News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Remove SMF version from forum footer

Started by Katsunami, August 04, 2006, 08:19:19 PM

Previous topic - Next topic

Katsunami

Hello,

This is quite a simple question. I do not mind the copyright that is shown in the footer of the forum (far from it, credit where credit is deserved), but I'd like to remove the version number, or replace it with somthing such as X. The reason is simple; if the version number can be readily seen, then someone could target the forum with an exploit known to work on that version.

I have looked for it, but I cannot find the function theme_copyright() anywhere, which seems to put out the copyright strings. Where is it (if that is what I need to modify) ? I also found some occurrences of "1.0.7" in the database, and tried to change them to X or 0.00, but that had no effect.

Thanks for any help :)
[nofollow]

www.fantasywritings.net [nofollow]

Thantos

open index.php and towards the top you should see something like:
$forum_version = 'SMF 1.0.7';

Change that to
$forum_version = 'SMF';

The SMF part has to be there or it'll throw an error.  Also realize that some administrative functions of SMF won't work properly as it won't know which version you are running.

B Patterson

#2
I'm just a stupid idiot... only trying to help... pay no attention to me....

1MileCrash

#3
[Unknown] gave a weird vibe toward this..

Quote from: [Unknown] on July 19, 2005, 07:51:48 PM
You can remove the version number if you like, but don't expect to get as good support from us if you do.

You cannot change the "format" of the copyright statement.  If you don't like it, use another software.

-[Unknown]
Just remember not to touch anything else.

The chances of someone "exploiting" your forum simply because they see the version is minute. It really isnt much defense..
The only thing php can't do is tell you how much milk is left in the fridge.



Orstio

Do not ever change the $forum_copyright variable.  That would be a violation of the SMF license.

If you feel you need to change the version, change it in the index.php variable $forum_version.

B Patterson

#5
Apparently I'm always wrong....

1MileCrash

Quote from: bpat1434 on August 04, 2006, 09:55:32 PM
Um... why can't you change the forum_copyright variable?  Can't you just edit it to say:
QuotePowered by SMF | SMF © 2001-2005, Lewis Media
?

That's not violating it.... is it?  No different than modifying the index.php page ;)

Obey Orstio.
The only thing php can't do is tell you how much milk is left in the fridge.



Orstio

Have you read the SMF license?

http://www.simplemachines.org/about/license.php

Part 1) a. of the agreement reads:

QuoteAll copyright notices within source files and as generated by the Software as output are retained, unchanged.

Therefore, you cannot change the $forum_copyright variable without violating the license.

B Patterson

#8
Nope... I'm still wrong....

Isaac

Obey Orstio. 

The forum version number is different from the copyright.

Orstio

Changing the $forum_version variable does not alter the way in which the $forum_copyright is output.  It changes the visible output of the version within the copyright statement, but not the way in which the copyright is displayed.

So no; modifying $forum_version is not the same as modifying $forum_copyright.

B Patterson

whatever.... I'll remove my posts...

Removal of posts done...

Isaac

Quote from: bpat1434 on August 04, 2006, 10:09:23 PM
whatever.... I'll remove my posts...

Removal of posts done...
Great, now the entire thread is messed up, and it is now useless for anyone to learn from in the future. 

B Patterson

NOpe.... they can learn... I didn't edit anything non-essential... plus I don't want to encourage breaking the license, so all of my attempts to help, although shady, were wrong and I removed them so no-one can say "Well I saw on the SMF forum that you can modify $forum_copyright".... so it's a Cover My Ass thing.

Orstio

Thank you.

While I do understand that your intention was to be helpful, it is also important that the proper information is given to help.

This would be a case where doing things right is just as important as doing the right thing.  ;)

Katsunami

First, I'd like to make clear that I do not want to to violate any license or copyrights. As a technical programmer myself, I know enough about programming and how much work it is.

Quote from: Thantos on August 04, 2006, 09:24:54 PM
open index.php and towards the top you should see something like:
$forum_version = 'SMF 1.0.7';

Change that to
$forum_version = 'SMF';

The SMF part has to be there or it'll throw an error.  Also realize that some administrative functions of SMF won't work properly as it won't know which version you are running.

Thanks for your reply. But, why would administrative functions need to know the version number ? Are they functions that behave differently between different forum versions, and select their behaviour using an "if" or "select" statment or somesuch ?

Quote from: Tippmaster on August 04, 2006, 09:32:20 PM
The chances of someone "exploiting" your forum simply because they see the version is minute. It really isnt much defense..

Are you sure about this ? I have seen about 3 phpBB boards gone down almost the same day they were activated after porting them from another (less well known) software package. After the security leak was patched and the version number of the software removed from the main page, they stayed up without problems.
[nofollow]

www.fantasywritings.net [nofollow]

Orstio

QuoteAre you sure about this ? I have seen about 3 phpBB boards gone down almost the same day they were activated after porting them from another (less well known) software package. After the security leak was patched and the version number of the software removed from the main page, they stayed up without problems.

Script-kiddies typically use something called a "defacer tool".  These work by running through a list of URLs that are input by the script-kiddie, and attempting their "hack" on every URL in the list.  If your site happens to be on some script-kiddie's list of URLs to try, it doesn't matter what software you are using, nor what version.  Their script is going to hit your URL regardless.

Case in point:  I'm using Mambo and SMF on my site, yet some of the hits on my site are from defacer tools designed for IPB, PhpNuke, PhpBB, etc. 

Harzem

You don't need to change $forum_version in index.php. This will affect the way of some administrative functions, as said before.

You also can't change $forum_copyright variable.

There is one thing to be done, which is what I've done in one of my sites.

Open Themes/default/languages/index.english.php

Find:

$forum_copyright = '<a href="http://www.simplemachines.org/" title="Simple Machines Forum" target="_blank">Powered by ' . $forum_version . '</a> |
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank">SMF &copy; 2001-2005, Lewis Media</a>';



Add this before it:


$real_version = $forum_version;
$forum_version = "SMF";


add this after it:


$forum_version =  $real_version;


So everything works in admin area properly, plus you have removed the version number from the footer. Also you haven't modified $forum_copyright.

Arbalot

Harzem this is nice but somebody use this coding badly

Harzem

Quote from: Arbalot on August 05, 2006, 08:26:52 AM
Harzem this is nice but somebody use this coding badly

No, if someone alters the copyright in another way, he will get the ILLEGAL error.

Advertisement: