vb4 is still vulnerable to various unpatched exploits.
It would do VW development a lot of good if you would use xenforo yourself.
I feel that many XF bugs would have been noticed by you if you would use XF here.
And it would increase your sales.
Printable View
vb4 is still vulnerable to various unpatched exploits.
It would do VW development a lot of good if you would use xenforo yourself.
I feel that many XF bugs would have been noticed by you if you would use XF here.
And it would increase your sales.
Someone asks this question from time to time. The answer is Yes. We have not changed our position. However, as you noticed with your own site, the conversion is slow. A lot of custom work must be done and tested.
The last security patches for vBulletin 4 were in August. If you are aware of any specific vulnerabilities that have not received patches yet, please PM me.
I can certainly affirm that conversion is slow when it comes to a highly customized site. It took me 3 years to get the functionality of my highly modified vb3 big board with 115 addons ported to xenforo.
various vbulletin sites got hacked again. It is not just a matter of software exploits. Its also a matter of vBulletin Solutions not patching their licence center and downloads center against known exploits. Essentially there is no way of knowing if the package downloaded from vbulletin.com is safe or infected. Especially since vbulletin has repeatedly been the victim of hacking attacks exposing the details of 537k clients and full server access.
There have been various forced global password resets on vbulletin.com in past months. Various vulnerabilities have been reported to vbulletin but not responded to. One was related to the forum runner package that is included.
Add to this the uptick in global hacking and that vbulletin password hashing is not secure.
In fairness, I reported a Forum Runner vulnerability to vBulletin Solutions over the summer, and they responded promptly and released a patch within a few days.
But I was not aware their license center was vulnerable. Thanks for this information.
vbulletin 3 and 4 are now official dead. The developer (Paul Marsden) has been let go and there will be no further releases.
Internet Brands is running a special version of vbulletin which will not be released. (fork of vb3)
vbulletin 5 will never catch on. Its now a matter of waiting until another major vulnerability strikes or incompatibility with php/mysql/YUI/browsers/editor occurs. There already is a php7.2 incompatibility, which is not a major issue but it shows the problem of running vbulletin from now on. I would nto be surprised if php 7.3 has a breaking change again.
And then there is the staggering number of hacked vbulletin websites in the last year:
https://twitter.com/haveibeenpwned/s...990657?lang=en
https://haveibeenpwned.com/PwnedWebsites
Security wise vbulletin is broken and only strong server security and addons can help avoid hacking.
This means also that a wave of XenForo migrations can be expected while vbulletin admins feel the heat and urgency to migrate. As you have seen with the difficulties I am having with trying to migrate VW, it would be highly beneficial if you would have ported your site yourself. And its way more appealing for prospective customers. Now people generally advise the mediawiki bridge on xenforo.
vbulletin management has now also removed admins from vbulletin.org out of the blue, which resulted in the resignation of the rest of vb.org staff and various vb.com support staff. This indicates bad weather for the vbulletin addon scene. It remains to be seen if and to what extent vb.org will keep offering addons for vb3/4 including vaultwiki.
The very last versions of vb3/4 have been released some time ago. PHP7.2 is not compatible with vb3/4. Customers are advised to upgrade to vb5.
It looks like vB is going to try push vb3/4 sites towards vb5 while keeping their own sites on different software.
vbulletin 4 is no longer advertised or for sale on the vbulletin homepage. The section has been removed.
What are your current plans regarding the migration to XenForo? Is this something that's planned after VW4.1 Gold?
vbulletin now is really outdated, not mobile friendly at all, vb4 IMHO makes Vaultwiki look bad as a showcase & security wise and its a hassle to report issues with attachments. XenForo has plenty of software to cater to the functionality needed for vaultwiki.org
Alternatively consider WordPress 5.4 which also offers anything you need.
I am aware of security issues with vBulletin 4. We were actually the ones to report the issues that resulted in them pulling vBulletin 4 off their website in fall 2017. We patched our site against those issues, but apparently they preferred to pull the product. VaultWiki 4.1 development started in full force later that month.
(One reason why vB attachments are so hard to use on this site is because a lot of the security issues had to do with attachments and the temporary patches we applied resulted in a lot of existing functionality having to be removed until vBulletin could release an official patch -- which they never did).
The first steps were to get VaultWiki to support XenForo 2.1 and custom fields (VW 4.1).
We will be migrating to XenForo 2.1 once we have ported custom add-ons that were made for this site. You would think there are existing XenForo add-ons or ones close enough but that is not the case for a lot of things we use behind the scenes.
We also need to write custom importers for a lot of our data. This all takes away from VW development time, so it could not be done during 4.1 development or before gold.
I have a task list of things I need to have done, in a specific order, with version numbers in the list. It currently looks like this:
- ...Several incomplete tasks
==> 4.1.0 RC 3 released
- ...backporting for gold
- 5 importers that we need to migrate VW.org
- Migrate
What do the 5 importers need to import?
4.1.0 RC3 has been released. Does the XF 2.2 further delay the upgrade of vw.org ?
We will be deploying our site on xf2.1 with whatever release pegasus recommends. The current plan is to be live by mid month (aug 2020). My tentative plan is to then shake it out the rest of this year and upgrade to xf2.2 and the latest stable release of VW at that time.
Our new site looks like it is integrated with WP but I am actually mimicking the WP front page and navigation with XF. That required sliding all of our forums content into a single top level navigation entry. The remaining nav bar entries just link back to the WP site.
Attachment 1709
While I know that you are very much on top of security issues, I do wonder for how long vbulletin 4 will still be save enough to host this site on. vb4 is over 10 years old and not compatible with any supported version of PHP. PHP7.1 is EOL since 2019. Similar issues will be the case for mysql and various outdated libraries vbulletin needs.
I would hate to see this site hacked at some point.
Could you please elaborate on your plans in this regard?
There are no further news beyond what I stated earlier. We will probably not make an announcement until we go live with XF 2. We are working through the extensive list of tasks that need to be completed in order for this site to be fully and successfully migrated. It has been the main focus of development efforts since last year.
Thanks! That is the answer I was looking for.