MU/UL/RG/etc use custom script coded by themselves.
People talking sh*t about YS seem to forget about some heavy security issues on XFS. Remember the affiliate cookie jacking drama? :facepalm: Remember the CSRF exploit on payment infos form where hundreds of uploaders got their incomes stolen? :facepalm:
Plus there still are retarded things on XFS script like that ridiculous/useless plaintext captcha :facepalm:
Greedy SibSoft charging 200$ for compiling nginx from source with a few extra modules and a few extra lines in the conf files :facepalm:
If YS script was sold 1k$, nobody would doubt about its reliability, but since it's only 100$ everyone is suspicious :facepalm: Keep feeding SibSoft sheeps :facepalm: Disastrous perl script :facepalm:
Keep up the good work YS, it's a great script so far. From what I see, the only thing missing is the ability to ftp upload without having to run a php script rightafter to move/process the uploaded files. You'll need more than php to achieve this. Hats off to you for selling it open source code, that's huge.
What's up about that "cookie jacking drama" - we're not aware of it. But the only CSRF found was fixed immediately.
Every software product contain vulnerabilities and that's matter of time when they will be found. Most important how fast you will fix it and inform your customers.
You mention text captcha 2nd time on WJ, what's your problem with it? There are 3 more captcha types to use (default GD image, solvemedia, recaptcha). Surprisingly, but it's being used by some people.
Also not sure why our pricing bother you so much - you're free to create your own script and sell it even for $1 and then support it for free, that's fully up to you.
You seems to be very jealous of xfilesharing for some reason. Better tell everyone what happened with your self-written script and why did you closed your file sharing site?
__________________
Added after 3 minutes:
but when it comes to real life usage and high load - fails
With what information can you back this up? We have people coming to us daily saying they've had enough of xfilesharing (specifically the support) and migrating their sites to us.
We can tell absolutely the same
But plus performance problems. You just recently read about
XAccelRedirect and implemented (or maybe cloned) it in your last version, while we were using it for years already.
It was exactly the same for the post you've quoted from businesscat. He tried to claim our script was insecure just because it was being shared on nulled forums - I don't see the logic in this given we supply the source code with the script. Sharing it doesn't make it insecure... xfilesharing on the other hand encrypts some of their code, who knows what code they have in there. I know that if I purchased something I'd want to have access to every piece of code.
Maybe that's like "if you can't protect your own script from copying all over the net, then how your script can protect our users and their data"?
Here's an example, did you know for instance that xfilesharing passwords are reversible? So given the key from the code and the database all of your users passwords could be reversed. Not good if your server gets hacked! Look at any good password security advice online and they'll tell you NEVER to store passwords in reversible format, it's a huge risk for your users. YetiShare uses industry recommended SHA256 with PBKDF2 for password storage. It's one-way encryption so even if someone does hack your server and get the database, it would be nearly impossible to figure out the passwords. It's the same technology lastpass use to store their user data -
https://helpdesk.lastpass.com/account-settings/general/password-iterations-pbkdf2/.
This is just 1 example the security we've considered in YetiShare.
First of all, that has been changed already.
Second, if intruder already got password hash and password key - then that means that he've got access to entire host AND db data, which means that you've been f***d up and in file sharing business, passwords is not the worst thing which may leak.
Unfortunately this thread turns into the flame/butthurt one with 1-post users and other funny tricks (we would not be surprised if that would be adam/simon clones, knowing the methods of promotion they use). We do not see any reason to participate in it any more. If anyone will have any questions - feel free to PM or contact us on our site.
