Mind blowing SEO improving and Google rank increasing Signature Rotator SEO Tool.

Thread: 

mybb plugins

Ads
destroyer Offline referral

Posts: 430
Joined: Jul 2013
Reputation: 3

#1
Senior Member
I have a question, is it ok to use plugins I mean is it safe to use them and can a plugin mess my mybb database or mybb theme? Is there another way to do it without plugins?

And where can I get free mybb plugins?
marcus_avrelius Offline referral

Posts: 2,424
Joined: May 2013
Reputation: 102

#2
Support Team
Mybb is a great forum script but it's not perfect so if you want to make or add some features or change something you will either have to modify core files or use a plugin. Plugins are good but at the same time they can make your forum unstable they can interfere with other functions and also some plugins can make your forum vulnerable to hacks so I recommend before installing any plugin to check if it's secure or not!
To download free mybb plugins refer to this URL: http://mods.mybb.com/mods
You can also ask somebody to write a plugin for you
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#3
Posting Freak
(11-23-2013 02:49 PM)marcus_avrelius Wrote:  Mybb is a great forum script but it's not perfect so if you want to make or add some features or change something you will either have to modify core files or use a plugin. Plugins are good but at the same time they can make your forum unstable they can interfere with other functions and also some plugins can make your forum vulnerable to hacks so I recommend before installing any plugin to check if it's secure or not!
To download free mybb plugins refer to this URL: http://mods.mybb.com/mods
You can also ask somebody to write a plugin for you

And how would you recommend they test the plugin to see if it is "secure" and "secure" in what regards? What if the person testing the software has no knowledge of the code or language they are testing? What about false positives? Could keep on going and going here. Also install it where to test? Their live site? A test site? Or what?

@OP
Yes plugins of any type can mess up the DB, same applies to things like wordpress, joomla and other types of software that allow a third party addition into the code base.
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
marcus_avrelius Offline referral

Posts: 2,424
Joined: May 2013
Reputation: 102

#4
Support Team
Well you can check your plugin vulnerability here: List of known vulnerable plugins http://community.mybb.com/thread-133659.html
Every time a new plugin is reported they added there but of course there is no way to test all the plugins so as I have already said just don't use too many plugins and if you have to use some make sure they are not in that list
destroyer Offline referral

Posts: 430
Joined: Jul 2013
Reputation: 3

#5
Senior Member
vulnerable plugins what is that mean?
maya Offline referral

Posts: 1,058
Joined: May 2013
Reputation: 34

#6
Posting Freak
(11-23-2013 09:49 PM)destroyer Wrote:  vulnerable plugins what is that mean?

Mybb works hard to maintain its forum script secure however if you install vulnerable plugin it means that the plugin will open a window through which it can be hacked
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#7
Posting Freak
(11-23-2013 07:06 PM)marcus_avrelius Wrote:  Well you can check your plugin vulnerability here: List of known vulnerable plugins http://community.mybb.com/thread-133659.html
Every time a new plugin is reported they added there but of course there is no way to test all the plugins so as I have already said just don't use too many plugins and if you have to use some make sure they are not in that list

But that is not testing? That is just due diligence that any webmaster/admin/dev op should be doing before deploying anything in their network.

What "testing" would you say people should be using on their plugins or ones they are considering. Because just because it does not have something in that one list, does not mean there are not active open exploits for it. Take the old timthumb exploit issues, there are still sites today that have it installed and even worse are still on the extremely vulnerable versions, yes this a WP related example but still it was out there for a good 6-9 months before it was disclosed in an "open" forum outside of just exploit sales channels.

Just checking a list will not help that much overall if one is truly worried about security, especially those who do not understand PHP, past how to tweak a few small things.

If someone really wanted to test their code, since this is a PHP related question I will state some of those. Though these tests are all of varying types and complexities. Knowing what tests your code should go through before ever touching the WWW is very important.

phpunit - http://phpunit.de/manual/current/en/
phpfiddle - http://phpfiddle.org/
selenium - http://docs.seleniumhq.org/ --- Not really php related but helps with "finished" sites.
phpcs - http://pear.php.net/package/PHP_CodeSniffer/
php-security-audit - https://github.com/danlefree/php-security-audit -- This is useful if you understand what it does and expand on it.
Use actual webapp sec tools such as W3AF as a start.

Since I know this post is long and most here hate to read more than a sentence or two, anyone who made it this far can explore these links on their own.
http://code.google.com/p/ratproxy/
http://sourceforge.net/projects/rips-scanner/
http://samate.nist.gov/index.php/Source_...yzers.html
http://gironsec.com/papers/Static%20PHP%...0Audit.pdf

Understanding the different DB adapters and what different methods you have to take to secure specific aspects. Such as for SQL injection and the use of PDO or MYSQLI.

This is barely even the tip of the ice berg Wink
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
invisibe_dude Offline referral

Posts: 820
Joined: May 2013
Reputation: 24

#8
Posting Freak
I think pretty much all the plugins that you find on MYBB.com are realized with the users evaluating them for bugs and security issues in mind
destroyer Offline referral

Posts: 430
Joined: Jul 2013
Reputation: 3

#9
Senior Member
(11-24-2013 01:46 PM)invisibe_dude Wrote:  I think pretty much all the plugins that you find on MYBB.com are realized with the users evaluating them for bugs and security issues in mind

You mean like some plugins get realized without even being thoroughly test drived
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#10
Posting Freak
(11-24-2013 02:02 PM)destroyer Wrote:  
(11-24-2013 01:46 PM)invisibe_dude Wrote:  I think pretty much all the plugins that you find on MYBB.com are realized with the users evaluating them for bugs and security issues in mind

You mean like some plugins get realized without even being thoroughly test drived

Plugins unless officially supported by the software you're plugging it into is only tested by the developer, then generally released after that. Most plugins are not officially supported. Just because something works with something else does not mean the dev's want to support what it does to the original code base.

More things than you realize are released to public before all testing is done, most unless a large project with many devs do not use alpha, beta, RC types schedulings.

Its the same principle as say WP plugins, do you think WP verifies all those plugins out there before they release their new version? Why do you think in the plugins section that have a portion where you can check how many end users have reported it working or not working. So that way you can properly decide what you actually want to use based on that factor. That in turn does not mean ANY security tests are done to the plugins code base.
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
maya Offline referral

Posts: 1,058
Joined: May 2013
Reputation: 34

#11
Posting Freak
Chod is right! And as I have already mentioned, before downloading and installing any plugin do some research and check if that plugin is knows as a good one or a bad!
chod Offline referral

Posts: 860
Joined: Jul 2013
Reputation: 85

#12
Posting Freak
And like I keep saying just because one is not known to be "bad" as you put it, does not mean it is "secure" as you like to claim.
www.AdminEmpire.com
www.BlimptonTech.com - Best Free Online JavaScript tool to minify JavaScript files.
marcus_avrelius Offline referral

Posts: 2,424
Joined: May 2013
Reputation: 102

#13
Support Team
Plugins are just a lazy way to fix something, but of-course not everyone can or able to edit core files Wink





User(s) browsing this thread: 1 Guest(s)