| GeneratedTime | 2010-03-11 14:13:05 |
| UserID | 261844 |
| AccountName | MattR |
| Country | United Kingdom |
| DateJoined | 2009-05-23 |
| Homepage | http://mattrogowski.co.uk/ |
| LastPulse | 2010-03-10 19:45:06 |
| Pulses | 828 |
| TotalKeyCount | 4456625 |
| TotalMouseClicks | 1958285 |
| TotalMiles | 119.899 |
| AvKeysPerPulse | 5382 |
| AvClicksPerPulse | 2365 |
| AvKPS | 0.18 |
| AvCPS | 0.08 |
| Rank | 22012 |
| TeamID | 15592 |
| TeamName | MyBB Community |
| TeamMembers | 29 |
| TeamKeys | 67780510 |
| TeamClicks | 24933959 |
| TeamMiles | 2957.843 |
| TeamDescription | The official WhatPulse team for MyBB fans. |
| TeamDateFormed | 18 May 2009 at 08:44:17 |
| TeamRank | 752 |
| RankInTeam | 4 |
http://wordpress.org/development/2010/01/wordpress-2-9-1/
After over a million downloads of WordPress 2.9 and lots of feedback from all of you, we’re releasing WordPress 2.9.1. This release addresses a handful of minor issues as well as a rather annoying problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts. If any of these issues affect you, give 2.9.1 a try.
Unexplained Phenomenon
Google Logo - 5th September 2009 - Unexplained Phenomenon
MyBB don’t set release dates for major feature releases, like 1.4 (when it was in development), 1.6, and 2.0. There are numerous questions asked on when releases will be, and why we don’t give release dates. This isn’t an ‘official’ response, just my general musings, but is probably pretty accurate.
There are two main reasons why I think we don’t set release dates.
First off, if we set a release date, there’s a chance we’ll overrun. We may decide that we need to spend more time on it to get it to an acceptable level to be released, which may mean we’ll overshoot the release date, or have to reschedule it. All this would do is annoy people, because we’d overrun, even if it was just to make the product better. General result: people complain.
Secondly, if we set a release date, to make sure we meet the deadline to avoid the above situation, we might end up rushing the release to get it out on time, so people are happy. Inevitably, this would mean mistakes would be made, which could be bugs in the software, or missing something leading to a security issue. This then causes problems for the users. General result: people complain.
So, we don’t set release dates. That way, we don’t need to make sure we’re finished by a certain time, we don’t need to rush to meet a deadline, meaning there’s less chance of making mistakes due to being rushed. Then again, people still moan that they don’t know when the release is coming but hey, at least we know that when it does come, it’ll be stable, so the end result will be good. Of course, we may set internal time targets or guestimates of when we aim to get the next release done by, but this wouldn’t be set in stone and would just be when we ‘hope’ it’ll be released; it wouldn’t be the end of the world if this wasn’t met.
It’ll be ready when it’s ready.
When it’s ready, it’ll be released.
It’ll be released when it’s ready.
You get the idea.
If you run a MyBB forum, you’ll want to make sure you’re secure, and also know what to do should your forum get compromised. There are many things you should know on this subject, here’s a few of them.
Your password should contain lowercase and uppercase letters, numbers, and symbols. This means it’ll be much harder to guess or crack. You shouldn’t use actual words in a password, but a random mixture of letters, numbers and symbols. For example, p455w0rd123 is not secure, whereas G6ga5^&ha@6D3 is secure and will be a lot harder to guess or crack. If a dictionary list is used to bruteforce a login, having full words in your password could mean there’s a match; if the password is random characters, this won’t be possible. A 10 character password has 3,700,000,000,000,000 possible combinations, would take a human 580,000,000 years, or a computer 59 years, to crack. You can read more about that here.
As a general rule, all files should be CHMOD to 644, and all folders should be CHMOD to 755. If files or folders are given extra permissions, it may be a security risk. There are, however, some files and folders that need different CHMOD permissions to enable them to work.
When you install your forum, ./inc/config.php needs to be CHMOD to 666 so that the database details can be written to it. However, once you’ve installed, this isn’t necessary, and having this file CHMOD to 666 can be a security risk. Once you’ve installed, you can CHMOD config.php to 444. Note that sometimes it will need to be CHMOD to 666 for an upgrade script to be run, however, if this CHMOD is necessary and your file is not set as such, the upgrader will tell you.
