MyBB 2.0 Repository Compromised

Discussion in 'MyBB' started by Azareal, Mar 8, 2015.

  1. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
    mybb-1.PNG mybb-3.PNG mybb-4.PNG
    I saw these on TAZ earlier today which shows that they may have gotten their hands on the MyBB 2.0 source--code, as they seem to be selling it now.

    Honestly.. The code is bound to be out soon, so buying it is a silly idea, but someone's bound to do it.
     
  2. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    We are aware of this issue. The compromise seems to stem from the same hack attack that compromised the Twitter account. It would seem the staff member in question was using the same password for GitHub, and did not have 2 Factor Authentication enabled (though all staff have been required to do so for some months now...). I can say that the code seems to be very out of date, with the last commit shown in the screenshots being from the 24th of January - thus making it even more foolish to spend any amount of money on such a purchase. Even now, the product is nowhere near finished and we're two months on from this code base.
     
  3. ozzy47

    ozzy47 Tazmanian Veteran

    9,007
    892
    +4,328
    But you know, there is some fools out there that will purchase it.
     
  4. rafalp

    rafalp Desu Ex

    1,180
    707
    +363
    1. Do open source project
    2. Use private repos and keep entire process secret
    3. ?????
    4. Profit?
    6. Point #5 is missing
     
  5. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    Unfortunately. All they'll get is a few HTML mockups that we're going to be releasing screenshots of anyway, and a vastly outdated codebase with nothing more than an index page, so long as the screenshots show the most up-to-date code ;)
     
  6. JoshH99

    JoshH99 Team MyBB

    84
    11
    +0
    rafalp My understanding is that we're currently working within a private repo just for the very initial foundations of the software. This avoids excessive discussion about it at this stage, as well as prevents people from seeing early features potentially getting removed and complaining.

    Trust me, I know that many people on the team want to open it as soon as possible. The team now is far different in practices than the past.

    PS: I am on the dev team, just don't have the trophy here :p. Proof: http://community.mybb.com/user-43697.html
     
  7. Danielx64

    Danielx64 Developer

    3,330
    607
    +1,395
    Another sad blow for mybb.
     
  8. cronhound

    cronhound Aspirant

    20
    3
    +3
    I know this is bordering on a necropost, but:
    MyBB 2.0 is using laravel? Hnnnnggghhh

    tbh I don't see what thrill people get out of "hacking" an open source project
     
  9. Azareal

    Azareal The AtomBB Overlord

    1,142
    317
    +471
    Normally, I would say that it's probably a kid, but it looks like they want to make money out of it in this specific case.
    As an open source project, there's not much for them to take that'll rake in money though.

    What's wrong with Lavarel? Personally, my preference would be to go custom, but MyBB wants an existing framework behind them to accelerate their progress.
     
  10. cronhound

    cronhound Aspirant

    20
    3
    +3
    Kids like money too ;)

    I suppose they did it for the same reason the lizard twats exist, for attention.

    That was a nice "hnngggghh". I occasionally use Laravel for projects at work and it's pretty damn awesome to work with.
     
  11. euantor

    euantor MyBB Lead Developer

    722
    367
    +407
    Yep, we are. We evaluated several existing frameworks, and Laravel 5 feels like the best fit. A lot of our team have experience with it (I use it at work a fair bit and have written other projects in it, for example) and it's allowing us to work at a much faster rate than we would otherwise.

    We did consider writing our own framework from scratch using existing components from frameworks such as Symphony and Aura (an approach I have also used in the past), but using a full stack framework is leading to a much faster development cycle.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.