has a number of problems that make life difficult for the administrator. This statistic lets us know how the stinks are exploited.
The first problem lies in incorrect filtering of customer data. An independent security investigator told about her, who decided to lose his anonymity. The application, although it has interconnection actions, has reached critical status, which allows you to read any files and compile additional code on the entire system.
Another spill was detected by TRUEL IT investigators and identified with the identifier CVE-2017-17672. This is due to the peculiarities of deserializing data from the engine and can be used by attackers to delete additional files from the system.
Further details of both problems were published by the Beyond Security program under SecuriTeam. There are PoC exploits for demonstrating spills. Let's go through this one in order.
Preparation
As a server, I am a vikorist of the WAMP distribution.
Readable files, finalized commands
Also, the reason for the first spill is the incorrect logic when processing the routestring parameter, which allows the attacker to add, via include, any file on the disk and vicont the PHP code that someone has.
Our path starts with the main file – index.php, where basic program initialization takes place.
/index.php
48: $app = vB5_Frontend_Application::init("config.php"); ... 60: $routing = $app->getRouter(); 61: $method = $routing->getAction(); 62: $template = $routing->getTemplate(); 63: $class = $routing->getControllerClass();Let's look at the vB5_Frontend_Application::init method.
/includes/vb5/frontend/application.php
13: class vB5_Frontend_Application extends vB5_ApplicationAbstract 14: ( 15: public static function init($configFile) 16: ( 17: parent::init($configFile); 18: 19: self::$instance = new vB5_Fron_ self::$instance ->router = new vB5_Frontend_Routing();21: self::$instance->router->setRoutes();Here we can refer to the setRoutes method.
47: public function setRoutes() 48: ( 49: $this->processQueryString(); ... 54: if (isset($_GET["routestring"])) 55: ( 56: $path = $_GET[" routestring"];The change in $path removes the value from the routestring parameter. Until then, you can transfer the route to the side of the forum, and she will be attracted.
Let's say we were passed /test.
After assigning a changeable trace to the code, which is added as a slash to the head of the row, if present.
/includes/vb5/frontend/routing.php
75: if (strlen($path) AND $path(0) == "/") 76: ( 77: $path = substr($path, 1); // $path = "test" 78: )includes\vb5\frontend\routing.php
83: if (strlen($path) > 2) 84: ( 85: $ext = strtolower(substr($path, -4))); 86: if (($ext == ".gif") OR ($ext == ".png") OR ($ext == ".jpg") OR ($ext == ".css") 87: OR (strtolower(substr($path, -3)) == ".js" )) 88: ( 89: header("HTTP/1.0 404 Not Found"); 90: die(""); 91: ) 92: )As a matter of fact, the reversal is amazing. At a minimum, you can avoid the presence of a list of restricted extensions hardwired directly into the code. That’s the fact that the expansion will prevail, the symbols from the end of the row (row 85), says the wonder. By the way, we are trying to extract a file with the extensions gif, png, jsp, css or js, the server is turned to 404 and the script is added to the wiki. Once all checks have been completed, callApi calls the getRoute method of the vB_Api_Route class. It looks for different routes originating from the transmitted information.
Extension is no longer available to participants
Option 1. Go to the “site” to read all the materials on the site
Membership with the entirety of the designated term will give you access to ALL Hacker materials, increase your personal savings and allow you to accumulate a professional Xakep Score rating!