Yet, another XenForo Addon developer exposed: warez/brivium related

Discussion in 'XenForo' started by Alfa1, Jun 19, 2018.

  1. Alfa1

    Alfa1 Moderator

    3,493
    1,202
    +2,429
    The developer collective wagrasol has been active on xenforo.com for months and has completed various projects. 2 new members have stated to be happy customers. So far so good:
    https://xenforo.com/community/threa...pment-consultation-migration-services.127947/
    A simple Google search for 'wagrasol' exposes that a person with the unique name wagrasol, with an apparent interest in addon development, also from Islamabad Pakistan is active on a site for nulled xenforo and hackers. Just shortly after joining xenforo.com
    IIRC this site is related to the hackers collective Brivium. wagrasol positively rated a resource by brivium. 'Brivium Modern Statistics' on that site.

    Its unclear if the developer collective is a hacker collective or not. Its unclear what their relation to brivium is. Its clear that they have some involvement with nulled software. Whether they only use it or they produce it is unclear.

    I did report it to the xenforo staff. They found no problem.
    I will leave it to you to draw your own conclusion. To me it has all alarm bells ringing.
    I hope this doesn't lead to another train wreck.
     
    • Informative! Informative! x 4
    • Like Like x 2
    • List
  2. LeadCrow

    LeadCrow Apocalypse Admin

    6,245
    1,232
    +2,043
    A cursory check suggests that user (or a member of that collective) at some point may have downloaded a nulled version of one of Brivium's paid addons there.
    Has this Wagrasol's work triggered concerns so far?

    On an aside, maybe XF should consider ending the practice of groups of nameless people using a single account, this can lead to situations like ban evaders coming back and sneaking in behind users with a clean reputation. 1 account for every 1 single individual, so every person can be held responsible for their own actions as well as take proper credit for their activity and posts on XF.com.
     
  3. Mouth

    Mouth Enthusiast

    188
    93
    +103
    For me, the bells are ringing loudest over the apparent non(action) of the XF team.
    The 3rd party add-on developer environment is always a wild-west of cowboys with no checks and balances from XF, but seemingly ignoring promoting highly probable hackers just screams security issues for site owners.
     
  4. Russ

    Russ Administrator

    1,174
    922
    +1,626
    I'm curious but what sort of action would you expect to see from XF? Unless I'm missing something that account has zero posts and liked a Brivium resource over a year ago, you want XF to ban him for that?

    Also what sort of checks and balances would you like to see?
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  5. Mouth

    Mouth Enthusiast

    188
    93
    +103
    Not delete posts alerting customers of a possible "buyer beware" risk with engagement for a 3rd party add-on developer?
    There's quite a loooong thread somewhere with lots of input and ideas about XF 3rd party developers.
     
  6. we_are_borg

    we_are_borg Moderator

    4,479
    807
    +1,722
    I have seen Xenforo rocks before they only do nulled versions for some time now. Anyone on that site i would not recommend having on your site. If you dig deeper into this you will see that at somepoint Wagrasol is only active on XF but he liked null stuff on two other sites. But if you look on those sites now he vanished.
     
    • Informative! Informative! x 1
    • List
  7. sanction9

    sanction9 Enthusiast

    112
    28
    +61
    People can change. Even if we knew for a fact it was the same person. And even if it is the same person, the fact that he's maybe used some nulled software, maybe because he lives in a place where the average yearly income is something like $1,500, doesn't necessarily mean he would be doing anything malicious with his code.
     
  8. Steve

    Steve Administrator

    3,344
    1,562
    +2,831
    It’s concerning that the developer doesn’t want to publicly post any info of his worthiness.
     
    • Agree Agree x 3
    • Like Like x 1
    • List
  9. we_are_borg

    we_are_borg Moderator

    4,479
    807
    +1,722
    Even if he Lives where income is low as developer you’ll need to stay away from it, we have seen this before and most times it never ends well.
     
  10. Mouth

    Mouth Enthusiast

    188
    93
    +103
    Perhaps not. But would you be willing to risk your site, its content, your users personal data, and the security of your server on that gamble?
     
  11. sanction9

    sanction9 Enthusiast

    112
    28
    +61
    Maybe and don't know. Just saying that I can see why the XF team wouldn't allow what basically amounts to "guilty by association" accusations on their forums.
     
  12. Alfa1

    Alfa1 Moderator

    3,493
    1,202
    +2,429
    This is the information that Hassan has provided to me:

    wagrasol/Hassan has sent me his fiver profile which has many projects completed and positive reviews. And also screenshots from positive upwork reviews. Normally his fiver profile is set to private. His upwork profile is also private. The reason given is: 'It is only visible to those where i personally apply or send proposals, Because it happened many times that competitors put fake orders and proposals to downgrade other people. '

    Hassan has explained that the use of the nulled software in 2017 was for learning purposes only.
     
    • Informative! Informative! x 4
    • Like Like x 1
    • Agree Agree x 1
    • List
  13. Mouth

    Mouth Enthusiast

    188
    93
    +103
    Is that common for developers? To download other developers hacked work for learning?
     
  14. djbaxter

    djbaxter Tazmanian Veteran

    10,473
    917
    +450
    No. But let it go. As long as he's not stealing someone else's work and passing it off as his own, I don't see the point in judging him or attacking his reputation here.
     
  15. Mouth

    Mouth Enthusiast

    188
    93
    +103
    Despite the XF owners/staff making it very clear that they want and expect us to do exactly that? Due diligence on 3rd party developers.
    With no publicly available add-ons and only a couple of very recent feedback posts, we can't ask for further feedback from clients without the developer saying its rude to ask/enquire publicly, and being called a troll? And then the developer spits the dummy and leaves.
     
  16. Russ

    Russ Administrator

    1,174
    922
    +1,626
    XF definitely advises for people to do their own due diligence but I'm assuming you had no intention of ever using this developers services. I don't think XF promotes users starting witch hunts on third-party developers.
     
  17. Mouth

    Mouth Enthusiast

    188
    93
    +103
    I use/used several XF 3rd party developers. I have a mid size project that I'm actively seeking a good/reputable developer for. All those I've contacted to date are either unable to do the work or too busy. That is certainly the case now.

    I simply asked his clients if they'd share some more information from their feedback and lets us see the add-on(s) developed in action. It was the developer who started a witch hunt about having to ask in private and not publicly.
     
  18. Russ

    Russ Administrator

    1,174
    922
    +1,626
    Maybe I'm not reading the right thread, but all of his responses seemed rather... polite? It's not uncommon for users to share custom work in private, I don't see the big deal here.
     
  19. Mouth

    Mouth Enthusiast

    188
    93
    +103
    Apart from one post with name calling, I think all other posts are.

    Exactly.
     
  20. we_are_borg

    we_are_borg Moderator

    4,479
    807
    +1,722
    Was it nice from him to download nulled stuff and learn from it no it wasn’t, but he stopped doing so that great to hear. But if he downloaded Brivium add-ons and learned from that, well lets hope not.
     
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.