Hello,

I'm making this topic to just say that I really think that files that are posted by users shouldn't be available for download right away. I believe this is really unsafe. I think files should be verified or something before they are available for download. Someone can easily put a virus into a download. I also know that trusted users like FinKone, Black Jesus, etc... oh & of course LCPDFR Staff wouldn't try to do that. GTA5-Mods.com also does this because of the malware in the Angry Planes Mod and the No Clip Mod I think it was that was posted onto their site and many users had their information stolen and obviously a virus on their PC. I don't know if virus scans would help because someone can easily use Crypter to hide a virus. 

 I agree 100%! It's unfair for the kid living in their parents' basement to give us a virus for something to good to be true. I think the LCPDFR staff should implement this feature very soon. 

Hello,

I'm making this topic to just say that I really think that files that are posted by users shouldn't be available for download right away. I believe this is really unsafe. I think files should be verified or something before they are available for download. Someone can easily put a virus into a download. I also know that trusted users like FinKone, Black Jesus, etc... oh & of course LCPDFR Staff wouldn't try to do that. GTA5-Mods.com also does this because of the malware in the Angry Planes Mod and the No Clip Mod I think it was that was posted onto their site and many users had their information stolen and obviously a virus on their PC. I don't know if virus scans would help because someone can easily use Crypter to hide a virus. 

I think that right after the malware in NoClip and Angry Planes was discovered, LCPDFR.com had a security upgrade/update (?), just like GTA5-Mods.com.

I think that right after the malware in NoClip and Angry Planes was discovered, LCPDFR.com had a security upgrade/update (?), just like GTA5-Mods.com.

If you want to post a file on GTA5-Mods, you need to wait until it's verified by a moderator. On LCPDFR, you can download it right away so I don't really think there is a lot of "security" to be honest.

Files always used to be manually checked by a staff member prior to approval, however many users complained that it took too long for their files to be approved, so an automatic system was implemented. I'm not sure if this system is working correctly since the update to IPB4 though. Cyan, or another member of management will have to clarify on how it all works.

We have automatic scans for viruses before a file is visible to the public, and we (the staff team) go through the downloads section every day looking for files that are out of place, uploaded incorrectly or otherwise not suited for LCPDFR.com. We also rely on members making reports against files that are wrong, so we can speed up the process. 

Files always used to be manually checked by a staff member prior to approval, however many users complained that it took long for their files to be approved, so an automatic system was implemented. I'm not sure if this system is working correctly since the update to IPB4 though. Cyan, or another member of management will have to clarify on how it all works.

Exactly this. If an author needs to push out a minor update to fix a game breaking error, it could take days to verify. Perform a virus scan on the virus yourself if you think people will try to infect you. From an author's standpoint, I HATED the manual verification system. It was extremely inconvenient, and was a pain to make any minor changes. If a file has a virus, it's often removed rather quickly once someone discovers it.

We have automatic scans for viruses before a file is visible to the public, and we (the staff team) go through the downloads section every day looking for files that are out of place, uploaded incorrectly or otherwise not suited for LCPDFR.com. We also rely on members making reports against files that are wrong, so we can speed up the process. 

But as I said, Crypter can easily hide viruses.

Hello,

I'm making this topic to just say that I really think that files that are posted by users shouldn't be available for download right away. I believe this is really unsafe. I think files should be verified or something before they are available for download. Someone can easily put a virus into a download. I also know that trusted users like FinKone, Black Jesus, etc... oh & of course LCPDFR Staff wouldn't try to do that. GTA5-Mods.com also does this because of the malware in the Angry Planes Mod and the No Clip Mod I think it was that was posted onto their site and many users had their information stolen and obviously a virus on their PC. I don't know if virus scans would help because someone can easily use Crypter to hide a virus. 

GTA5-Mods had manual approval also, before the incident. It didn't help. 

Quite frankly what they did was pretty undetectable. They hadn't shipped those files with a virus. They had shipped it with a feature that allowed them to automatically download and execute a binary. This looks like auto-updating software, and when encrypted, looks pretty legitimate and hard to detect. None of the automated virus scans helped, no manual approval process helped.

When they then abused this functionality to send a virus, that's when virus scans would have then worked (or resident scans).

There's very little you can do about this, or that we can do about this. Be cautious downloading script modifications from unknown authors.

But as I said, Crypter can easily hide viruses.

Crypters had very little do to with it. The fact of the matter is, at the core, the thing that made it possible wasn't a virus. It was pretty much an automatic update routine.

GTA5-Mods had manual approval also, before the incident. It didn't help. 

