Welcome, Guest. Please Login or Register.
November 23, 2024, 12:33:30 PM
Home Help Search Log in Register
News: If you are still using YaBB SE, please consider upgrading to SMF as soon as possible.

YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  SECURITY FIX! Users using any version prior to 1.5.1 « previous next »
Pages: 1 ... 8 9 [10] 11 12 Reply Ignore Print
Author Topic: SECURITY FIX! Users using any version prior to 1.5.1  (Read 99667 times)
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #135 on: February 10, 2003, 04:56:36 PM »
Reply with quote

It's amazing how rude people can be...I went to a site that was hacked suggested to upgrade to fix it and got this reply:

"Your logic = screwed the f up"

Yes, lovely :)
Logged

Omar Bazavilvazo
YaBB SE Developer
YaBB God
*****
Posts: 2153


I never said I would stay to the end...

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #136 on: February 10, 2003, 05:05:18 PM »
Reply with quote

Quote from: Jeff Lewis on February 10, 2003, 04:56:36 PM
It's amazing how rude people can be...I went to a site that was hacked suggested to upgrade to fix it and got this reply:

"Your logic = screwed the f up"

Yes, lovely :)

Remember is OUR fault, they didn't came here after receiving 10 emails, and never applied the fix....

* Omar Bazavilvazo is being sarcastic...
Logged

Greetings from México!
http://omarbazavilvazo.com
Mi foro Español-Japonés
http://hablajapones.org
http://hablajapones.org/index.php/japones/tutoriales/b16.php

NO me manden IM para soporte o dudas
...Leo los foros como todos...
ax2graphics
Noobie
*
Posts: 2


This is my personal text.

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #137 on: February 10, 2003, 05:54:24 PM »
Reply with quote

I blame no one but myself....!

Just to make sure THIS was the problem.. is it possible that through this hole, the hacker could replace my index page? Now, keep in mind, none of my MySQL passwords OR usernames are duplicated throughout my site configuration.

Logged
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #138 on: February 10, 2003, 06:12:39 PM »
Reply with quote

Yes they could and that's how they replaced our index page here before we fixed it here  :-X
Logged

Alex Rolko
Almighty
Global Moderator
YaBB God
*****
Posts: 4624


Fury of Me

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #139 on: February 10, 2003, 06:28:28 PM »
Reply with quote

Were really annoyed with these people who are hacking these forums.
Logged


ThinkGeek.com Wishlist | Just call me Xander...
I'm sorry but I don't answer support requests
Spaceman-Spiff
Mod Team
YaBB God
*****
Posts: 3689


My $txt[228]

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #140 on: February 10, 2003, 08:31:31 PM »
Reply with quote

Quote from: rickc on February 06, 2003, 12:27:04 AM
I run 1.41 with the  • Expand • Collapse
mod that yipsir (I thinks thats his name)
wrote. How long should I wait b4 upgrading??

wait no more: http://www.yabbse.org/community/index.php?board=158;action=display;threadid=12045
Logged

   My mods, ysePak, codes, tutorials
    Support question IMs = bad.
luisr
Full Member
***
Posts: 120


Left blank to save space.

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #141 on: February 12, 2003, 12:27:45 AM »
Reply with quote

Hi there!  I just got this e-mail from my web host:


QuoteHello,

Recently we have become aware of a security risk to your hosting account and web site.  Your site is using a bulletin board system called YaBB SE.
This software causes your web site to become vulnerable to outside attack and would allow a malicious user access to the server to modify or even erase all content on your site, including email and log files.  Some of our customers have already been attacked.
We are aware that the publisher has recently released an updated script for this program, however we are not sure that this new release has resolved the security issue.  Therefore, we strongly recommend that you take down your bulletin board system until this security issue has been resolved.

For more information regarding this issue, please visit:
http://online.securityfocus.com/bid/6663/info/

To go to the publisher's site, visit:
http://www.yabbse.org/

Please let us know if you have any further questions or problems.


Sincerely,

Justin
TierraNet Support
[email protected]
---------------------

They say that they are not sure that this vulnerability has been fixed by the patch.  And they are suggesting me to take down my board.  I replied telling that I can not take it down just like that but I removed the Packages.php script as a temporary solution.

I have never dealt with this packages thing and the board seems to run normally without this script.  Is this temporary solution good enough?  I am waiting for the official 1.5.1 release before I update.  My board currently runs 1.3.1.

