Hide SMF Version

Started by 青山 素子, January 01, 2008, 01:09:09 AM

Previous topic - Next topic

青山 素子

Link to Mod

Hide SMF Version
================


About
-----
This modification provides a way to toggle display of the SMF version you are
running for non-administrators. It is intended to be a safe way to hide the
version for normal users.

This mod and other information can be found at:
http://www.animeneko.net/projects/smf/


Features
--------
- Hide the version of SMF you are using from non-Administrators


How to Use
----------
You can find the setting by going to:

SMF 2.0:
Admin -> Configuration -> Security & Moderation -> General

If you are an administrator, you will always see the version. This
prevents modification install and software upgrades from experiencing
errors. To verify the modification is working, make sure the option is
checked and then view your forum while not logged in.


License
-------
This code is licensed under the terms of the Modified BSD License. SMF code
used in this mod is copyright Simple Machines. All original code is copyright
Michael Johnson.


Rant
----
You probably don't need this modification. Despite much "received wisdom" on
the topic, most of the ways you would be compromised would be part of a whole
group of possible attacks run without even looking at what you're using on your
site. It doesn't matter if you aren't running on Windows, or you don't have
Joomla!, Drupal, or phpBB installed as the scripts will try attacks for those
things anyway. The only help this will provide is in a targeted attack, and
even then a determined attacker can find your version by analyzing the behavior
of the forum.

Regardless, many people still feel comforted by hiding the version.
Unfortunately, many common ways of hiding the version will break modification
installation, patch updates, and other administration features. This
modification was created as a way to hide the version in a safe manner without
breaking administrative activities.


Acknowledgements
----------------
"SMF" and "Simple Machines" are registered trademarks of Simple Machines.


Version History
---------------
See CHANGELOG


Doc Revision 20150701
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Apllicmz

Nice Mod
She work 100%
Thank you
Happy New year 2008



karlbenson

I agree with the rant.

Security through obscurity does NOT work.

It is no substitute for keeping your smf forum, and any mods/themes you have installed updated.

Hoochie Coochie Man

Thank you very much, it vorks perfect!
Here is Turkish language:

//Hide SMF Version - by Hoochie Coochie Man
$txt['hideVersion'] = 'SMF versiyonunu sakla.';
İnadına SMF 1.1.X

Nikki Sixx

Quote from: Motoko-chan on January 01, 2008, 01:09:09 AM
"SMF" and "Simple Machines" are trademarks of Simple Machines LLC.

As a standard character mark, "SMF" is registered trademark of SMF Energy Corporation. However, since the word mark "SMF" is an acronym derived from "Simple Machines Forum," which is legally an unregistered trademark of Simple Machines LLC, I believe it can be claimed as a typed drawing and/or design trademark under the goods and services of the computer, scientific and legal classification.

青山 素子

Quote from: Nikki Sixx on January 01, 2008, 02:32:07 PM
Quote from: Motoko-chan on January 01, 2008, 01:09:09 AM
"SMF" and "Simple Machines" are trademarks of Simple Machines LLC.

As a standard character mark, "SMF" is registered trademark of SMF Energy Corporation. However, since the word mark "SMF" is an acronym derived from "Simple Machines Forum," which is legally an unregistered trademark of Simple Machines LLC, I believe it can be claimed as a typed drawing and/or design trademark under the goods and services of the computer, scientific and legal classification.

SMF is actually a service mark of SMF Energy Corporation. Also, it is in a different domain. This is how companies can hold trademarks on the same name (they are holding them in different categories). Also, you can claim common-law trademark status (using the TM symbol) as Simple Machines LLC is currently doing (at least in the US).

Also, this isn't really the place for a trademark discussion. Can we keep on topic?
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


ALEJO

i still dont get for what this thing works... -.-" somebody can explain me? for what should i hide the version of the smf?
solo el mas paranoico sobrevive

青山 素子

A lot is gone over in the "Rant" section in the readme.

You shouldn't need to hide your SMF version. In fact, it isn't really helpful at all.

A lot of people are under the impression that hiding the SMF version will protect them from hacking. It won't. Most attacks just try every possible vulnerability and see what sticks. Heck, often you will get attacks that are for software you don't even use. Of course, some people are so convinced wrongly they won't believe that and want to do it anyway.

The common method for hiding the version involves removing the version data. This also breaks the notices for SMF in the admin area. Basically, you won't get an alert if there is an important update. What this mod does is makes it so that the version is only hidden for non-admin users, which mean that update notices will still work properly.

So, do you need this mod? NO.
Is removing the version helpful in any way? Not really.
Why did I make the mod? To give those convinced they must hide the version a safe way to do so that doesn't break functionality.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


ALEJO

solo el mas paranoico sobrevive

Anatis

Well.
It broke my board, methinks. I now get "SMF blabla" and "legal requirement" on everything. :/
Ripped it out and I still get it and it was the only change. (1.1.4, but with Tinyportal)
Core template, too.

青山 素子

The only major changes this makes:

For index.php

Find:

// Load the user's cookie (or set as guest) and load their settings.
loadUserSettings();


Add the following BEFORE that:


//If the user isn't an admin, then hide the version'
if(!$user_info['is_admin'] && !empty($modSettings['hideVersion']) && $modSettings['hideVersion'])
$GLOBALS['forum_version'] = 'SMF';


For sources/ModSettings.php (this is just a simple toggle):

Find:

array('check', 'securityDisable'),


Add this BEFORE:

array('check', 'hideVersion'),



There is also one language line added to the modification language file.


Try reversing those steps manually if uninstall doesn't work for some reason.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


青山 素子

Mod updated for 2.0 Beta 3 Public. Also bundled in the Turkish translation from earlier in the topic.

The update wasn't too difficult, I just needed to change ModSettings.php to ManageSettings.php in the install.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Basie

Thanks for this mod.

I use it because I don't want my 'competitor' sites/rivals to know what version I'm using (and not for anti-hacking reasons).

Anyway, in the admin CP it says...

Quote
   Hide SMF version from normal users

Can you please specify exactly what you mean by a 'normal' user?

青山 素子

Quote from: seek2501 on March 25, 2008, 07:35:10 PM
Anyway, in the admin CP it says...

Quote
   Hide SMF version from normal users

Can you please specify exactly what you mean by a 'normal' user?

Any user that isn't an administrator. I couldn't think of any other compact way to say it.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Apllicmz

thank
updated for 2.0 Beta 3 Public



CubaLibre

#15
[EDIT]Ok i find it in ACP it's on Security and Moderation, not on Features and Options  ;)

PrizeLive.com

Just installed this mod successfully but I can't find it where it said it would be " Admin -> Features and Options -> Basic Features ".

Using version 1.1.4 and the Default theme.
Get Paid Instantly via PayPal (or other options) at PrizeLive.com!

2pac

Quote from: MoneyTalkPro.com on April 21, 2008, 07:50:31 PM
Just installed this mod successfully but I can't find it where it said it would be " Admin -> Features and Options -> Basic Features ".

Using version 1.1.4 and the Default theme.

Im not too sure where it would be on 1.1.4 but on 2.0 beta it's under Configuration > Security and Moderation > General

SantaClaws

Admin CP>>Features And Options>>Basic Features>>Scroll Down>>Tick Hide SMF version from normal users.

There. Tell me if it helps if not i'll try get pics.

L'AltroWeb

#19
Thanks!
Here is Italian language:
Quote
//Hide SMF Version
$txt['hideVersion'] = 'Nascondi la versione di SMF agli utenti standard';
:)

Advertisement: