Access to community forums restored, modifications site underway, updates & FAQ

Posted on June 3, 2012 by Chris Boulton

Following on from our We’ll be back soon post yesterday, I just wanted to provide an update on our recovery efforts as well as address a few of the commonly asked questions.

After a comprehensive investigation, including audits of all files on our existing servers as well as an analysis of server and website access logs, we’re happy to confidently say that we do not believe any of our servers were compromised, or our databases accessed.

As you’ve likely noticed, access to the MyBB Community Forums has now been restored. Because we don’t believe the MyBB database was compromised, we have opted to not require users to change their passwords on next login. If you’re having difficulty accessing the forums (for example, if it’s redirecting to http://www.mybb.com, or stylesheets aren’t loading correctly), then please clear your web browser cache and try again.

We’re working on restoring access to the MyBB Mods website as soon as we can, however expect the modifications site take another 24 hours before it can be pushed live.

Our team are also busy working on relaunching the official MyBB documentation, using GitHub Pages. We’re moving away from MediaWiki and wiki-based documentation primarily because we believe our efforts are best focused on maintaining our core website, forums and modifications site rather than managing a slew of third-party applications (this is the same reason why our blog is now powered by WordPress.com). Because GitHub Pages is directly backed to a Git repository, the entire community can still collaborate to our documentation using pull requests.

At this stage, we plan to discontinue the MyBB Ideas site. We believe that through great collaboration on the MyBB Community Forums in our MyBB 1.8 Feature Suggestions and MyBB 2.0 Feature Suggestions forums, together we can build even greater software. It also means there’s one less place to collect feedback from.

We’re taking an overly cautious process with the restoration. If we chose to, we could simply flick all services on again, and have the wiki, modifications site, etc live. Instead, even though we’re confident there was no breach of our servers, we’re still handling the situation if there were. Before anything is relaunched, we’re:

Verifying access logs of the site to look for suspicious behavior
Verifying the content of the sites by comparing them against previously taken backups (both onsite and offsite, and against backups taken recently and those taken weeks ago) and analysing each and every difference by hand
Pushing the content of all websites to our new servers from an offline copy, instead of our old servers
Verifying that all of our websites work behind CloudFlare, and implementing caching strategies in CloudFlare to give you even faster page loads

There’s also been a lot of discussion around what legal action we will be taking against those that have attacked us. At this stage, we believe our time and effort is better spent improving and educating users about security, and moving forward with the development of MyBB 1.8, MyBB 2.0, and our rebranding.

Again, we want to thank everyone for their support and patience and look forward to moving onwards and upwards!

Regards,

Chris, Tim, and the rest of the MyBB Team

MyBB 1.6.8 Released – Maintenance Release

Posted on May 27, 2012 by Chris Boulton

MyBB 1.6.8 is now available from the MyBB website and is a general maintenance release.

What’s added/changed in this version?

This release fixes over 40 reported issues causing incorrect functionality of MyBB. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

Please view the 1.6.8 changes in the wiki for more information about the changes in this version.

Standards Update

About half of the files that have changed in this version have been updated to match MyBB Development Standards. A full list of actual changed files (files with bug fixes) and standards changes are available from the Wiki.

These standards include removing whitespace at the end of files and ensuring they are encoded properly.

Upgrading from 1.6.7 and Other Versions

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 4 language files (with 23 having standard updates). 2 templates have been changed.

If you’re using MyBB 1.6.7

Download and use the Changed Files Package (MD5: 68cbdca5c5dbf9e6e7bf26f29b44ebed)

Follow the Wiki Upgrading Instructions

If you’re using MyBB 1.6.6 or lower

Download and use the full 1.6.8 Release Package (MD5: b6a40feff176bffa8a46b087e6228beb)

Follow the Wiki Upgrading Instructions

Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page or in our Private Inquiries forum – where you can start a new thread that only you and the MyBB Team can see.

Thanks,

MyBB Team

Dennis Tsang answers your questions

Posted on April 19, 2012 by Chris Boulton

Dennis Tsang has been with the team for a long time, playing numerous important roles and having a lot of input over the years. He took some time to answer your questions!

Being one of the more active, long-time members, what keeps you coming back to MyBB?

MyBB is so easy to work with. The core is easy to understand and use; it’s lean and lightweight. It’s simple to customize. In terms of the community, it’s the perfect size where people can get to know each other and help each other out. There are wonderful developers and themers who produce awesome themes.

Other than MyBB, what are some of your hobbies?

