- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #1
July 2012 Changes
- 2012-06-29: Reply to all added to private messaging system
- 2012-07-02: FAQ entry changed: Tags updated with Link Removed due to 404 Error.
- 2012-07-02: FAQ entry added with Link Removed due to 404 Error
- 2012-07-03: Link Removed due to 404 Error featured section added.
- 2012-07-07: Meeting
- 2012-07-08: Meeting YouTube Publish
- 2012-07-09: Link Removed due to 404 Error Tracking code added
- 2012-07-10: Alexa site certification added with tracking code / trying to attain MRC accredited traffic certification.
Windows7forums.com Site Info | Windows8forums.com Site Info - 2012-07-10: Acquired windowsforum.com (registrar transfer in process).
- 2012-07-10: Optional inactivity reminders sent once every 30 days instead of 7.
- 2012-07-11: vBulletin optimization code updated from 2.4.0 to 2.5.0.
- 2012-07-13: Acquired windowsforums.com. Pending domain name transfer.
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #2
Re: July 2012 Changes
- 2012-07-20: Buyer illegally violated windowsforums.com transfer. FBI/IC3/ICANN UDRP contacted
- 2012-07-20: Waiting for money refund on Escrow
- 2012-07-20: bassfisher6522 reported center issue bug in IE when ads off.
- 2012-07-20: publicdomainregistry.com sent notice to initiate ICANN rules on criminal investigation and lock domain
- 2012-07-20: Created windowsforum YouTube channel, Facebook page, Twitter account
- 2012-07-20: windowsforum.com parked to windows7forums.com temporarily.
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #3
vB 4.1.12 PL3 and 4.2 PL3 Released for Potential Yahoo! User Interface Library Exploit
FYI this has been fixed on both sites.
vB 4.1.12 PL3 and 4.2 PL3 Released for Potential Yahoo! User Interface Library Exploit
A recent Yahoo! report indicated a potential SWF exploit vector involving the Yahoo! User Interface Library (YUI). Upon review, the vBulletin team has determined that the vBulletin 4 Asset Manager is affected. Once the issue was identified, updated YUI files were requested from Yahoo! to eliminate the reported threat.
This issue affects ALL vBulletin 4 SUITE and FORUM versions.
Security patches have been released for vBulletin 4.1.12 and vBulletin 4.2.
Patches are available at http://members.vbulletin.com.
As with all security-based releases, we recommend that all affected customers upgrade as soon as possible.
vBulletin 4 customers not running 4.1.12 or 4.2 can address the potential exploit by updating their Server Settings and Optimization Options using the following steps:
Please note, this YUI issue only affects vBulletin 4. vBulletin 3 and vBulletin 5 forums are not affected.
Yahoo!'s announcement regarding the potential YUI exploit can be found here - http://www.vbulletin.com/go/yuiswfexploit
The Support forum thread on this topic can be found here - http://www.vbulletin.com/go/yuiswfexploitthread
FYI this has been fixed on both sites.
vB 4.1.12 PL3 and 4.2 PL3 Released for Potential Yahoo! User Interface Library Exploit
A recent Yahoo! report indicated a potential SWF exploit vector involving the Yahoo! User Interface Library (YUI). Upon review, the vBulletin team has determined that the vBulletin 4 Asset Manager is affected. Once the issue was identified, updated YUI files were requested from Yahoo! to eliminate the reported threat.
This issue affects ALL vBulletin 4 SUITE and FORUM versions.
Security patches have been released for vBulletin 4.1.12 and vBulletin 4.2.
Patches are available at http://members.vbulletin.com.
As with all security-based releases, we recommend that all affected customers upgrade as soon as possible.
vBulletin 4 customers not running 4.1.12 or 4.2 can address the potential exploit by updating their Server Settings and Optimization Options using the following steps:
- Log into your Admin CP.
- Expand the "Settings" menu in the leftnav.
- Click on the "Options" link.
- Select "Server Settings and Optimization Options" from the list and click the "Edit Settings" button.
- Make sure "Yahoo!" is selected in the "Use Remote YUI" section.
- Scroll to the bottom of the screen and click the "Save" button.
Please note, this YUI issue only affects vBulletin 4. vBulletin 3 and vBulletin 5 forums are not affected.
Yahoo!'s announcement regarding the potential YUI exploit can be found here - http://www.vbulletin.com/go/yuiswfexploit
The Support forum thread on this topic can be found here - http://www.vbulletin.com/go/yuiswfexploitthread
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #4
Preventative Security Measures
While there has been no real threat besides spam, in an effort to reduce it, the firewall surrounding both sites has been significantly upgraded:
The blocking of all TOR proxies has been initiated.
