Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > Project U-232
View Poll Results: NEW tracker source: Project U-232
I will give it a try 415 76.57%
No, i`m using another source 70 12.92%
XAM is my hero, i`m sticking to Template Shares 57 10.52%
Voters: 542. You may not vote on this poll

Reply
  #351  
Old 22-07-15, 00:19
EagleLake's Avatar
EagleLake EagleLake is offline
Senior Member
 
Join Date: Aug 2011
France
Posts: 20
Smile
https://github.com/Bigjoos/U-232-V4
Reply With Quote
  #352  
Old 08-08-15, 12:26
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
 
Join Date: Jun 2010
P2P
Posts: 656
Default
Quote:
Originally Posted by BamBam0077 View Post
V3 is better then v4 by a long shot but by now they should have fixed all the small bugs that alot of people have been having issues with but always keep up with there github page or support forum. They are a great bunch just don't break there rules.
It depends on what or more importantly how big your site will get. V4 will be better for larger sites just because of the option of using XBT and more then lightly there's a few improvements but I could not tell You of hand because I've not studied in closer enough But I would assume that V4 would be better for the simple reason for its release.

If there is an option of using a version or enabling XBT when installing I would seriously consider it for the very reason that 1) The option is there 2) It will save time later. 3)
So its a no brianer to 1) Use V4 and 2) Don't be dumb and install it with out the XBT option.

Even though I think that Ocelot is better in my opinion I'm sure that XBT works just fine taking in account that most of the big sites we love and use are indeed using it!!.

Simply because using it without XBT will but it in the category of any other source that also has caching systems and then with out a doubt I would use BT.Manager.

I'm trying to convince Joe Robertson to integrate Ocelot.. I cant wait If I can convince him lol :)
__________________

Due to free time I'm able to help interested member's
with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.

I'm able to install any tracker and mods including themes.

Please PM me here! for more info!

Kind Regards Firefly


Reply With Quote
  #353  
Old 09-08-15, 08:01
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 280
Default
I am not sure if anyone else has picked it up but all there variables allow a hacker into site so I would strongly suggest to change all single variables to longer variables and make them clear also your functions need to be more secure and clear.

$htmlout .= ""; not valid!

$INSTALLER09_HTMLOUT = ""; valid!

dbcon() not safe or wise!
core_connection () would be wiser and more secure!
Make it go through a few security loops before connection made to database.

Use php5.5!! hide php!! chmod 0655 of all folders and files inside /var/www or whatever directory you use to host your sites plus the /www/ folder needs to be chmod 0655.
Reply With Quote
  #354  
Old 17-08-15, 14:28
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
 
Join Date: Jun 2010
P2P
Posts: 656
Default
It depends on what security hole you are referring to, if you are talking about SQL ejection then it depends on where and what, you need to understand that HTMLOUT variable returns the markup(html) and therefor should not be vulnerable to SQL injections
__________________

Due to free time I'm able to help interested member's
with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.

I'm able to install any tracker and mods including themes.

Please PM me here! for more info!

Kind Regards Firefly


Reply With Quote
  #355  
Old 17-08-15, 15:00
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 280
Default
If that htmlout holds unsecure functions and variables a hacker could find u-232 a general access all day fun house, hope that makes more sense as to why i said that.

Forgive Me
BamBam0077!
Reply With Quote
  #356  
Old 18-08-15, 19:18
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
 
Join Date: Jun 2010
P2P
Posts: 656
Default
I would not sanitize $HMTLOUT variables but rather the unsecured variables contained within it.
__________________

Due to free time I'm able to help interested member's
with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.

I'm able to install any tracker and mods including themes.

Please PM me here! for more info!

Kind Regards Firefly


Reply With Quote
  #357  
Old 19-08-15, 08:39
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 280
Default
If you do not sanitize your developments will be just another script hackers will enjoy.

Sorry but it is time we all stepped up and cared about every script we contribute into.

This my first step so please do listen and do pay attention, if your clever enough to build a engine base then you always known that you have security in your mind the entire build not till 1,000+ bases are hacked in 21 seconds.

So i am asking the development to step it up and if they don't want to recode it all i got 365days ( currently working on pre asylum ) on my shoulders so i can help when you need me. You scratch my back i'll make sure to step it up a notch.
Reply With Quote
  #358  
Old 19-08-15, 10:45
ArcticWolf's Avatar
ArcticWolf ArcticWolf is offline
Senior Member
 
Join Date: Oct 2008
Posts: 42
Default
pffft just cause you dont understand $htmlout is just an display :P dont mean its not safe LOL
I suppose in your way of thinking print and echo not safe too..

Any site on the planet is acceptable to attacks if people want to try hard enough.
Wow i want to hack something lets see, dl the source check what vars it using.. hack it. Simple.. dont matter if you change the vars unless you go threw and change them all for only your site and NEVER give stuff out...........

Quote:
Originally Posted by BamBam0077 View Post
I am not sure if anyone else has picked it up but all there variables allow a hacker into site so I would strongly suggest to change all single variables to longer variables and make them clear also your functions need to be more secure and clear.

$htmlout .= ""; not valid!

$INSTALLER09_HTMLOUT = ""; valid!
Reply With Quote
  #359  
Old 19-08-15, 11:37
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 280
Default
Ok hitler, I forgot that development languages have been around since dinosaurs. Forgive me but i been researching hackers for the past 3 years and i am telling you hackers don't give fuck about your intelligence they care about the fucking dictionary & Bible words you use everyday in development because you make them like everyone in the development communities.

I found out sha5 is your best bet with double_check().
Reply With Quote
  #360  
Old 19-08-15, 17:46
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
 
Join Date: Jun 2010
P2P
Posts: 656
Default
Dude! (BamBam) do what ever you have to bud:) Been secure is a good policy but whats even better is securing the right things.. I have nothing further to really say.. Good luck to you and all your endeavors.
__________________

Due to free time I'm able to help interested member's
with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.

I'm able to install any tracker and mods including themes.

Please PM me here! for more info!

Kind Regards Firefly


Reply With Quote
Reply

Tags
project , project u232 , torrents tracker , u232

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 03:07. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2018, vBulletin Solutions Inc.