Monthly Archives: April 2017

MyBB Forum Owner Interview #2 – spork985

Posted on by

This is our second interview for MyBB forum owners and it is spork985. Some of you may know of him from the forum and free mybb hosting website called IcyBoards. IcyBoards is featuring on this blog post and spork speaks to us exclusively about MyBB.

What features do you hope to see in MyBB 2.0 that would enable you to further develop your offering to the community?

There are a lot of plugins we have installed that make very minor changes to the software. I feel MyBB could benefit from rolling some of these ideas in to the baseline code. Some examples include a “users online today” section, defaults for profile fields, redirect warning when the user clicks an external link, latest profile visits, and profile comments. I realize the importance of separation with regards to what a forum is designed to do, but I feel many of these features should be part of the core code and wouldn’t take much to implement. This would substantially cut down on the amount of 3rd party plugins we need to make available, maintain, and worry about upgrading. In most aspects, less plugins also means a more secure forum.

What is your most favourite feature of MyBB currently?

My favorite feature has to be the “purge spammer” button. It’s such a simple concept, yet I feel the person who came up with it is a genius. I always hated those mornings when I wake up, am eating my breakfast, open the forum, and… oh, this dude posted the same message 3 times in every single forum possible. Now I have to spend the next 20 minutes going through and deleting them one by one. Thank you to whoever came up with and implemented this idea.

What is your LEAST favourite feature, and how can this feature be improved to better suit your personal requirements or wishes.

One area I feel could use a little improvement is managing group permissions assigned to forums. It’s very easy at first, but once you have an established forum and want to add a group or even see the overall permissions a group has, it gets complex fast. This is made especially apparent once you start setting custom permissions beyond what the permissions interface has. Unfortunately, I’m not the creative type and don’t have a good suggestion for improvement. I do think a button to copy permissions between two forums would be extremely useful and eliminate some of the tediousness in setting things up/tediousness in an established forum where you have dozens of forums and user groups.

What do you feel is done well at MyBB, and what would you like changing?

Simply put, the code. Most good coding standards are being followed. When debugging and/or modifying, it is very easy to know where to look and quickly troubleshoot issues. Any developer is going to understand the headache of picking up someone else’s poorly-formatted code and trying to work with it. With MyBB, there is no headache at all. As for what I would like to change, we can go down the whole “opening brace on the same line” road, but I have a feeling most are not going to agree with me judging by the standards that were decided upon for MyBB 2.0 Smile It really comes down to a matter of personal preference.

Looking at IcyBoards, why do you choose to solely host MyBB?

Most of the reasons just come down to personal preference, again. Before I started working on IcyBoards, I ran a few forums of my own. I tried several different software solutions, including phpBB, SMF, and PunBB. Honestly, I just didn’t like any of them. After IcyBoards was up and running for a few years, I did look at SMF hosting but the code was just… not fun. It was messy. Additionally, I decided that I would rather have one solid high quality service rather than have my time split between two separate services.

Do you plan to provide hosting for 2.0?

Absolutely. I am very excited to see what MyBB 2.0 brings to the table. IcyBoards is set up in such a way that we can host multiple versions of the software in parallel. We most likely will follow the same path we followed when MyBB 1.8 was released. Once MyBB 2.0 is made available in a stable release, we will begin providing hosting right away. At the same time, we will start working on a migration path for MyBB 1.8 users. We will continue to host and provide support for our MyBB 1.8 users as long as possible, if not indefinitely (to be determined).

What was the most challenging thing to accomplish while developing IcyBoards?

Believe it or not, the most challenging part of developing and running IcyBoards has been spam management. The majority of spammers are automated bots that join and post. They hit thousands and thousands of forums and sometimes make hundreds of posts per forum. If you’re an admin or moderator, it’s no problem. You log in and delete spam when you come across it. When you’re running a hosting service like IcyBoards, you are hosting tens thousands of forums on one system all sharing resources. When you get hundreds of bots making hundreds of posts on tens of thousands of forums, you get… a big mess. On top of this, you get old inactive forums where the staff are never logging in and the spam just accumulates. It’s not unusual for such forums to consume 30-40-50, or even more, gigabytes of database space. I developed several ways of detecting/blocking these posts over the past 1-2 years that have been working well.

Do you have anything to add that hasn’t been mentioned in the earlier questions or answers?

Most importantly, I would like to give a big thank you to all of the developers at MyBB. A service like this would not be possible without their long and hard work. Secondly, we are always looking for ways to improve our service and really appreciate suggestions. You may post suggestions in our thread in the “Showcase” forum.

MyBB 1.8.11 & Merge System 1.8.11 Release

Posted on by

MyBB 1.8.11 is now available from the MyBB website, and is a security and maintenance release.

What’s added/changed in this version?

This release fixes 3 security vulnerabilities and 32 reported issues causing incorrect functionality of MyBB. Please be aware that not all issues have been fixed in this version in order to provide easy to manage updates.

  • Vulnerabilities:
    • High risk: XSS Injection in Email MyCode – reported by Zhiyang Zeng of Tencent security platform department
    • Medium risk: SSRF protection can be bypassed – reported by Orange Tsai of DEVCORE and Jasveer Singh of SEC Consult Vulnerability Lab
    • Low risk: Directory Traversal in smilie module – reported by Zhiyang Zeng of Tencent security platform department

Please view the 1.8.11 changes on the Docs site for more information about the changes in this version.

Please note, that you do need to run the upgrade script for this version.

Upgrading from 1.8.10 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 5 language files and 7 templates were changed or added.

If you’re using MyBB 1.8.10:

  • Download and use the Changed Files Package
    • MD5: f99cdecf3d96c8c39441c81d8468e4f6
    • SHA1: 323bec46d3da051fe5e9899e1a4ffdd8e538b5f5
    • SHA256: f3a50f31dc6045e63ccad826fd4fa35f1240891238f4fbcdaeb724835cd58f4d
    • SHA512: 4d9018f2e1f286dd447e4c4db0ba9be18b1c407ed63272711d11deb6a09d7e301967917d465e368d8ebdd046cc0c7c5a23308b8ed72f8d5f9e9307ba6a81f8e3
  • Follow the Docs Upgrading Instructions

If you’re using MyBB 1.8.9 or lower:

  • Download and use the full 1.8.11 Release Package
    • MD5: d4d3de795b69b076264a007e7a989f64
    • SHA1: 5ca8bf23a8efe0940bfe3c6fba852676144ea134
    • SHA256: c95cf770fffb37f811bee17a828cea8f0c789f22069c1783f3fb6f567fa7ca43
    • SHA512: 9db6ec3894cd66a26dffb5682109e25073148f1c885f2e0638be8c7d95eb2ba5e16db6dc66087431e919d849acdb7c2c11c95e247e99f6f8f44bcc19fe721015
  • Follow the Docs Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

MyBB Merge System 1.8.11

MyBB Merge System 1.8.11 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.8 series.

This release is to ensure that all users of MyBB Merge 1.8 have the latest fixes.

What’s new in this version?

Thanks,

MyBB Team

Note about updated packages

The original packages have been replaced by updated packages to fix a compatibility issue causing warnings on certain PHP environments.

If you installed or updated your forums using either the full or changed files packages prior to 19:00 on April 6, 2017 GMT please download a fresh package from the links above and replace the following file:

  • inc/functions.php

You do not need to run the installer or make any further changes. You can use the file verification tool to determine whether you have the latest package, the file above will appear to be modified if you need to download an updated copy.

We apologise of any inconvenience.