Welcome, Guest. Please Login or Register.
November 27, 2024, 03:22:51 AM
Home Help Search Log in Register
News: SMF is the next generation in forum software, almost completely re-written from the ground up, make sure you don't fall for cheap imitations that suffer from feature bloat!

YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  SECURITY FIX! Users using any version prior to 1.5.1 « previous next »
Pages: 1 ... 10 11 [12] Reply Ignore Print
Author Topic: SECURITY FIX! Users using any version prior to 1.5.1  (Read 99686 times)
lilb
Noobie
*
Posts: 29


Never mess with a 5foot2 readheaded Sicilian!

Re:The Boys from Brazil
« Reply #165 on: February 26, 2003, 06:36:25 PM »
Reply with quote

Quote from: Overseer on February 03, 2003, 03:39:11 PM
Quote from: Reverend Spalding on February 03, 2003, 03:21:38 PM
Looking around at the Nuke community and they too have been hacked by a group of hackers in brazil. Looking for NeoNazis? I thought all of the NeoNazis migrated to Brazil? There's a good discussion on http://www.computercops.biz/ and one guy just decided to update his .htaccess file to deny all of Brazil. I like that idea, because it appears from the thread that the offenders have the cooperation of their hosting IP.

damn.. i never knew that was possible. anyone have a reference they can point me to on this? i have an ex-member i'd like to stop browsing the board full-stop.
Overseer, I thought ya might find the following information useful...always glad to help out when I can.   ;)

Wanna stop file grabbing and email sucking bots?  add this to your .htaccess file:

AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*NameOfBotProgramHere.*$ [OR]
RewriteRule /*$ http://botssuck!/index.html [L,R]


to deny by country:
ErrorDocument 403 http://whereveryousendyour403's/index.htm
<Limit GET>
order allow,deny
allow from all
deny from .countrycode
deny from .countrycode
deny from .countrycode
deny from .countrycode
</Limit>
ErrorDocument 404 http://whereveryousendyour404's/index.html


As for banning by IP, you can do it the same way as with the countrycodes, but I do believe you'll find that in your admin console.  (But, careful when ya do that...we accidentally banned an entire C class of IP's...oops, hehe!)  Also keep in mind that large .htaccess files put a heavy strain on the server's cpu...

Hope this helps!   8)

Logged
Overseer
Sr. Member
****
Posts: 455


Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #166 on: February 26, 2003, 06:50:34 PM »
Reply with quote

wow  :)

* Overseer rubs hands with glee.

.. damn where the devil smiley at? ;)
Logged

I learned that from the G's, a G is an Overseer, the Overseer sees.
More than you do 'cause he gets experienced - Snoop on Daz's OG

Supreme exalted, universal leader, Descendent of the kings and queens, the Overseer
The overlord, cream of the crop, creme de la creme - Gang Starr  Royalty
lilb
Noobie
*
Posts: 29


Never mess with a 5foot2 readheaded Sicilian!

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #167 on: February 27, 2003, 06:34:22 AM »
Reply with quote

ya mean something like this one?    LOL!
Logged
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #168 on: February 27, 2003, 06:42:53 AM »
Reply with quote

There is a hidden smilie built into SE. Type in certain characters and it appears:

>:D
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
lilb
Noobie
*
Posts: 29


Never mess with a 5foot2 readheaded Sicilian!

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #169 on: February 27, 2003, 07:00:11 AM »
Reply with quote

ahhh, and my curiosity is now piqued...
Logged
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #170 on: February 28, 2003, 12:00:53 AM »
Reply with quote

Yep again, a way to stop that spider searching for the Packages.php file:

.htaccess file
AllowOverride None
order allow,deny
deny from all

<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files Packages.php>
order allow,deny
deny from all
</Files>

The first one is more than efficient BUT I was able to still get to the script the second set wont allow a hacker to read the .htaccess file

The third blocks access to the script itself and this fourth one If people have accesss to there raw Apache logs they
can run this

By the way these are crackers in this list.