I volunteer with a couple of youth groups, namely youth ministry at St. Francis Xavier Catholic Church in Vancouver, B.C. I am on the council of the S.U.C.C.E.S.S. Youth Leadership Millennium Program.

I am a transit enthusiast and photographer. I love buses and trains. My transit photography can be found at BusTrainFerry.com.

What is it about public transport that you’re so interested in?

I’m most interested in the systems behind public transit operations. For example, here in Vancouver we have a metro line called the SkyTrain, which is fully automated. The automation has intrigued me since I was young and I’ve been trying to figure out how it all works. The vehicles themselves (both buses and trains) are also an interest of mine — the skill required by operators to maneuver the buses through traffic is astounding.

What is your favourite movie?

The Matrix.

Are you as excited about MyBB as you first were about it?

Yes of course. The advent of MyBB 2.0 is very exciting as it’s the first rewrite we’ve done since the inception of the project itself. The web has changed very dramatically in the past few years from both technical and social standpoints. MyBB 2.0 will hopefully take forum software to the next level by harnessing new concepts and technologies and making a usable package in the age of Web 2.0 and beyond, while still maintaining our core roots of powerfulness, simplicity, and extensibility.

What career do you hope to achieve after completion of your course?

Later this year I will be starting as a software developer at A Thinking Ape. Software has always been an interest of mine, and that’s why I went into Computer Science. My particular interests are in mobile and web technologies.

The best day of your life was…

The day I was born.

In your opinion, what is the most underused feature of MyBB?

Threaded Mode on the show thread page. I’ve never used it. Do you use it?

How long can you hold your breath for?

At least the length of the George Massey Tunnel.

Anything else you’d like to add?

It’s been a pleasure to be on the MyBB team. It’s always enjoyable to see people who use our software and love MyBB as much as we as staff do.

Get your questions answered

They can be general to all/any staff or specific to one member, either way, post them in the Questions for team members thread and I’ll ask them if appropriate. A lot of staff have been answering questions in the thread too, so it’s a great ‘open discussion’ thread too! Thank you.

MyBB 1.8 Tour: Introduction

Posted on April 3, 2012 by Chris Boulton

On April 1st we announced a 1.6.7 Update which updated both MyBB and the Merge System. If you haven’t seen this or not upgraded yet please make sure you read the MyBB and Merge System 1.6.7 Release blog post. We also announced our plans for MyBB 1.8; it was no April Fool.

Back in 2010, just under 2 years ago, we released MyBB 1.6 which introduced over 40 new features – some more at home in commercial software. As MyBB’s popularity continues to grow, the rise of social networks, rival software and the greater expectations of users old and new gives us some of the hardest challenges we’ve faced; to stay on top, to deliver a brilliant product and provide it to you for free.

With our development roadmap for MyBB 2.0 getting underway soon, we quickly felt the need to bridge the large gap that would have been 1.6 to 2.0. We wanted to create something that would provide a legacy to users of the 1.x series – the best of the best – and there was only one way we could get that to our users; MyBB 1.8.

What You Can Expect From 1.8

Whereas 1.2, 1.4 and 1.6 delivered over 100 new features 1.8 aims to be more of a subtle upgrade, a facelift and a move to more open source development so that others too can help create the best free forum software. We’ll of course be providing the usual bug fixes and working with large forum owners to see if we can help further improve performance and stability. MyBB 1.8 is a perfect chance for us to provide changes that we couldn’t typically do within our maintenance cycles.

A New Look

When we announced our new logo and mascot, Bolt, the Team soon realised that we didn’t want to wait until 2.0 was released to use them. The 1.6 default theme made these look out of place in its dated design (which was last updated in 2008) so we needed something more up to date. Justin, our lead designer, who created the Apart theme series (from which many MyBB communities either use or have customised the look for themselves) has worked on developing the series for the new 1.8 default theme. We worked together to figure out a method for enabling the Apart colours to be included by default but without the need for including 14 separate themes before the administrator even opened their forum. This method is what we call attachable base colours.

These changes to the theme system allow you to create colours to which you can attach stylesheets (just like you can attach stylesheets to pages). You can also set a display order for all your stylesheets so that they can override styles. Together, the changes mean you can add a theme with as many custom colours as you want. Using the parent/child theme structure that already exists in 1.x you can restrict or allow certain usergroups to use these colours and, as they inherit the main stylesheets, they’re very easy to manage. So, there is no longer the need to install a dozen different themes just for a different colour header.

