We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Choice CMS Awards. | Forum

Topic location: Forum home » Support » General Questions
Pete
Pete Oct 15 '12

Why should members vote fore you ?

 

A few members have told you that there or bad bugs in Oxwall ,and upto date you have not botherd to patch them .

 

Can you please tell me why you have not brought out any patches ,even though people can take control of admin .

Purusothaman Ramanujam
I have not voted for Oxwall too for this reason.
Pete
Pete Oct 15 '12


 

Quote from Purusothaman Ramanujam
I have not voted for Oxwall too for this reason.



I think if all these bugs were patched proper,Oxwall would be one of the best free scripts on the web .How can Oxwall possibly ask members to vote when Oxwall won`t listen to members,about these bugs. I am not going to vote for the same reasons . Members please add your views so then maybe Oxwall will do something about these bugs
The Forum post is edited by Pete Oct 15 '12
Pete
Pete Oct 15 '12

I came across this from Oxwall

 

Our users informed us about a possible security threat present in all Oxwall versions, including 1.4. We eliminated it and rolled out this unplanned security release. It contains:

  • User Role management security fix;
  • Prevention of possible XSS attacks in profile questions.

Please update to Oxwall 1.4.1, as soon as it’s available for automatic update in your admin area.

Purusothaman Ramanujam
Why not oxwall publish what has been changed or updated or fixed in their blogs, so that users will know the real importance..

something related to this thread...
http://www.oxwall.org/forum/topic/6162
Pete
Pete Oct 15 '12

Quote from Purusothaman Ramanujam
Why not oxwall publish what has been changed or updated or fixed in their blogs, so that users will know the real importance..



something related to this thread...

http://www.oxwall.org/forum/topic/6162



You make a good point .
Pete
Pete Oct 15 '12

Paul Cuffe 

 

 

Has the bug been fixed were members can take over admin ,the reason why i post this message, it was Paul  that came across this bug.

The Forum post is edited by Pete Oct 15 '12
Emil Team
Emil Oct 15 '12
Guys,


SPAM problem is not related to security issues.


With 1.4.1 release we closed the hole that could allow malicious users to hack into the database and to get any user role. We wrote about this while announcing Oxwall 1.4.1, so you should update as soon as possible.


Spam problem is different and is related to the fact that somebody wrote a script that registers users (just as regular ones) and posts blog posts with spam content. Currently there are 2 possible solutions for that:


1) Download and install free antispam plugin for the Oxwall Store.

2) Consider activating mandatory user approval mode to manually let people in.


If you know how to fight spam more effectively, we'd be grateful if you shared your ideas with us. We are ready to work on the solution.


As usual, SPAM is not related to security and is possible for all pieces software.


Thanks,

Emil

Pete
Pete Oct 15 '12

Quote from Emil S.
Guys,



SPAM problem is not related to security issues.



With 1.4.1 release we closed the hole that could allow malicious users to hack into the database and to get any user role. We wrote about this while announcing Oxwall 1.4.1, so you should update as soon as possible.



Spam problem is different and is related to the fact that somebody wrote a script that registers users (just as regular ones) and posts blog posts with spam content. Currently there are 2 possible solutions for that:



1) Download and install free antispam plugin for the Oxwall Store.

2) Consider activating mandatory user approval mode to manually let people in.



If you know how to fight spam more effectively, we'd be grateful if you shared your ideas with us. We are ready to work on the solution.



As usual, SPAM is not related to security and is possible for all pieces software.



Thanks,

Emil



Hi

 

I was on about some of the bugs in Oxwall ie members can take control of admin .

 

regards

Purusothaman Ramanujam
Its not just with the spam. There are many stuffs that Oxwall should consider and that's the point here.

There are some problems with the anti spam plugin when it comes with general features, as I have mentioned in another post. I personally like the plugin but it stops me using a RSS feed for automation by other sites/apps.

Den Team
Den Oct 15 '12
@Pete

If you mean Paul's report about role management security issue , then yes. It was fixed with the 1.4.1 update, as it's mentioned in blog post:


User Role management security fix;


 


Purusothaman Ramanujam
Good to know that. Thanks for the update Den.

It would add more value if the team can add detailed information what fixes/enhancements available in each updates.
Den Team
Den Oct 15 '12
@Purusothaman


Yeah, we've mentioned it within the blog post. There is no specific full details about this fix especially to safe sites from hack attempts. This is a common practice to avoid publishing specific security bug fixes in details. 

The Forum post is edited by Den Oct 15 '12
Pete
Pete Oct 15 '12

Quote from Den
@Purusothaman



Yeah, we've mentioned it within the blog post. There is no specific full details about this fix especially to safe sites from hack attempts. This is a common practice to avoid publishing specific security bug fixes in details. 



Thanks Den

 

 

Pete
Pete Oct 15 '12

I think if we had a better capcha system this would help to deal with these bots ,the capch type were you can add questions like 4+00000 = 

 

 

Its a pity that we could not ban certian types of email accounts say hotmail etc

Tom
Tom Oct 17 '12
I'm new to the Oxwall community and was more than happy to recommend Oxwall as the best CMS choice, because it was for me.

