Forumfoundry.com . . . Why???

Chadeaux

Gold Member
Sep 13, 2011
5,512
6,408
Southeast Arkansas
Detector(s) used
Ace 250
Primary Interest:
Cache Hunting
I learned a few minutes ago that --- despite the fact that VBulletin does not require scripts from Forumfoundry.com to run ( I have a friend who admins a couple of VBulletin boards ), for some reason the administrators here have decided that we must allow scripts from forumfoundry.com to run in order for posts to show correctly.

If you have "Noscript" enabled ( a firefox addon that helps protect your from some unwanted driveby downloads, etc. ), you will need to use HTML markup to show silly things like "carriage returns".

You will also not have all the options (text formatting, etc.) enabled when you make a post.

My question is, since I don't see this bit of privacy invading software running on my friend's VBulletin forums, why is it running here ---- more importantly, what information are you gleaning?

Do they log keystrokes or something? All of the other forums work well without that script. All formatting options are available all of the time. Just seems really weird that it affects how the board works.
 

Last edited:

boris

Sr. Member
Dec 17, 2011
468
92
Cape Cod
Detector(s) used
tesoro stingray
Primary Interest:
Beach & Shallow Water Hunting
It's soto domething with cookies, like 77 sunset striper I eat my cookies.
 

OP
OP
Chadeaux

Chadeaux

Gold Member
Sep 13, 2011
5,512
6,408
Southeast Arkansas
Detector(s) used
Ace 250
Primary Interest:
Cache Hunting
Nope, it is doing a bit more than working on cookies. It is a javascript run from their server apparently that allows you to choose the size of a font or use normal BB code for posts. It is unnecessary bit of coding that other VBulletin sites don't need for operation. I don't think any one is using it maliciously, but I can't get a straight answer from the author, so thought I would ask here.
 

JohnDroid

Administrator
Staff member
Feb 1, 2012
1,110
579
Austin, TX
Primary Interest:
All Treasure Hunting
Chadeaux,

We are running vBulletin 4 -- it's quite a bit different then vBulletin 3 (much newer and more advanced) and as such, requires Javascript. There's nothing "weird" about it... many sites require javascript for full functionality and we are no different.
 

OP
OP
Chadeaux

Chadeaux

Gold Member
Sep 13, 2011
5,512
6,408
Southeast Arkansas
Detector(s) used
Ace 250
Primary Interest:
Cache Hunting
Ah, ok. Went to my registrar's Whois info and found out that the same person who is the registered owner of Forumfoundry.com is the owner of Treasurenet.com . . . so that would account for the "scripts" and "cross scripting" that upsets my browser so much.

So, Ken, why the cross scripting? I am not accusing anyone of recording keystrokes, I read the js file from the server and didn't see anything that I recognized as doing so, but it even runs when typing "personal messages".
 

JohnDroid

Administrator
Staff member
Feb 1, 2012
1,110
579
Austin, TX
Primary Interest:
All Treasure Hunting
Ah, ok. Went to my registrar's Whois info and found out that the same person who is the registered owner of Forumfoundry.com is the owner of Treasurenet.com . . . so that would account for the "scripts" and "cross scripting" that upsets my browser so much.

So, Ken, why the cross scripting? I am not accusing anyone of recording keystrokes, I read the js file from the server and didn't see anything that I recognized as doing so, but it even runs when typing "personal messages".

We use a CDN to speed up the site. The CDN requires us to use a domain name to serve it from. In addition, we use cookies on this site -- so if we used a domain, ie, cdn.treasurenet.com -- all the files served by that host would get "cookied" -- so we serve them from a different domain that doesn't cookie the files. It's mainly a thing to speed up the loading of the site. We serve as much static content from the CDN as we can to be as fast and as optimized as we can. The service we use for the CDN is maxcdn.com -- which is where that cross scripting host points to.

So mainly, it's to serve these pages to you as fast as possible ;)

More info here: Serving Static Content from a Cookieless Domain - Ravelrumba by Rob Flaherty

Edit, 99% of the time you would not even know about these files being loaded from a different host unless your security settings are REALLY strict. Too strict, because most large sites (google, facebook, yahoo, etc) do the same thing.
 

OP
OP
Chadeaux

Chadeaux

Gold Member
Sep 13, 2011
5,512
6,408
Southeast Arkansas
Detector(s) used
Ace 250
Primary Interest:
Cache Hunting
Thanks for the reply. Yes, my security settings on this network are VERY strict . . . important when you have personal info of thousands of people.

As a result, we block cross scripting because a few sites have used it in the past to "update" some of our computers or install software they thought we just couldn't live without.

BTW, the site DOES load much quicker than it used to. Nice job.
 

Top Member Reactions

Users who are viewing this thread

Top