A New Look Admin Control Panel (ACP)

Along with the new default theme there needs to be a new look Admin Control Panel (ACP). Our ACP is regarded as one of the easiest to use; it’s friendly and we didn’t want to change it much. Instead, we gave it a similar Apart makeover to our front-end.

Please note that along with the default theme the look may change as development continues.

Powered by jQuery

While 1.8 won’t be able to make your cocoa or project your forum’s logo onto the moon, much to our disappointment, we really weren’t pulling a prank on this one; MyBB 1.8 will be powered by jQuery. The lighter and more powerful JavaScript library should be able to extend what both Theme Artists and Plugin Developers are able to do without causing conflicts or heavy loading pages. Both front-end and back-end will use the library. This change is probably the most destructive for themes and plugins in the 1.8 upgrade and we’ll be providing support throughout its beta period ready for a main release. In total, including the changes to the default theme, about 20 templates require updating from 1.6.

Along with jQuery comes a change in post editor. Although I’ve had my eye on an ‘off the shelf’ editor for quite some time we’ve yet to make a decision on whether we write our own or not; we’ll be covering that in a future tour. However, please don’t suggest which editor to use as our aim is to make it interchangeable so you can use your favourite one.

Trash Can

One of the most requested features for MyBB is a trash can – or as I prefer, the ability to recover deleted posts. In 1.8, you’ll be able to decide if a user’s deleted post is obliterated forever or is recoverable via the Mod CP. Global and usergroup permissions will allow this to be controlled across your users.

Spam Improvements

For those of you waiting for Spam Ninja I’m very sorry to disappoint as I did promise it to you last year. As soon as 1.8 was decided, I stopped developing it as a plugin and started integrating relevant parts into the core instead. We’ll be looking to improve spam prevention and detection in 1.8 which we’ll cover in a future tour.

Upgrading to 1.8

Upgrading to 1.8 will be similar to upgrading from 1.4 to 1.6; many plugins will only need to change their compatibility line and will only need some major changes if they use Prototype JavaScript, use login functions or make large theme changes. Throughout the beta period, we’ll be upgrading the Wiki with new information and providing support to plugin developers to help them with their new plugins.

Github

The Team has been trying to plan a move away from our current SVN setup to the popular social coding site Github for some time. We’ve come up against problems but feel confident that now is the time to open up our development to people outside of the MyBB Team. Github can be an extremely powerful tool for development and it is something we’re eager to do – we have been working on 1.8 in secret in one of our repositories there which will be made available after our first beta release.

We’ve gone outside of our usual box with 1.8 in that we’re actually telling you what we’re doing and what we’re planning even though none of this is public. We’re aiming to provide a beta of 1.8 in May so please be patient while we’re polishing our development and removing all the takeaways and soft drink cans.

Wrap

With MyBB 1.8, our aim is to fully complete the series with features and improvements that make us a better rival not only to our free forum software friends but also to commercial community software too. We want to make it more friendly, faster and go further than any of our products have been before. Everyone here at MyBB is looking forward to 1.8 and hope you are too!

See you at the next tour!

Tomm

MyBB 1.6.7 Release, Merge 1.6.7 & MyBB 1.8 Development

Posted on April 1, 2012 by Chris Boulton

MyBB 1.6.7 – Security, Maintenance and Feature Release

MyBB 1.6.7 is now available from the MyBB website and is a security, maintenance and feature update.

In 1.6.7 there are 5 new feature updates and over 70 reported issues fixed. Please be aware that to be able to provide easy to manage updates not all issues have been fixed in this version.

1.6.7 fixes 5 low-risk security vulnerabilities.

SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
Full Path Disclosure if malformed forumread cookie is used

ACP vulnerabilities require Administrator permissions and so considered low-risk. We recommend planning your upgrade as quickly as possible to ensure your forum is as secure as it can be.

New features included in 1.6.7 update include the ability to login with a username, an email or both. For more information about new features, please see the Wiki on 1.6.7.

View 1.6.7 Changes in the Wiki

Upgrading from 1.6.6 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including languages files, please make sure you make a change log for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are also language and theme changes.

If you’re using MyBB 1.6.6

Download and use the Changed Files Package

Follow the Wiki Upgrading instructions

If you’re not using MyBB 1.6.6

Download and use the full 1.6.7 release package

Follow the Wiki Upgrading instructions

Reporting MyBB security vulnerabilities

MyBB Merge System 1.6.7

MyBB Merge System 1.6.7 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.