Link Removed
DShield Blocking is enabled:
http://feeds.dshield.org/block.txt
Spamhaus blocking enabled:
http://www.spamhaus.org/drop/drop.lasso
http://www.spamhaus.org/drop/edrop.lasso
BOGON List blocking enabled:
http://www.cymru.com/Documents/bogon-bn-agg.txt
This is an attempt to block spam at the server level. I will be monitoring the results to detect any increased rate of false positives, loss of legitimate traffic, or possible success rate with these catching mechanisms over the next couple days.
Also,
Our web server, Litespeed, has been updated to 4.2.1:
LiteSpeed Web Server Release Log
While there has been no real threat besides spam, in an effort to reduce it, the firewall surrounding both sites has been significantly upgraded:
The blocking of all TOR proxies has been initiated.
Link Removed
DShield Blocking is enabled:
http://feeds.dshield.org/block.txt
Spamhaus blocking enabled:
http://www.spamhaus.org/drop/drop.lasso
http://www.spamhaus.org/drop/edrop.lasso
BOGON List blocking enabled:
http://www.cymru.com/Documents/bogon-bn-agg.txt
This is an attempt to block spam at the server level. I will be monitoring the results to detect any increased rate of false positives, loss of legitimate traffic, or possible success rate with these catching mechanisms over the next couple days.
Also,
Our web server, Litespeed, has been updated to 4.2.1:
LiteSpeed Web Server Release Log
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #5
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #6
* 2013-02-06: LiteSpeed updated from 4.2.1 to 4.2.2.
* 2013-02-06: Renewed FeedBurner compatibility.
* 2013-02-06: Renewed FeedBurner compatibility.
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #7
* 2013-02-08: Link Removed has been updated to use jQuery and external JavaScript.
* 2013-02-08: Ability to highlight text and auto quote it is now available as a feature.
* 2012-02-08: Additional comment ability using Facebook social plugin.
* 2012-02-08: Restored syndication integrity.
* 2013-02-08: Ability to highlight text and auto quote it is now available as a feature.
* 2012-02-08: Additional comment ability using Facebook social plugin.
* 2012-02-08: Restored syndication integrity.
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #8
* 2013-03-21: Link Removed timer to prevent spam bot registration.
* 2013-03-21: Continued work on single-sign on integration (pending).
* 2013-03-21: PHP was updated.
* 2013-03-27: Thread Starter ID code updated (Thanks to Richard - nmsuk)
* 2013-03-28: CloudFlare enabled and mod_cloudflare installed.
* 2013-03-28: MaxCDN provisioning for Asia underway.
* 2013-03-21: Continued work on single-sign on integration (pending).
* 2013-03-21: PHP was updated.
* 2013-03-27: Thread Starter ID code updated (Thanks to Richard - nmsuk)
* 2013-03-28: CloudFlare enabled and mod_cloudflare installed.
* 2013-03-28: MaxCDN provisioning for Asia underway.
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #9
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #10
* 2013-04-24: Forums have been updated to vBulletin 4.2.1. vBulletin 4.2.1 contains a total of 143 bug fixes, improvement requests, and feature requests. More info @ vBulletin Community Forum
* 2013-04-24: Fixed missing attachment icons at http://windows8forums.com/
* 2013-04-24: Fixed missing attachment icons at http://windows8forums.com/
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #11
- Joined
- Jul 22, 2005
- Messages
- 8,990
- Thread Author
- #12
* 2013-06-01: As part of our regularly scheduled maintenance, our web server software and PHP were updated tonight. This should fix some rather uncommon bugs, improve performance in some instances, and set the groundwork for more significant upgrades. Among such technical changes (release note references follow):
- Added ability to use sendfile() to send back dynamic responses.
- Updated in-GUI settings explanations.
- Added option to stop the server from aborting external application processes even when the client connection has been broken.
- Added PHP suEXEC daemon ability to kill runaway child processes.
- Reserved connections for the WebAdmin console to ensure accessibility regardless of the current number of connections.
- Added CGI daemon ability to log processes killed by signals to stderr.
- Fixed FileETag directive and rewrite rule incompatibility.
- Fixed FreeBSD realtime stats error.
- Updated PHP build utility to support up to PHP 5.3.25 and 5.4.15.
- Discontinued support for Solaris SPARC.
- PHP Core:
- Streams:
- Fixed Windows x64 version of stream_socket_pair() and improved error handling.
- Zip:
- Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).