You can also use a .htaccess rewrite rule to block direct access to the config.php file. To do this, create a file called .htaccess in your ./inc/ folder, and put this code in it:
<files config.php>
Order deny,allow
deny from all
</files>
Now, whenever someone goes to yoursite.com/inc/config.php, instead of a blank page, they’ll get a 403 Forbidden error.
Database backups are essential. Files, plugins and themes can be replaced if they get lost, but a database cannot. Make sure you make regular backups, and save them on your own computer or USB stick. Don’t rely solely on the MyBB backup directory for your backups, found at ./admin/backups/; if all of your files get deleted, these backups will get deleted too. Aim to download a backup to your computer every week, or when you make some major changes or additions to your forum, and check that it is complete by uploading it to a localhost installation.
If someone is trying to hack your forum, they’ll automatically target the admin account, to try and get ACP access. A hacker will know that the admin user will have a coloured username and show on the forum team page, and it’s easy to stop this. First, register a new account. Then, create a new usergroup, and give it ACP access, give the username the same style as normal registered members, and put the new user into that group; this will be the account you use to administrate your forum. Now, remove the ACP access from the standard administrator usergroup. You can now still use your usual account to post, and it will look like you are an admin, but you won’t have any ACP access, so any hacker that hacks your account will see that it was a waste of time. Plus, they could never find the user that does have ACP access, as that member would have a username in the style of a normal user.
MyBB gives you the ability to rename the ‘admin’ folder to something else. Although this is a weak form of security, it can still at least slow down a hacker; if they don’t know what your admin directory is called, they can’t try to login to it. To change this, look at line 26 of ./inc/config.php:
$config['admin_dir'] = 'admin';
Change the value of this variable, from admin, to whatever you want your admin directory to be called, and then rename the actual ./admin/ folder to the same value. The, instead of going to yoursite.com/admin/index.php, you would go to yoursite.com/newname/index.php
Along with this, MyBB gives you the ability to remove the link to the ACP from the welcomeblock. After all, what’s the point in renaming the admin directory for security purposes if someone can login as your account as normal and just click the link in the welcomeblock?? To do this, look at line 36 of ./inc/config.php:
$config['hide_admin_links'] = 0;
Then, change this to:
$config['hide_admin_links'] = 1;
Now, the link to the ACP will be removed from your welcomeblock, so you will have to manually type your admin directory when you want to open it, but this means that a hacker won’t know where it is if you rename the directory.
In the settings for each forum, there is the ability to allow HTML to be posted. It is advised that you disallow this unless it is absolutely necessary. Although MyBB attempts to block any malicious scripts being parsed, there is still a chance that someone could post malicious HTML. If you have HTML allowed in all forums and would like to turn it off, run this query in phpMyAdmin:
UPDATE `mybb_forums` SET `allowhtml` = '0';
Then, you need to go to ACP > Tools & Maintenance > Cache Manager > forums > Rebuild Cache. Now, HTML will be disallowed in all forums.
If you show your version numbers in your forum’s footer, you are advertising to hackers what version you’re using, and if your MyBB version is out-of-date, showing that you are on an older version is almost asking them to hack you. To turn off the version number, go to ACP > Configuration > General Configuration > Show Version Numbers > Off. Now, the version number won’t show.
Whenever an upgrade is released, you should upgrade to it as soon as you can. Upgrades are usually maintenance (bugs), security, or feature releases. If there is a security release, you should upgrade to make sure you won’t get hacked via the exploit that’s being patched. You should use the Version Check feature in your ACP regularly, and you should also subscribe to the MyBB Mailing List to be emailed on new updates.
Once you’ve done this, your forum should be as secure as possible. However, a hacker may still somehow find a way in, and if that happens, you need to know what to look for, and what steps to take.
Upgrading to the most recent release won’t solve the results of you being hacked, but it will make sure your forum is secure.
Once you are able to, you should immediately change your forum password, and also the password to your database. This is to make sure that the hacker can’t just login to anything again; new passwords mean they’re back to where they were before. If you change your database password you will need to update it in ./inc/config.php too.
Check all new users registered after the time the hacker gained access to the forum; there may be a chance one of them has been added to a group with ModCP or ACP access, or they may have even created a new usergroup for a user. If you see anything like this, delete it.