Quite frankly what they did was pretty undetectable. They hadn't shipped those files with a virus. They had shipped it with a feature that allowed them to automatically download and execute a binary. This looks like auto-updating software, and when encrypted, looks pretty legitimate and hard to detect. None of the automated virus scans helped, no manual approval process helped.

When they then abused this functionality to send a virus, that's when virus scans would have then worked (or resident scans).

There's very little you can do about this, or that we can do about this. Be cautious downloading script modifications from unknown authors.

Crypters had very little do to with it. The fact of the matter is, at the core, the thing that made it possible wasn't a virus. It was pretty much an automatic update routine.

Not just talking about how the authors used a Crypter to hide the malware from Angry Planes & the No Clip mod. It can be used for anything here on the site, such as a simple script.

Hello,

I'm making this topic to just say that I really think that files that are posted by users shouldn't be available for download right away. I believe this is really unsafe. I think files should be verified or something before they are available for download. Someone can easily put a virus into a download. I also know that trusted users like FinKone, Black Jesus, etc... oh & of course LCPDFR Staff wouldn't try to do that. GTA5-Mods.com also does this because of the malware in the Angry Planes Mod and the No Clip Mod I think it was that was posted onto their site and many users had their information stolen and obviously a virus on their PC. I don't know if virus scans would help because someone can easily use Crypter to hide a virus. 

Fine the way it is

Fine the way it is

Not really, but that's your opinion.

With a Moderation team of only about 10 people, that also have real lives and have other jobs around the forum. I believe it would be too much for the team if they were to verify EVERY single file in the downloads section, unless there was a dedicated team to verify them. The moderators time could be invested into things such as support, update testing perhaps? and many more things. 

Shortened: Staff have a lot to do already, they would not be able to sustain a peaceful environment if they had to verify every file.

Thats what I think.

Edited June 29, 201510 yr by lcpdUnit22

Not just talking about how the authors used a Crypter to hide the malware from Angry Planes & the No Clip mod. It can be used for anything here on the site, such as a simple script.

And how then, would manual approval help?

And how then, would manual approval help?

Does he expect the moderators to fully check every single file to check every line of code?

I am sort of confused...

With a Moderation team of only about 10 people, that also have real lives and have other jobs around the forum. I believe it would be too much for the team if they were to verify EVERY single file in the downloads section, unless there was a dedicated team to verify them. The moderators time could be invested into things such as support, update testing perhaps? and many more things. 

Shortened: Staff have a lot to do already, they would not be able to sustain a peaceful environment if they had to verify every file.

Thats what I think.

About 2-5 files are posted per day so I don't think it's a big deal. And they don't need to do every file from the past they can start now.

Edited June 29, 201510 yr by NewYorkStatePolice

And how then, would manual approval help?

I don't know, just saying that it's very easy to upload a virus on the site.

This is the exact same situation as with TSA checks on the airports - won't stop terrorists and will only hinder law abiding citizens.

I used to be a moderator, and file approval was a chore. Almost every file was approved anyway, save for those that didn't adhere to the Community Guidelines, and those were but a fraction of all files. LCPDFR is a small site - we tend to have more high quality mods from reputable authors, as opposed to GTA5-mods, which is full of gems buried under a load of crap.

Besides, the only mods that can contain viruses are script mods. You can't hide a virus in a texture, model or a text file (.dat, .meta, etc.). And if somebody were to upload a virus executable or .dll, it would have been picked by the automated scan anyway, while script mods that download the virus later (as was in the case of AngryPlanes and NoClip) wouldn't be detected by any anti virus scanner.

Edited June 29, 201510 yr by Yard1

About 2-5 files are posted per day so I don't think it's a big deal. And they don't need to do every file from the past they can start now.

What if there was a massive breakthrough in GTA V modding and the LSPDFR API was released and people went ham with mods and uploaded about 50+ files a day, how would the moderators cope with everything else?

I don't know, just saying that it's very easy to upload a virus on the site.

How is it 'easy' to upload a mod to this site that contains malware when there is a automated scanner? It may not get 100% but then, reports happen from the many, many members on the website, mods are alerted by the reports and then the file is removed by staff.

We tend to have more high quality mods from reputable authors, as opposed to GTA5-mods, which is full of gems buried under a load of crap.

This.

What if there was a massive breakthrough in GTA V modding and the LSPDFR API was released and people went ham with mods and uploaded about 50+ files a day, how would the moderators cope with everything else?

How is it 'easy' to upload a mod to this site that contains malware when there is a automated scanner? It may not get 100% but then, reports happen from the many, many members on the website, mods are alerted by the reports and then the file is removed by staff.

This.

50+ files a day? Yeah lol like that would happen.