This release fixes several reported issues since the release of 1.6.3, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s new in this version?

3 bug fixes (view all)
Version jump to 1.6.7 from 1.6.3 to match the current MyBB Version. From now on we’ll do our best to keep these in sync.

This includes some critical fixes for phpBB that caused infinite loops.

MyBB Mascot Update

We recently held our MyBB Mascot Naming Contest. Many community members proposed names and after a week a poll with the top names was put up. After another week of voting, the name “Bolt”, after MyBB founder Chris Boulton, was chosen. Proposed by Mebes Net, we of the MyBB Team feels this name conveys the strength and speed of MyBB very effectively.

We are proud to present to you the MyBB Mascot, Bolt!

MyBB 1.8 – The Bridge to 2.0

Everyone here at MyBB are proud to announce the impending arrival of our next major feature release – MyBB 1.8.

Over the last 2 months we’ve been developing in secret at our Github lair, plotting to once again attempt to take over the forum world with our evil plans and awesome free software and to celebrate the 10th anniversary of DevBB – our supreme overlord predecessor.

1.8 isn’t as big of an overhaul as 1.2, 1.4 or 1.6 upgrades which introduced more than 100 features; this is more of a facelift. We took Justin, our lead designer, and locked him in a room with nothing but bacon and water until he came up with a new default theme which is taken from one of (if not the) most popular theme collections used by MyBB communities across the world; his Apart series. That’s not all – we developed attachable base colours to themes so that creating (and using) multi-coloured themes no longer involve adding 14 separate styles. You add just one. A new default theme for your Admin Control Panel (ACP) is available too.

For more than half of MyBB’s rule of the forum world, our JavaScript has been powered by Prototype. It was a popular library when we started using it but it has fallen behind a more powerful (and popular) rival and so we’ve consigned it to MyBB history; MyBB 1.8 is powered by jQuery.

Two of the most requested features for MyBB will also be heading to 1.8. With our switch to jQuery, along comes a new post editor (yet to be decided) and a Trash Can – or more the ability to recover deleted posts via the Mod CP.

Along with the regular bug fixes and a host of other planned improvements, such as an APC cache handler, being able to make a cup of hot cocoa, separating the plugin list to active/inactive, making some functions a bit easier to use and projecting your forum’s logo onto the face of the Moon, we’ll be working with MyBB gurus to improve performance, plugin integrations and we’re looking into making the authentication to 3rd party software much easier too with a dedicated login datahandler. It doesn’t have to be just gurus though; we’ll be opening up 1.8 to everyone on Github so that they too can fork, improve, update and become one with the MyBB Team.

We’re all very excited about this release and hope you are too! More information will be coming soon but in the mean time please feel free to suggest more improvements in our Suggestions and Feedback Forum!

Thanks,

MyBB Team

Learn and Network at ForumCon in San Francisco June 12th!

Posted on March 8, 2012 by Chris Boulton

We don’t come across many events that are tailored exclusively to the forum industry, however we are pleased to announce our involvement with ForumCon. ForumCon is an annual event was launched just a few years ago with the goal of bringing together the industry’s leading forum owners and experts to discuss growth, management, and monetization strategies for forums.

This years I’m pleased to announce that MyBB will be among a select group of media partners who will have a presence at the show. We are hoping to have at least two team members attending, and we may have a couple of tickets to give away to lucky members of the community.

Key Details
ForumCon SF will take place on June 12th at the Hotel Kabuki in the heart of downtown San Francisco. The event will kick off at 9am and conclude with a cocktail hour for networking / conversation at a restaurant / lounge nearby.

More information on location as well as how to get tickets can be found here.

Key Sessions

Kris Jones, author of SEO: Your visual blueprint for effective internet marketing will show you how to better leverage Google Search, Mobile, News, +, to generate more traffic to your forum.
Tyler Tanaka of PostRelease will share best practices for content curation & creation that will wow your community members and keep them coming back.
Steve Dodd of Boardreader will lead a panel of social media experts, and forum owners that have successfully leveraged social media, to discuss ways forum owners can successfully leverage Facebook, Twitter, and other social media sites to drive traffic to their sites (rather than away from).
A panel of monetization experts (representing all types of forum monetization options — images, banner ads, content, link insertion, data, video) will answer all your questions on how to EARN MORE from your forum.
And much more, to be shared within this thread as the information become available.

Jack Bafia, ForumCon co-founder and Chief Monetization Officer of VigLink, shares why he started ForumCon in the short video below.

