Skip to:
Content
Pages
Categories
Search
Top
Bottom

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)

  • Arrogance is Bliss
    Participant

    @arrogance-is-bliss

    Gotta love the dedication of BuddyPress community.


    Arrogance is Bliss
    Participant

    @arrogance-is-bliss

    There are a few different social networking platforms out there and someone coming up with a safe way to integrate one or more of them with WordPress (or visa-verse) would be a welcomed development, in my opinion. However, a ‘plugin’ like GRA4 that takes unsuspecting members from WordPress sites and opens the WordPress site owner(s) up to potentially (MAJOR) security and privacy issues (as well as hosting and server violation issues) is not a plugin. It is a dangerous interface that WordPress webmasters would be well advised to stay away from.

    One thing to consider when allowing a ‘plugin’ to use a remote server is, you can not know the intentions of the people on the remote server. Once that avenue is opened, a site can be vulnerable to many things unseen and unimagined.. That is Dangerous.. Unfortunately, a lot of people using WordPress do not look at code. Even if they did, they don’t know how to spot potential dangers. As website developers, webmasters, and the like, we do have a responsibility to those who use our websites, to be careful of providing something that could violate the rights and privacy of our users as well as open our own servers and/or hosting, to unsavory and malicious intruders.

    It pays to ask questions, @lunchgirl thanks for doing so. I wasn’t aware of gra4 until I saw this thread and @mercime pointing out that it isn’t available in the Repository anymore caused me to want to know what it did. So, I looked it up and found that they are attempting to infiltrate several different and independent platforms. If anyone uses those other platforms or knows someone who does, I would let them know about that plugin (or in the case of some, it’s a drop-in). It is still available in those other platforms and shouldn’t be. Please spread the word..


    Arrogance is Bliss
    Participant

    @arrogance-is-bliss

    Interesting ‘plugin’ that GRA4.. it is a connection to their website. A little more than phoning home. Your members get included into their website. Wherever their ‘plugin’ is activated, all the members show up on all the other websites. They have a plugin for oscommerce, phpbb and wordpress and they are working on a plugin for drupal. All members are gathered to their website and you have NO admin privileges. You have NO control over the content on the website and I don’t know for sure, but I think there could be some major security (and privacy) concerns for all of your website members.

    They don’t tell you straight out that you aren’t adding functionality to your WordPress website, they are providing a portal to their website, which shows up on your website making it appear like it’s your website. Quite crafty. – A FACADE-

    They are using ‘elgg’ social software on their server. They authenticate using cookies and they secretly provide your website with a ‘secret key’ and their coding changes the .htaccess rewrites for your website to redirect your members to their website. The page they tell you to add, is the same name as the directory of their plugin and the rewrite for permalinks makes it appear that your members are looking at a page, but they are looking at another website. The shortcode they tell you to put on the page you create for their plugin calls the function that imports the data from their website to display on that page. So, basically.. it’s an interface with their website gra4.com. Their website shows up on an ip address in the United States, but they are Russian (no prejudice, just an observation), to share the information. Part of their coding calls a another website virturossiya.org/c (which shows up as ‘GRA4SetConfigValue(‘GRA4_remote_url’… in one of the files. That website also shows up on an ip in the USA, but the page title is in Russian and the favicon is a red star. (looking at that last domain name I can see ‘virtual russia’).

    In conclusion, from my perspective, it’s a scam. You do NOT get your own social network with their ‘plugin’, you get to include your members into their website, without your members knowing it.. I don’t think that would be consistent with the spirit of WordPress or BuddyPress. I would stick with BuddyPress or one of the other true WordPress plugins that provide social networking within WordPress, unless you want to find yourself answering questions you have no answer for sometime in the future.. Let alone the risk of your own website and hosting information somehow being hacked. The concern I have is, if they are being honest, why hide all of this from WordPress users of their plugin? With their obvious ability to rewrite and redirect, who knows (really) where your website and member information is going?

    If they do get back into the WordPress Repository, I would really be careful of these people. Always check to see if a plugin requires a connection with remote servers before you consider using a plugin.

Viewing 3 replies - 1 through 3 (of 3 total)
Skip to toolbar