MyBB 2.0 Repository Compromised

Azareal

The AtomBB Overlord
Joined
Mar 7, 2010
Messages
1,142
mybb-1.PNG mybb-3.PNG mybb-4.PNG
I saw these on TAZ earlier today which shows that they may have gotten their hands on the MyBB 2.0 source--code, as they seem to be selling it now.

Honestly.. The code is bound to be out soon, so buying it is a silly idea, but someone's bound to do it.
 

euantor

MyBB Lead Developer
Joined
Jul 23, 2009
Messages
723
We are aware of this issue. The compromise seems to stem from the same hack attack that compromised the Twitter account. It would seem the staff member in question was using the same password for GitHub, and did not have 2 Factor Authentication enabled (though all staff have been required to do so for some months now...). I can say that the code seems to be very out of date, with the last commit shown in the screenshots being from the 24th of January - thus making it even more foolish to spend any amount of money on such a purchase. Even now, the product is nowhere near finished and we're two months on from this code base.
 

ozzy47

Tazmanian Veteran
Joined
Oct 18, 2013
Messages
9,007
But you know, there is some fools out there that will purchase it.
 

rafalp

Desu Ex
Joined
Feb 17, 2008
Messages
1,183
1. Do open source project
2. Use private repos and keep entire process secret
3. ?????
4. Profit?
6. Point #5 is missing
 

euantor

MyBB Lead Developer
Joined
Jul 23, 2009
Messages
723
But you know, there is some fools out there that will purchase it.
Unfortunately. All they'll get is a few HTML mockups that we're going to be releasing screenshots of anyway, and a vastly outdated codebase with nothing more than an index page, so long as the screenshots show the most up-to-date code ;)
 

JoshH99

Team MyBB
Joined
Apr 23, 2011
Messages
84
rafalp My understanding is that we're currently working within a private repo just for the very initial foundations of the software. This avoids excessive discussion about it at this stage, as well as prevents people from seeing early features potentially getting removed and complaining.

Trust me, I know that many people on the team want to open it as soon as possible. The team now is far different in practices than the past.

PS: I am on the dev team, just don't have the trophy here :p. Proof: http://community.mybb.com/user-43697.html
 

cronhound

Aspirant
Joined
Jul 23, 2013
Messages
20
I know this is bordering on a necropost, but:
MyBB 2.0 is using laravel? Hnnnnggghhh

tbh I don't see what thrill people get out of "hacking" an open source project
 

Azareal

The AtomBB Overlord
Joined
Mar 7, 2010
Messages
1,142
tbh I don't see what thrill people get out of "hacking" an open source project
Normally, I would say that it's probably a kid, but it looks like they want to make money out of it in this specific case.
As an open source project, there's not much for them to take that'll rake in money though.

MyBB 2.0 is using laravel? Hnnnnggghhh
What's wrong with Lavarel? Personally, my preference would be to go custom, but MyBB wants an existing framework behind them to accelerate their progress.
 

cronhound

Aspirant
Joined
Jul 23, 2013
Messages
20
Normally, I would say that it's probably a kid, but it looks like they want to make money out of it in this specific case.
As an open source project, there's not much for them to take that'll rake in money though.
Kids like money too ;)

I suppose they did it for the same reason the lizard twats exist, for attention.

What's wrong with Lavarel? Personally, my preference would be to go custom, but MyBB wants an existing framework behind them to accelerate their progress.
That was a nice "hnngggghh". I occasionally use Laravel for projects at work and it's pretty damn awesome to work with.
 

euantor

MyBB Lead Developer
Joined
Jul 23, 2009
Messages
723
MyBB 2.0 is using laravel? Hnnnnggghhh
Yep, we are. We evaluated several existing frameworks, and Laravel 5 feels like the best fit. A lot of our team have experience with it (I use it at work a fair bit and have written other projects in it, for example) and it's allowing us to work at a much faster rate than we would otherwise.

We did consider writing our own framework from scratch using existing components from frameworks such as Symphony and Aura (an approach I have also used in the past), but using a full stack framework is leading to a much faster development cycle.
 
Top