I'm in the process of getting my site configured and I haven't experienced all of the issues others have, but I'm bravely and eagerly working to launch my site soon. 

I am very grateful to the Oxwall Team for their work and for the community that is supporting them.  I researched all of my options for a social network platform and chose Oxwall because it is:
     - simple
     - does just about everything I need (and more than I need in some cases)
     - It's focused on being lean and fast code
     - Super easy and intuitive to configure (no programming or PHP needed)
     - the support team is very responsive (helpful responses in hours, not days)
     - and the user community has very little complaints (compared to other solutions). 
     - it is truly Open Source software (I have complete control and little cost)
     - I think that the future of Oxwall is very bright

I realized that I was gambling on a young technology that was going to have issues, but I also saw that there was a passionate and dedicated team that was honestly working as fast as they could to improve the software. 

I figured that I could fill in most gaps with third party plugins, which I have.  I can also hire a PHP guru to code the plugins that I need and don't have yet.

I also felt secure in knowing that Skalfa has the back of Oxwall.  Skalfa's betting on Dating Sites, but they need Oxwall to succeed in order for their dating solutions to work (at least that's my guess, and it may be wrong)

I'm glad that I picked this team and technology and I think others would be smart to make the same choice.  A vote in favor of Oxwall only makes this community stronger.
The Forum post is edited by Tom Oct 17 '12
Purusothaman Ramanujam

Quote from Tom - the support team is very responsive (helpful responses in hours, not days) - and the user community has very little complaints (compared to other solutions).

We could understand that you are new :)

To be frank, Oxwall needs to follow "open culture" in development. Currently no public code repository, no central bug tracking system.. Have spoken about this a lot of time but with failure.

BTW, Oxwall is great in terms of its existing features. You will not regret on that for sure.
Den Team
Den Oct 17 '12
Quote from Pete I think if we had a better capcha system this would help to deal with these bots ,the capch type were you can add questions like 4+00000 = 

Unfortunately, captcha doesn't prevent any serious spam activity at all. There are tons of WEB resources which provide you with services to avoid captches on site. You should leave it on site as a basic antispam tool only, not more. 

But wait, Pete, this isn't the right place to discuss antispam strategy. Please, create a separate topic to discuss it deeper.


@Tom
Thanks for sharing your experience with Oxwall. Your words are really important for our team and community. They just confirm that we are on the right way and should move on.


@Purusothaman

I'm totally agree with you. "Open culture" is the next step of Oxwall evolution by involving other developers and contributors into the process. And we should hardly prepare to make the step smoothly and to don't lose control of the product. As that could really destroy it. We are to perform it as accurate as possible even if it requires additional time spending.To be honestly, if the public repo will be open tomorrow, then Oxwall became uncontrolled. Different contributors will be able to commit different code, without any quality approval and affordable developer manuals, interface guidelines and etc. We just don't have enough resources right now to perform it to start in a proper manner. And these are common troubles for a small team which works on an Open Source product hard and prefers to sacrifice time in favor of the quality of product. We just have to finish the current iteration to start to move on.
And great Thanks to the community which connects more and more users around Oxwall, contributes on product and helps each other to sort specific questions. 

The Forum post is edited by Den Oct 17 '12
Tom
Tom Oct 17 '12
Purusothaman - Den just proved my point by responding within hours of my late night post.  Has he been able to address all the issues you would like to see fixed in 7 hours?  No.  But he has provided a courteous, straight forward and frank answer.  This is the norm for the Oxwall team.  I know that they're not able to get to everything right away, but this has provided You personally with an opportunity to make money.  I spent $40 buying five plugins from You yesterday.  It's interesting that you're not more grateful for the opportunity Oxwall gives you for making money.  I would think you would want to support and promote this community that you are such an active part of.

If you would like to see Really Angry users with an unresponsive and discourteous support team, go browse the Dolphin forums.  That played a Huge factor in my decision to choose Oxwall.  I know Dolphin can do more, but I'm glad my money is with this team and this technology.

p.s. - I'm really grateful for your plugins too.  They are essential!  Thanks!! :-)
The Forum post is edited by Tom Oct 17 '12
Purusothaman Ramanujam

Quote from Tom I know that they're not able to get to everything right away, but this has provided You personally with an opportunity to make money.
They do make money out of it from the hosted solutions that they provide. It does not mean if they provide me an opportunity to earn money they are the best. All comments and suggestions said by all is to improve Oxwall.

Quote from Tom It's interesting that you're not more grateful for the opportunity Oxwall gives you for making money. I would think you would want to support and promote this community that you are such an active part of.
Grateful? Let us see how grateful you are going to be when you post your issues here and waiting for your answers? :P  I would request you to view other forums post (not just yours) and see how many does not have any reply from Core team.

I have contacted Oxwall core team for improving several things which I said I can do for Oxwall on my own as they say Oxwall team is busy. They reply for that, but I never got a solid solution.

If you would like to compare Oxwall with Dolphin, I would also like you to compare Oxwall with ELGG. Their team size is just 2 and see how they are open ( open as in open repository, bug reporting) and their support in the forums.

I am saying all this to improve Oxwall and its not that I am not grateful to Oxwall? BTW, why should I be grateful? :D

Pages: 1 2 »