Changelog 2013

Mike

Windows Forum Admin
Staff member
Premium Supporter
Joined
Jul 22, 2005
Location
New York, NY, United States
July 2012 Changes

  • 2012-06-29: Reply to all added to private messaging system
  • 2012-07-02: FAQ entry changed: Tags updated with Link Removed due to 404 Error.
  • 2012-07-02: FAQ entry added with Link Removed due to 404 Error
  • 2012-07-03: Link Removed due to 404 Error featured section added.
  • 2012-07-07: Meeting
  • 2012-07-08: Meeting YouTube Publish
  • 2012-07-09: Link Removed due to 404 Error Tracking code added
  • 2012-07-10: Alexa site certification added with tracking code / trying to attain MRC accredited traffic certification.
    Windows7forums.com Site Info | Windows8forums.com Site Info
  • 2012-07-10: Acquired windowsforum.com (registrar transfer in process).
  • 2012-07-10: Optional inactivity reminders sent once every 30 days instead of 7.
  • 2012-07-11: vBulletin optimization code updated from 2.4.0 to 2.5.0.
  • 2012-07-13: Acquired windowsforums.com. Pending domain name transfer.
 
Last edited by a moderator:
Re: July 2012 Changes

  • 2012-07-20: Buyer illegally violated windowsforums.com transfer. FBI/IC3/ICANN UDRP contacted
  • 2012-07-20: Waiting for money refund on Escrow
  • 2012-07-20: bassfisher6522 reported center issue bug in IE when ads off.
  • 2012-07-20: publicdomainregistry.com sent notice to initiate ICANN rules on criminal investigation and lock domain
  • 2012-07-20: Created windowsforum YouTube channel, Facebook page, Twitter account
  • 2012-07-20: windowsforum.com parked to windows7forums.com temporarily.
 
vB 4.1.12 PL3 and 4.2 PL3 Released for Potential Yahoo! User Interface Library Exploit

FYI this has been fixed on both sites.

vB 4.1.12 PL3 and 4.2 PL3 Released for Potential Yahoo! User Interface Library Exploit

A recent Yahoo! report indicated a potential SWF exploit vector involving the Yahoo! User Interface Library (YUI). Upon review, the vBulletin team has determined that the vBulletin 4 Asset Manager is affected. Once the issue was identified, updated YUI files were requested from Yahoo! to eliminate the reported threat.

This issue affects ALL vBulletin 4 SUITE and FORUM versions.

Security patches have been released for vBulletin 4.1.12 and vBulletin 4.2.

Patches are available at http://members.vbulletin.com.
As with all security-based releases, we recommend that all affected customers upgrade as soon as possible.
vBulletin 4 customers not running 4.1.12 or 4.2 can address the potential exploit by updating their Server Settings and Optimization Options using the following steps:

  1. Log into your Admin CP.
  2. Expand the "Settings" menu in the leftnav.
  3. Click on the "Options" link.
  4. Select "Server Settings and Optimization Options" from the list and click the "Edit Settings" button.
  5. Make sure "Yahoo!" is selected in the "Use Remote YUI" section.
  6. Scroll to the bottom of the screen and click the "Save" button.
This change will set your forum to use the latest YUI files hosted by Yahoo!. The potential exploit vector will be closed once you've performed this change. It is strongly recommended that you do so immediately.
Please note, this YUI issue only affects vBulletin 4. vBulletin 3 and vBulletin 5 forums are not affected.
Yahoo!'s announcement regarding the potential YUI exploit can be found here - http://www.vbulletin.com/go/yuiswfexploit
The Support forum thread on this topic can be found here - http://www.vbulletin.com/go/yuiswfexploitthread
 
Preventative Security Measures

While there has been no real threat besides spam, in an effort to reduce it, the firewall surrounding both sites has been significantly upgraded:

The blocking of all TOR proxies has been initiated.
http://exitlist.torproject.org/exit-addresses


DShield Blocking is enabled:
http://feeds.dshield.org/block.txt

Spamhaus blocking enabled:
http://www.spamhaus.org/drop/drop.lasso
http://www.spamhaus.org/drop/edrop.lasso

BOGON List blocking enabled:
http://www.cymru.com/Documents/bogon-bn-agg.txt

This is an attempt to block spam at the server level. I will be monitoring the results to detect any increased rate of false positives, loss of legitimate traffic, or possible success rate with these catching mechanisms over the next couple days.

Also,

Our web server, Litespeed, has been updated to 4.2.1:
LiteSpeed Web Server Release Log
 
* Spam-o-Matic software update to version 2.1.0.
* Team stats script re-written and updated. Will only show 30 days of activity.
* 2013-02-06: PHP updated from 5.3.19 to 5.3.21. Various additional server OS updates.
 
Last edited by a moderator:
* 2013-02-08: Live Updates has been updated to use jQuery and external JavaScript.
* 2013-02-08: Ability to highlight text and auto quote it is now available as a feature.
* 2012-02-08: Additional comment ability using Facebook social plugin.
* 2012-02-08: Restored syndication integrity.
 
Last edited by a moderator:
* 2013-03-21: Registration timer to prevent spam bot registration.
* 2013-03-21: Continued work on single-sign on integration (pending).
* 2013-03-21: PHP was updated.
* 2013-03-27: Thread Starter ID code updated (Thanks to Richard - nmsuk)
* 2013-03-28: CloudFlare enabled and mod_cloudflare installed.
* 2013-03-28: MaxCDN provisioning for Asia underway.
 
Last edited by a moderator:
* 2013-06-01: As part of our regularly scheduled maintenance, our web server software and PHP were updated tonight. This should fix some rather uncommon bugs, improve performance in some instances, and set the groundwork for more significant upgrades. Among such technical changes (release note references follow):


  • Added ability to use sendfile() to send back dynamic responses.
  • Updated in-GUI settings explanations.
  • Added option to stop the server from aborting external application processes even when the client connection has been broken.
  • Added PHP suEXEC daemon ability to kill runaway child processes.
  • Reserved connections for the WebAdmin console to ensure accessibility regardless of the current number of connections.
  • Added CGI daemon ability to log processes killed by signals to stderr.
  • Fixed FileETag directive and rewrite rule incompatibility.
  • Fixed FreeBSD realtime stats error.
  • Updated PHP build utility to support up to PHP 5.3.25 and 5.4.15.
  • Discontinued support for Solaris SPARC.
  • PHP Core:
    • Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault).
    • Fixed bug #64458 (dns_get_record result with string of length -1).
    • Fixed bug #47675 (fd leak on Solaris).
    • Fixed bug #64577 (fd leak on Solaris).
  • Streams:
    • Fixed Windows x64 version of stream_socket_pair() and improved error handling.
  • Zip:
    • Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
As always, we continue to work to improve our service offerings and thank you for your support, insofar that none of this would be possible without the continued participation of our community.
 
Back
Top Bottom