I run TWITforums.com and someone else started TWITAddicts.com running on PHP Fusion. People there hate the forums and they talked to me about working together. The catch is they want Full Access to my files so they can hack them so that they can really customize it (also want to be full admins). They want to hack it to have the users from VB be intergrated into there comment system, Shoutbox etc. I don't know they. They are 16 with a 16 year old budget.

I said I could give them full template access, but not file access as it could be a license violation. If I am correct, with VB 3.5, to fully hack VB, you won't need file access, just AdminCP access, is this correct? My concerns are them taking the DB (unlikely, but still), copying the files etc.

I suggested with VBCMS (when is it going to be going to alpha stage?) that I would buy it, then host there site for free and I would be able to control all the files for security, while them managing their site fully.

What should I do? I have been taken before, but got out in time (when my gut went bad) aka before anything beyond talking happened. The other time was the Mac Revolution crap which was really bad (sponsered my site).

Advice please?

I wouldn't just give them full access either.

Yes, vBulletin 3.5 lets you use a hooks/plugins system to include code, without modifying the files.

You'd most likely still need to give them access to a copy of the files though, as they'd have to know how to work with them.


Also, as they can input php code through the files, your database and files would still be at risk, even through the hook system.

It sounds to me that you ought not to allow this other site full access to your forums... the fact that they have asked for this implies, to me at least, some deceipt.

I would only allow full access to your forums to people you trust implicitly and to who you know will only ever have your sites interest at heart; eh Colin...http://images.vbulletin.com/images_vb3/smilies/wink.gifhttp://images.vbulletin.com/images_vb3/smilies/wink.gif

PS: for me, Colin is one such person....http://images.vbulletin.com/images_vb3/smilies/smile.gif

i wouldnt give my best friend full access to my site (mostly because hes a code illiterate puke) and i trust him with my life. (its a military thing)

Likewise, i may give my best buddies my life but i wont give him an access.

I wouldn't give them access to anything, you barely know them...

Also, with access to the control panel and files, they can simply run the following query:

DROP DATABASE 'yourdbnameinconfig.phpehere'

Giving someone access to the vbulletin control panel is not fundamentally different from giving them access to the files. Its harder to do damage but still possible.