Thank you,
MyBB Team

Google Translation Plugins

Posted on February 25, 2012 by Chris Boulton

A warning to anyone using any of the various Google Translation Plugins. They will no longer work. Google has disabled the Translation API v1 due to abuse. Someone may write new ones using the new v2 API, however that is a paid service.

You can read more about it here:
http://code.google.com/apis/language/translate/overview.html

I’ve gone ahead and disabled all of the mods on our mods site that are using the v1 API (That I know of anyways), so anything on the mods site should be using v2. If you find one I missed, please respond in this thread with which ones, and a Staff member will take care of it.

Thank you,
MyBB Team

MyBB Merge System 1.6.3

Posted on February 17, 2012 by Chris Boulton

MyBB Merge System 1.6.3 is now available on the MyBB website and is a maintenance update to the MyBB Merge 1.6 series.

This release is to ensure that all users of MyBB Merge 1.6 have the latest fixes.

This release fixes several reported issues since the release of 1.6.2, which caused some incorrect functionality of the Merge System. These bugs have been fixed to provide a more stable version of the Merge System for public use.

What’s fixed in this version?

7 bug fixes (view all)

This includes some critical fixes for things that will cause the system to catastrophically fail.
NOTE: After this release the merge system will jump to match MyBB’s version. So when MyBB 1.6.7 is released, MyBB Merge System 1.6.7 will be released with it. We’re going to try very hard to use that scheme from now on.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Thank you,
MyBB Team

Problems with the 1.6.6 release package

Posted on February 14, 2012 by Chris Boulton

A few days ago we released version 1.6.6, unfortunately we have since realized that the version released was a newer SVN revision than intended, and as a result contains some development code that may compromise the stability of your board.

Please note that this is not a security issue, and we are not aware of any security implications arising from the release.

The issue was rectified shortly after the release and only the main release was affected, not the changed files package.

We advise anyone who used the full release package within the first 24 hours of its release to run the file verification tool in their admin control panel (Tools & Maintenance > File Verification). If any files show differences which are not manual file modifications they should be replaced with files from the current version of the release package.

Thank you,
MyBB Team

MyBB 1.6.6 Security Release

Posted on February 10, 2012 by Chris Boulton

MyBB 1.6.6 is now available from the MyBB website and is a security release for the 1.6 series.

What’s added/changed in this version?

In 1.6.6, 1 major issue and 14 low risk vulnerabilities have been fixed. Only the issues listed below are fixed; a further maintenance release will be available with general fixes to functionality in the near future.

Vulnerabilities:
- Non Critical: Import a non-CSS stylesheet (Theme)
- Low Risk: CSRF vulnerability on Admin CP logout (Issue #1769)
- Low Risk: CSRF vulnerability when clearing a stored password (Issue #1824)
- Low Risk: CSRF vulnerability when removing a buddy (Issue #1825)
- Low Risk: CSRF vulnerability with Admin CP join requests (Issue #1834)
- Low Risk: CSRF vulnerability in Group Promotions Enable/Disable
- Low Risk: CSRF vulnerability in ACP Edit User (Avatar)
- Low Risk: CSRF vulnerability with activating a user
- Low Risk: XSS vulnerability when moving an event (Calendar)
- Low Risk: XSS vulnerabilities in Akismet plugin
- Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)
- Low Risk: XSS vulnerability in Moderator Logs
- Low Risk: XSS vulnerability in Edit Post
- Low Risk: XSS vulnerability when editing Announcements
Thanks to SQA Team Member Nathan Malcolm for finding all of these!
Vanishing Announcements in 1.6.5 (Issue #1781, #1785) – with thanks to Paul H and Vini Holden.

For more information on these vulnerabilities, please view the 1.6.6 Changes in the Wiki.

Upgrading from 1.6.5 and Other Versions

Before performing any upgrade, please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again once the upgrade is complete.

To upgrade, follow the Upgrading process. The upgrade script is required. There are changes to 1 language file. There is 1 change to themes. Please view the 1.6.6 Changes in the Wiki for more information about these changes.

If you’re using MyBB 1.6.5

Download and use the Changed Files Package (MD5 checksum: 4bc870306925bf40643ad7550479c741)

Follow the Wiki Upgrading instructions

If you’re not using MyBB 1.6.5

Download and use the full 1.6.6 release package (MD5 checksum: 79823144eb149fc4f89a1bcf7443a6c3)

Follow the Wiki Upgrading instructions

Reporting MyBB security vulnerabilities

Thank you,
MyBB Team