Download the MyBB package, and upload all of the MyBB files, except ./inc/settings.php. This will make sure that all of your files are clean, and there isn’t any malicious code in any of them. Make a note of any file changes you have made before doing this, though, so you can make them again after. This process will also make sure you have all the most recent files; you may have missed an important file in a security upgrade which contained the exploit that was used to hack you.
As above, check your CHMOD permissions after you have reuploaded the files. Make sure you’re not giving files or folders extra permissions that they don’t need.
Head to your ./inc/ folder and download your copy of settings.php… and then delete it from your server. It will be generated again, with the correct values from the database, and then we’ll know it’s a clean copy of the file, with no malicious code. You may need to click around on the forum a bit to get it to regenerate; the downloaded file is there so you can upload it again should it fail to regenerate automatically.
You can manually remake your config.php to make sure it’s clean. Use this code to rebuild the file, and enter in your database details. Also make sure you change any other settings you need to, for example, the admin directory, hiding ACP links, or super admins.
A common result of being hacked is having malicious code added to your templates, meaning it’s executed whenever a page is loaded. A common place for code to be added is the header, headerinclude, index, and footer template, as these templates are loaded the most. Check all templates, however, that aren’t default (have their name in green) and remove any code that isn’t supposed to be there. It’s usually in <script> tags and is usually a load of random numbers and letters. This should be removed as soon as possible.
Earlier today, it was announced that MyBB will pull support form the 1.2 series. Support will officially end on 1st June, when the 1.2 support forums will be archived.
http://blog.mybboard.net/2009/05/02/eol-announcement-concerning-mybb-12/
Personally I think this is a good move, and a bit overdue. As of tomorrow (3rd may) 1.4 would have been out for exactly 9 months. This should have been plenty of time for people to update, and benefit from all the new features, including a redesigned ACP, as well as a paid security audit for 1.4.2 to make sure the 1.4 series is as secure as possible. Plus, as hardly anybody has really used 1.2 for a while, there are a lot of support issues for 1.2 that we wouldn’t be able to answer simply because we wouldn’t be able to remember how it worked, where something was, or how to fix what was a common issue for 1.2 that wasn’t an issue in 1.4, etc etc. I mean I have a 1.2 forum setup on my localhost but I can’t really remember how to use it very well. So, now people have a month in order to upgrade before they won’t be able to be supported anymore.
Although I think this is a very good move, I can foresee some people still running 1.2 will raise issue with it. One major issue I can see coming is people who have integrated their forum with a 3rd party application that only works with 1.2, whether it be a CMS, or something else, for example osDate. I know that a majority of people who have requested 1.2 support are still on 1.2 because they’re using osDate too, and it’s only able to integrate that with 1.2, it hasn’t been updated to 1.4, and I can foresee some of them complaining that we’re ‘forcing’ them to upgrade, meaning they would either have to stop integrating, or just not have the ability to get support, probably going with the option to not get support. People using osDate have already complained about 1.2 coming to and end before now, but we’ll have to try and make them see that it isn’t our fault that osDate haven’t upgraded their script; we can’t continue to support older software just because a 3rd party haven’t updated their software to the latest version of MyBB, they’re integrating with us, so it’s up to them to make sure they’re up to date with the latest release, not for us to keep supporting old software so a few people can continue to integrate with something. They’d be a lot better off badgering osDate to upgrade their script rather than moaning at us to continue supporting 1.2.
Soon, the 1.4 Merge System will be released too. Up until recently there was the option to merge to 1.4 by first merging to 1.2, using the 1.2 merge system, and then upgrading to 1.4, or, using a beta/SVN snapshot version of the 1.4 merge system to go straight to 1.4. This caused some issues though, some people tried to use the 1.4 beta/SVN version to merge to 1.2, or use the 1.2 version to go to 1.4, or just didn’t know what one to use, so hopefully now, with there being just the one merge system, it’ll make everything a lot more interesting. Plus, the merge system is brilliant so the more people that use it the better (more people converting to MyBB, yay).
So, with 1.2 being dropped, 1.4 bug reports slowing down, and the 1.4 merge system released, there should be an opportunity to focus more on the future; 1.6 and 2.0.
Yep, I finally pulled the plug. From now on, I won’t be accepting PM support.
