OnPunBB Beta Launch

rahahm33 · 2009-07-16 02:04:12

Hi everyone,

I'd like to introduce my new project OnPunBB.com. OnPunBB is a free PunBB forum host that offers a unique array of features to customize your board. Some of our distinguishable features include a free subdomain and FTP account with unmetered space for your extensions and skins. Our system is currently running the latest PunBB version (1.3.4) and will continue to update whenever a new release comes out.

This has been a one man job, and so I've been working on it privately for several months and invested alot of time and hard work into this. Its not quite done, but it will. and i would LOVE some help. so heres the board URL:

http://www.onpunbb.com/
http://support.onpunbb.com/ - Powered by PunBB 1.3.4

As we are currently in beta, the website is currently looking for some fresh new users to testdrive our new system. Also, If you come across any bugs, post them in our support forum and we will work them out.

For the most part, I'm open to any suggestions that the community feels may improve this project

Thanks.

StevenBullen · 2009-07-16 08:56:31

You serious?!?

For the most part, I'm open to any suggestions that the community feels may improve this project

Either change to FluxBB or request this topic to be removed would be a good idea.

This is not showing off FluxBB in any shape or form please remove it.

sirena · 2009-07-16 09:59:21

Maybe Smartys would like to join up and offer his views on the service....

Smartys · 2009-07-16 11:09:35

I did join: I had this same problem

http://support.onpunbb.com/viewtopic.php?id=4

Anyway, I did also have a few questions:
1. What are the security implications of allowing people to run arbitrary PHP code on your server?
2. How exactly does the FTP feature work? I didn't any site-specific information in my FTP details: how do you make them unique per forum?
3. How do you handle upgrades, given that you allow people to modify their forum's code? Or do you not allow that: do you only allow access to some sort of special FTP space that your copy of PunBB has been modified to read?
4. How have you handled the issue of hotfixes in 1.3?

rahahm33 · 2009-07-16 16:52:34

1. PHP files outside of the forum's core files cant be executed by ordinary users. Returns with 403.
2. Yes FTP access is unique.
3. You only have FTP access where needed to mod your forum. Modding your forums base code or uploading other files is not allowed.
4. Not sure, but all forum code updates are issued on a server-wide scale.

This is beta, and sometimes the signup may choke, and your registration might not go through. Wait 10mins and if you still don't have an account, try again. Also make sure there are no special characters (ie: hyphens, underscores, etc.) in your subdomain field. We have had some successful signups so far though.

Last edited by rahahm33 (2009-07-16 17:12:55)

Smartys · 2009-07-16 19:59:25

1. I wasn't as concerned about that as I was about people uploading a backdoor on your server or people just outright grabbing the connection details from config.php
2. How? My details from signup:

FTP Server: ftp.onpunbb.com:21

FTP Username: test

FTP Password: test

There are no unique attributes there: what happens if someone else registers as test?
3. Fair enough. Correctly applied file permissions mean that the core can't be edited but that individuals can have access to specific areas relevant to them.
4. To be clearer, hotfixes are extensions released by PunBB to handle security vulnerabilities in their code. How do you integrate them (or plan to integrate them) into your forums?

I just tried signing up again and again nothing happened. I got the message that it successfully created the forum but nothing seems to have been created.

Smartys · 2009-07-16 20:02:14

I just managed to register and I have confirmed an exploit. I'll send you the information via email.

rahahm33 · 2009-07-16 20:29:49

Thanks!

rahahm33 · 2009-07-16 22:17:54

Smartys wrote:

1. I wasn't as concerned about that as I was about people uploading a backdoor on your server or people just outright grabbing the connection details from config.php
2. How? My details from signup:
FTP Server: ftp.onpunbb.com:21

FTP Username: test

FTP Password: test
There are no unique attributes there: what happens if someone else registers as test?
3. Fair enough. Correctly applied file permissions mean that the core can't be edited but that individuals can have access to specific areas relevant to them.
4. To be clearer, hotfixes are extensions released by PunBB to handle security vulnerabilities in their code. How do you integrate them (or plan to integrate them) into your forums?
I just tried signing up again and again nothing happened. I got the message that it successfully created the forum but nothing seems to have been created.

Thanks for your help Smartys, if you find any other exploits please send me an email.

There has been some major systemwide changes made to address these issues along with others. All forum accounts have been wiped so you will have to re-register.

Read more here: http://support.onpunbb.com/viewtopic.php?id=7

Smartys · 2009-07-16 22:48:12

Ooh, another exploit. Sending an email now.

rahahm33 · 2009-07-17 02:13:20

Thanks again, don't know what I'd do without you .

Fixed.
http://support.onpunbb.com/viewtopic.php?id=8

Forums

#1 2009-07-16 02:04:12

OnPunBB Beta Launch

#2 2009-07-16 08:56:31

Re: OnPunBB Beta Launch

#3 2009-07-16 09:59:21

Re: OnPunBB Beta Launch

#4 2009-07-16 11:09:35

Re: OnPunBB Beta Launch

#5 2009-07-16 16:52:34

Re: OnPunBB Beta Launch

#6 2009-07-16 19:59:25

Re: OnPunBB Beta Launch

#7 2009-07-16 20:02:14

Re: OnPunBB Beta Launch

#8 2009-07-16 20:29:49

Re: OnPunBB Beta Launch

#9 2009-07-16 22:17:54

Re: OnPunBB Beta Launch

#10 2009-07-16 22:48:12

Re: OnPunBB Beta Launch

#11 2009-07-17 02:13:20

Re: OnPunBB Beta Launch

Board footer