- Sep 28, 2018
- 442
- 2,142
Super TIP: Anon has several servers you can see the different numbers on the DL link, if one doesnt work just refresh the download page and a new server will be selected, some are faster than others.
Collection Mod Unity Virt-A-Mate Mod Assets: Clothing,Environments,Objects,Scenes,Looks,ect.
- Thread starter H8tXtract
- Start date
- Status
Amadeus3D
Member
- Apr 9, 2020
- 220
- 1,009
That's because there aren't any. If you read my first reply, I said that you ARE NOT likely to find his stuff here.
A question: what is stopping someone from releasing a 'free' version of patreon content here, where one of it's dependencies on vam hub contains a malicious file delete command, whilst the 'genuine' patreon version would not ask for that dependency?
Wouldn't this mean even if the content uploaded here doesn't contain the malicious command itself, it could still lead you to dependencies on the vam hub which could contain it, especially if you use the vam hub tool inside the vam application to automatically download missing dependencies?
For example:
A troll uploads what they claims is a patreon paywalled scene here, but the version they upload asks for an additional free dependency that can be downloaded off the vam hub, lets say it's called 'Hair2'. This additional dependency could contain a malicious cs file that would be automatically loaded by the troll scene once installed.
The dependency might have some vague description and some crappy images so no person would ever download it except for anyone seeking to download the dependencies required for the troll's scene; and anyone who makes the mistake of using the ingame vamhub tool to automatically download missing dependencies who has this troll scene will unknowingly download this malicious cs file.
I'm asking this question so we don't make this mistake of thinking "It's good enough to just check the cs files downloaded here".
Wouldn't this mean even if the content uploaded here doesn't contain the malicious command itself, it could still lead you to dependencies on the vam hub which could contain it, especially if you use the vam hub tool inside the vam application to automatically download missing dependencies?
For example:
A troll uploads what they claims is a patreon paywalled scene here, but the version they upload asks for an additional free dependency that can be downloaded off the vam hub, lets say it's called 'Hair2'. This additional dependency could contain a malicious cs file that would be automatically loaded by the troll scene once installed.
The dependency might have some vague description and some crappy images so no person would ever download it except for anyone seeking to download the dependencies required for the troll's scene; and anyone who makes the mistake of using the ingame vamhub tool to automatically download missing dependencies who has this troll scene will unknowingly download this malicious cs file.
I'm asking this question so we don't make this mistake of thinking "It's good enough to just check the cs files downloaded here".
but then here there are people who make a lot of requests on all the scenes you want and more and there are those who put the link and download me who only made two requests to neither of them no one answers me ... indeed you tell me that I do not have to post more than once it is not the way this or done the request for vamx 1.4 and nothing of those scenes and nothing mah
The files are not stored as VAR in the custom folder. Can I still run it through or do I have to add something under the settings?
Anyone have a non hostile version that wont nuke our vam installs?Right! And the script deleted VaM content
- Sep 28, 2018
- 442
- 2,142
Just take the dnGREP and scan your files, also backup your vam regularly (you can have a cloud account and just do a sync that doesnt allow delete), the dnGREP config i use is this:
You can set the search for other dangerous code like rd, and notice the Paths to match, we are more, and we are not afraid of some lame ass paywall creators.
We can't stop anyone from posting here or on the hub. The only thing we can do is not to fall to the temptation of opening straight away stuff that we download, scan everything before you open new stuff.
The code only works if you open it through VAM, it doesn't do anything if it just sit on your pc.
I'm kind of wish this will get uploaded to the hub, just to get more exposure to this issue. I want to start a discussion about it on the official discord but I'm afraid everyone will start to say "that's what you get for pirating stuff" instead of focusing on the real security issues...
Vertex66
New Member
- Mar 31, 2020
- 12
- 12
Essential dnGREP looks for any text string you specify, (also in compressed files). Var is a new format to dnGREP, hence you have to specify it in the archive section,.....just make sure you tik the text option above the search box before you search,......
Higha LaBoeuf
Member
- Feb 6, 2018
- 336
- 311
Crazy Moose
Newbie
- Jan 14, 2021
- 22
- 17
Does anyone have A Helping Hand scene from VirtAmateur, Alena and her doll scene from splineVR and/or Bury Futadom - Mocap scene from ClubJulze?
Thanks.
Thanks.
Anon2469
Member
- Jul 13, 2020
- 331
- 1,299
If there is anything you need to rebuild, I can try to help. Here is most of my morph collection. There are a couple of DAZ morphs in there as well. They are just morphs, not var.That what I've also found when I checked the files to see something is wrong but I didn't know what it meant.
Fucking salty content creators, I'm subbed to like 10 and from now on all of them can fuck themself.
Is there anything I can do to restore my shit? I had so much stuff that was orginazied they way I want and stuff that I created for myself
You must be registered to see the links
Appreciate the help man, downloading right now. I will make a list of stuff that I can't find alone once I'm done downloading everything...
You must be registered to see the links
okboomerrrrrrrrrre
New Member
- Jun 2, 2020
- 7
- 3
Sir Digsbey
Newbie
- Mar 7, 2018
- 42
- 73
Someone should write a script that specifically searches for this malicious code without all that ugly bloaty software
I use Total Commander. To check 100GB takes a couple of minutes.
Crazy Moose
Newbie
- Jan 14, 2021
- 22
- 17
Amadeus3D
Member
- Apr 9, 2020
- 220
- 1,009
Now that the cat is out of the bag, there's nothing stopping someone from rigging an unpaid resource and dropping it in the reddit or one of the dozens of VAM discords out there. Just because it first happened on F95 doesn't mean that it will ONLY happen here.
This is a flaw with VAM, and if Meshed doesn't address it, some surly fuckers are going to spread it around just for the lulz.
This is a flaw with VAM, and if Meshed doesn't address it, some surly fuckers are going to spread it around just for the lulz.
Last edited by a moderator:
I'm not talking about a known content creator... what's stopping a random dude from creating a new account on the hub to upload this code under a clickbait title and a shiny picture to attract people (just like what happend here)?
There is nothing that can be done against that atm, stuff on the hub are getting like 100 downloads within 20 minutes so it have the potential to get to wayyy more people.
Also there is no way to give people a quick warning like I did in here
There is nothing that can be done against that atm, stuff on the hub are getting like 100 downloads within 20 minutes so it have the potential to get to wayyy more people.
Also there is no way to give people a quick warning like I did in here
Last edited by a moderator:
Higha LaBoeuf
Member
- Feb 6, 2018
- 336
- 311
moral of the story? check every file you download
- Status