Before, unlike most other people, I would accept people randomly PMing me for help. However, over time, I started to think that the reason some other staff members still got support was because some people (i.e. me) still allowed it, so they weren’t sure what to do. So, there we go, I’m stopping it too. That doesn’t mean I won’t help anyone over PM at all, if some private data needs to transferred or I agree to help them and the conversation should be kept private, obviously I’ll be OK with that, but not with someone PMing me out-of-the-blue.
Recently I noticed some people, not all, were starting to take advantage of it, not even bothering to post a thread. I’m then over a barrel; if I don’t reply they’ll moan at me for not replying, but because they haven’t made a thread, nobody else can help them. I also started to really hate the fact that people were being quite rude and abrupt with it. Sending me a PM with a title of ‘help me’ or ‘read this plz’ and then a message saying ‘read this *URL to thread*’, or just giving me a URL, is a bit out-of-order really. Kinda like saying ‘here you go, do this now’. No ‘hello’, no ‘thanks’ no nothing. Just a link. Sometimes even when the thread is only a few minutes old. Some people were more polite, said hello, said what the issue was, gave the link, and said there’s no rush and that it’s OK if I can’t help. That was nice to see. Shame not everybody could do that, that’s one of the main reasons I’ve stopped accepting them.
When I started being invisible the number of random PMs dropped, but didn’t stop. Worst case scenario is when they sent me a PM asking for help, and then when I didn’t reply to it after a few hours, they sent another one. This is both annoying and frustrating, especially if this was done whilst I was asleep. Of course I couldn’t reply to the first message, I was unconscious. There’s a reason why there’s a ‘Local Time’ section in my profile.
Another Support Team member started giving warnings when people sent them PMs for support. And I’ll start doing that too. 20% that lasts 2 weeks. That, or make a thread and be patient for an answer, your choice. If you make a thread, everyone can see it and learn from it.
So… I don’t want to be PM’d for support. I don’t want to be PM’d a URL. I don’t want to be PM’d to be asked to reply to your thread. I don’t want to be asked to give support over IM. If you want to ask something about MyBB itself, report something, or ask something about me, that’s fine, but support should be on the forums.
That is all.
I’m all for giving support and helping people. It’s what I’m good at, what I enjoy doing, and why I’m on the MyBB team. However, sometimes, it isn’t easy and can be a bit frustrating. Anyone who is asking for support should bear the following in mind…
1. Read sticky threads
If we feel that an issue is encountered by a lot of people and a solution needs to be readily available, we’ll make a sticky thread on it, and pin it to the top of the forum for all to see. If a thread is there it’s because we expect a lot of people will need it. A sticky thread will contain details on what the problem is, and how to solve it. If you have a problem, any problem, always check the sticky threads to make sure an answer isn’t already available. Why would you want to make a thread and sit there waiting for someone to reply when the answer is stuck at the top of the forum?? Sticky threads can save everybody a lot of time, mainly you. We don’t tell you to read them for our benefit, we tell you to read them to help you. If you find a sticky thread explaining your problem, you’re good to go. If not, proceed to step 2.
2. Search before posting
Most support problems that people encounter have already been encountered at some point. MyBB has a great function called ‘Search’. Type a few keywords into the box, hit search, and chances are you’ll find some threads with people having a similar issue. If you do, great!! You’ve found an answer to your problem yourself. Much like sticky threads, we don’t moan at you for not searching because we can’t be bothered to help you, we say it as we end up saying the same things over and over and over again, and over time, it starts to get old. Also, if you search, you will usually find an answer straight away, rather than having to make a thread and wait for someone to answer it, and I’m sure you’d rather get your problem resolved as soon as possible, even if it does mean you have to look a bit yourself. If you can find something with a search, it’s all good. If not, proceed to step 3.
3. Read the MyBB Wiki.
Justin, and various other staff and community members, has created and maintained the MyBB Wiki. This is a huge resource for everything there is to do with MyBB, covering everything from installing and upgrading, uploading and installing plugins and themes, some common issues and common error pages, and many, many other things. Every user should regularly use the Wiki, as you may find out something you never knew before. If you can find the answer to your problem here, brilliant, but if not, proceed to step 4.
4. Make a support thread
OK, so you’ve read sticky threads, searched, and read the Wiki, and still haven’t found an answer… now what?? Well, now it’s time to make a new thread for your problem. However, even this has a set of guidelines that should be followed.