order allow,deny
deny from 66.147.154.3
deny from 200.221.142.107
deny from 200.180.112.60
deny from 200.228.23.130
deny from 212.159.68.103
deny from 64.140.49.66
deny from 213.241.68.46
deny from 200.149.32.101
deny from 66.109.34.67
deny from 68.36.170.254
allow from all
Logged

iamdamnsam
Full Member
***
Posts: 225


RamchargerCentral.Com

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #171 on: February 28, 2003, 09:36:33 PM »
Reply with quote

Quote from: [Unknown] on February 25, 2003, 12:53:32 AM
I very much recommend going to 1.5.1 if you want full security.

-[Unknown]

That is not an option till a very stable release that is worth the effort for me to hack is out.  My board is exrememely modded, and not with basic mods, almost all mods are custom. I have many features related to my site that run off of YaBB's template system and member base.

So every version before 1.51 is open to hackers?
Logged

[Unknown]
Global Moderator
YaBB God
*****
Posts: 7830


ICQ - 179721867unknownbrackets@hotmail.com WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #172 on: February 28, 2003, 10:11:12 PM »
Reply with quote

Quote from: iamdamnsam on February 28, 2003, 09:36:33 PM
Quote from: [Unknown] on February 25, 2003, 12:53:32 AM
I very much recommend going to 1.5.1 if you want full security.

-[Unknown]

That is not an option till a very stable release that is worth the effort for me to hack is out.  My board is exrememely modded, and not with basic mods, almost all mods are custom. I have many features related to my site that run off of YaBB's template system and member base.

So every version before 1.51 is open to hackers?

Yes.  Please apply as many of the fixes as you can manage.

-[Unknown]
Logged
Tilton53
Jr. Member
**
Posts: 73


I'm a llama!

Re:Security Fix! Users using any version prior to 1.5.1
« Reply #173 on: May 06, 2003, 05:36:23 AM »
Reply with quote

How the hell did the fact that the isadmin came after include let hacker into the website.
Logged
[Unknown]
Global Moderator
YaBB God
*****
Posts: 7830


ICQ - 179721867unknownbrackets@hotmail.com WWW
Re:Security Fix! Users using any version prior to 1.5.1
« Reply #174 on: May 06, 2003, 08:24:14 AM »
Reply with quote

Quote from: Tilton53 on May 06, 2003, 05:36:23 AM
How the hell did the fact that the isadmin came after include let hacker into the website.

Sorry, can't say.  And I'll delete anyone's post who tries.

-[Unknown]
Logged
Tilton53
Jr. Member
**
Posts: 73


I'm a llama!

Re:Security Fix! Users using any version prior to 1.5.1
« Reply #175 on: May 06, 2003, 06:27:35 PM »
Reply with quote

Somebody pls pm me then  why it was so important I am a php newbie and this might help me later!
Logged
Omar Bazavilvazo
YaBB SE Developer
YaBB God
*****
Posts: 2153


I never said I would stay to the end...

WWW
Re:Security Fix! Users using any version prior to 1.5.1
« Reply #176 on: May 06, 2003, 07:12:47 PM »
Reply with quote

just apply the fix, then upgrade to 1.5.2, and all will be working perfect.
Logged

Greetings from México!
http://omarbazavilvazo.com
Mi foro Español-Japonés
http://hablajapones.org
http://hablajapones.org/index.php/japones/tutoriales/b16.php

NO me manden IM para soporte o dudas
...Leo los foros como todos...
David
Destroyer Dave
Global Moderator
YaBB God
*****
Posts: 5761


I'm not a llama!

WWW
Re:Security Fix! Users using any version prior to 1.5.1
« Reply #177 on: May 24, 2003, 05:29:22 AM »
Reply with quote

Everyone should be upgrading to 1.5.3.
Logged

Pages: 1 ... 10 11 [12] Reply Ignore Print 
YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  SECURITY FIX! Users using any version prior to 1.5.1 « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.048 seconds with 21 queries.