Categories > WeAreDevs > Announcements >
The forum is now open source
Posted
The forum is now open-source. No coding knowledge required to run it.
Judge my garbage code here! https://github.com/2JJ1/Pow-Forum
As a forum builder, this software is currently in very early alpha stage. It's massively incomplete and many bugs definitely exist.
Assuming you complete the entirety of the configuration, you should have most features that this website offers. Be sure to read the README.md file. I still need to make a UI available for some features. Such as to add additional navbar links, footer links, forum support links, add moderators, etc.
Feel free to make your contributions through pull-requests. White hack hackers, I'd love it if you explored for vulnerabilities. Black hat hackers, alt+f4 for free robux. Feel free to redeploy the forum and modify it as you wish; Considering the GNU license.
I'm still refactoring the code. I've been rushing the past few days to make it redeployable. The forum used to be mostly static and built into the exploits portion of the site. It wasn't built from the ground up to be dynamic, so much of the code will look funny. A lot of the forum is especially very old code from when I was still learning. In many areas, I've continued with my poor old conventions to keep things uniform and easier to read.
As a result of making the forum redeployable, I had to change a few things. One being the URL pattern for subcategory thread lists. It used to use the category name, but I had to change it to use an ID so subcategory names can be reused.
I also noticed my implementation of invisible captcha was useless. I've temporarily(maybe) reverted to captcha v2, where you will have to complete captcha challenges to plainly create a thread or reply.
Replied
i can smell the cyber crime fourms coming
Cancel
Post
https://cdn.discordapp.com/attachments/1066053366758780978/1078052772567597127/image.png
Replied
@atariXD, Use it however you like. It's totally open to the public. This forum has always been more of a project than a product, so I'm not concerned about competition
Cancel
Post
Added
@atariXD, Maybe when it enters beta stage. There's still a lot to do. Feels wrong to collect mons when I could push a breaking change at any time. Though I will try my best to avoid that. If ever, I'd try adding a migration script to the CLI.
Cancel
Post
Replied
I thought it was an april fools joke, then I realised it is april second
Cancel
Post
Replied
Never expexted this to happen tbh
Cancel
Post
Exploits i own:
Script-Ware (Down rn) Electron (UWP) Shadow (UWP)
i dont use verm that much so dont contact me there
Replied
This actually shocked me. Jon, please be aware of the serious black hat hackers, cause they might cause trouble, especially since the forum is now open source. Good luck, however, on maintaining this project.
Cancel
Post
Random quote here...
Replied
@atariXD, How is this better than MyBB? I'm not trying to put it down, as it seems like a valuable addition that many people will use, but I'm interested in understanding what sets it apart from MyBB.
Cancel
Post
Replied
Let's just take a moment to acknowledge how our "competitor" forum (V3RM) is still using MyBB, meanwhile Jon is over here dominating and creating his own forum software.
Seriously though, this action introduces a wide variety of things you must be careful of, for instance, I'm sure that there are some vulnerabilities internally that can be found and exploited now. Security must be one of your top priorities now, as the more people using the software the less you can afford some big vulnerabilities to be found. I'm very sure you already know this though.
I might create some YouTube video to demonstrate the installation of this forum, not just so there is visual instruction but also to possibly give you a little head start in users. Though YouTubes algorithm is very odd so I doubt it'll get much anywhere besides people searching it themselves.
I hope this goes well, I can see this becoming very great, but I do worry about the security of this forum now. Tbh there aren't many people equipped to deal with attacks on this forum, ig we'll see what happens.
I also worry about this forum becoming filled with people looking for support about the software, this community is great but needs to be kept that way. Of course, that sorry is very dependent that the software goes big, but I (and I believe I speak for everyone else on this forum too) have great confidence in this (and ofc, you).
Cancel
Post
we are dead
Replied
@VoidableMethod, Absolutely. I take every measure I can recall to prevent security issues. Query injection is unlikely thanks to using Mongo through an ODM. Even if an XSS point existed, cookie logging is impossible due to being HTTP only. The only identifying and private(depends on who you're talking to) piece of info the site collects is an email address. Everything else is already public.
My only job is pretty much to remember to escape every user input and be careful of data leaks where data is output. Security wise at least. Resource attacks... Hmm
Honestly, I'm kind of hopeful that someone will find an issue. I always learn so much with each new attack.
Cancel
Post
Added
@reversed_coffee, Now people can stop asking about adding their bot. Can just make a pull request!
Cancel
Post
Added
@reversed_coffee, Reversed has blocked notifications confirmed. Sad. Jk lol, but yeah. It also works on iOS, but you have to add it as a web-app then subscribe through the footer
Cancel
Post
Replied
A good decision, also thats a Good way to improve the software & your knowledge on all aspects! Thank you, useful contribution.
Cancel
Post
I'm not lazy, I'm just highly motivated to do nothing. #I💚Dogs.
Replied
@Xero
I love how consistent you are to liking posts/threads
Cancel
Post
we are dead
Users viewing this thread:
( Members: 0, Guests: 2, Total: 2 )
Cancel
Post