5. Don’t PM staff for support.
Well, not all staff. Some staff members, like myself, don’t mind support PMs. However, most don’t like them, and you will usually be ignored, blocked, or may receive a warning. We’re busy people, all of us, and if a staff member doesn’t want to be PM’d, you must respect that decision. I also don’t think any staff member will give e-mail or IM support so it’s best not to ask. Support should remain on the support forums, that’s why they’re there.
6. Is there anything else??
Er, I guess not. If you’ve got this far, you should have got your problem sorted, and if you follow all of these steps, you’ll make us happy too 
Then when you next have a problem, you’ll be able to start the whole process again.
This is not useful for blind people like me.. can you make an audio blog?
Only a few days after I finished my PHP day of birth script, I wrote my first proper MyBB plugin. My first plugin was a Return to Top postbit button, but I’m not really counting that This plugin will add a message to the index of your forums if a member is awaiting activation, and you have account activation set to either email or admin activation. You can choose to turn the message on or off, specify a different title for the email/admin message, and a different message for the email/admin message. The message will display in your theme’s style and is collapsible. I’ve wanted this for a bit but really wanted to do it myself, so once I’d furthered my understanding of the basics, I tried, and got it finished quite quickly. I had to look at how some other plugins were made, mainly to see how to setup the settings, and how to make the template changes. Anyways, I managed to create it quickly and with hardly any problems. It’s now been downloaded a few times already and I’ve had good comments back, which is great. It was a good first plugin idea, and it turned out even better than I planned. It’s available for download from the MyBB Mods site, where you can also see screenshots, and the discussion thread can be found here. I already have another idea for a plugin, which may be ready in a week or so, once I have time to get it right.
Well, I have to say Akismet is quite a piece of code. We use it on MyBB and it works wonders, and it’s blocked a load of spam here (who would want to spam my page?? 
), not bad. Hasn’t let one thing through and has blocked some pretty bad stuff, so, Mr Akismet, not that you’ll ever read this, but good job
2 days ago, I joined the MyBB Team as a Support Rep. I applied for the position the day the team positions were announced, and found out I was accepted about a week before I was added to the team. This is what I’d been working towards for a while, I was hoping some places would open up, then when they did I applied as soon as I could, and now I’m thrilled to finally have my name up there in red. Giving support isn’t really a new thing for me though, I practically live in the 1.4 General Support forum, but hey, I enjoy doing it and can help most people in some way, so I’m happy, and every time a new or uncommon problem is encountered, whether I can contribute to finding the solution or not, I’m learning, so it’s all good. Now that I’m on the team, I’ll be a bit more involved in the future of MyBB and this is something I’m really looking forward to. Being on the team also means my ridiculously high post count isn’t quite so bad. This position will also give even more incentive to get my act together and learn PHP. My MySQL is getting better, but my lack of PHP knowledge is really holding me back and until I get some embedded into my brain, I won’t be able to progress.
I’d also just like to congratulate the other new Support Reps, Tom.M and TomL (two Tom’s with very similar usernames, confusion will ensue), and also the new members of the SQA team, D-r-a-g-o-n, dvb, Mmarzex, rcpalace, and RenegadeFan, all with a well deserved place on the team. And also thanks to everybody on the original team for selecting me.
Peace.
atomicj is discussing.
Claudio (aglioeolio) 11:55 on May 5, 2009 Permalink |
There are a lot of quality plugins and themes to 1.2x but of course security without oficial support won´t be the same…
Matt Rogowski 15:55 on May 5, 2009 Permalink |
Well, most of the bigger plugins have been updated by now, or there’s at least an equivalent available. The only benefit I can think of for staying on 1.2 is for a particular plugin or something, but it’s unfortunate people have to stay on 1.2 because they rely on those, 1.4 is so much better than 1.2 in every way and IMHO even a good plugin that’s only for 1.2 shouldn’t stop people upgrading.
Are you still on 1.2?? If so, what is it that’s making you stay?? A particular theme or plugin??
Claudio (aglioeolio) 20:46 on May 13, 2009 Permalink |
Nope, I´m with 1.4 brand since the first public release and keep updated regularly
but I think that myplaza (by zingaburga), arcade and some others plugins could make some ppl stay with 1.2x for some time because its data were not compatible with 1.4x updated plugins – unitl now that won´t be that clever keep that version installed anymore