By the way, the suggestion way many message ago about using the XML file for this kind of announcement in the admin area won't necessarily work for everyone.  I don't visit my admin area often.  The e-mails did the job quite well.

Finally, I will suggest something that may offer some degree of protection, at least from hackers using search engines from finding your board.  There is a way to tell search engine spiders and robots what places in your site are off-limits and should not be indexed.  This is done by putting a file called "robots.txt" in your root web directory.  This file contains a series of instructions that tell spiders and robots not to look at specified directories within your web site.  It looks like this:

User-agent: *
Disallow: /cgi-bin/

The first line means that this robots.txt file is means for all user agents (hence the *).  The second line means not to look into the contents of directory cgi-bin.  You add one of those for every single directory you wish to prevent from being indexed by spiders and robots.  My sites have these disallowing folder containing information that can be harvested by spammers such as e-mail addresses from guestbooks and discussion boards.

Just put your YaBB SE directory into one of those and this will at least make it harder for hackers to find your board by just using a search engine.

Of course, this has a cost.  If you DO REALLY WANT that your board appear in search engines, then this is not a solution.  In my case, having the root site URL appear in most search engines is enough for me.
Logged
firewired
Noobie
*
Posts: 27


Every little thing SE does is magic...

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #142 on: February 12, 2003, 01:07:43 AM »
Reply with quote

Yup, I'm expecting a similar message from my host soon regarding YaBB SE. PinoyDVD.com was hacked yesterday and it felt like we were playing ping-pong with the "invaders" before we learned about and were able to upload the patched file. The front page was changing every 5 minutes! Everytime we'd correct it, they'd immediately hack it.

My host ended up having to reboot the server to keep them out. They were as worried as we were, probably more so because they weren't familiar with YaBB SE.
« Last Edit: February 12, 2003, 01:23:38 AM by firewired » Logged
mikkom
Noobie
*
Posts: 3


*Blib*

Mass deface
« Reply #143 on: February 12, 2003, 07:30:15 AM »
Reply with quote

I have been studying my logs and it seems obvoius that these crackers are using a mass deface program that automatically searches for yabb boards and defaces them.

Visit http://www.vulnerabilidades.hpg.ig.com.br/index.html
I haven't unpacked those packages but you can propably find the code that attackers used there.

Also, a php terminal and another backdoor was installed to my computer after an attack,  for more information visit http://www.madmonkey.net/page.cgi/index?areaID=100&newsID=439

the attacks came from dialup of brazilian web operator, I sent them notification about attack but no replies..
>:(
« Last Edit: February 12, 2003, 07:48:09 AM by mikkom » Logged
Michele
Beta Tester
YaBB God
*****
Posts: 584


I can't wait for YaBB SE 2!

Mad+Moya WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #144 on: February 12, 2003, 04:54:58 PM »
Reply with quote

At this point, I'm backing up my site everyday, including the database. My logs show someone's been trying to get in for the last 4 days, but so far, so good... don't think it's' the Brazilians though. ;)
Logged

formerly Mad Moya
PfaBB - http://pfabb.lunabyte.com
PioneeR
Llama Hunter
YaBB God
*****
Posts: 767


Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #145 on: February 12, 2003, 06:57:12 PM »
Reply with quote

I have had a few weird errors in my logs also... someone seems to be trying to get access to the admin account. I just ban the IP just in case.

Have applied the fix last week.
Logged
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #146 on: February 12, 2003, 07:06:34 PM »
Reply with quote

People really should be repairing their installs or there is a very strong possibility of being hacked, this is why we announced this several times aready.

I guess we have to thank Matt Siegman for this hole ;)
« Last Edit: February 12, 2003, 08:01:29 PM by Jeff Lewis » Logged

gingerfire
Noobie
*
Posts: 8


OK, I'm coming.

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #147 on: February 12, 2003, 10:26:01 PM »
Reply with quote

I'm a registered user of YaBB SE, but I never received an email about the security fix.  Fortunately, I was still trying to get the board up and running, so there was no link to it from my website and I was checking the forum often (1st board).  

But please be aware that not all registered users received an email for whatever reason.
Logged

gingerfire
oldford
Jr. Member
**
Posts: 91


WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #148 on: February 19, 2003, 05:34:18 AM »
Reply with quote

Should this fix maybe be implemented in all the files in the download section? I just upgraded to 1.4 and still had to make this fix by hand. Wasn't a big deal and only took a second, but I almost didn't check because I assumed that it would have been fixed.

Just a thought.
Logged

Spaceman-Spiff
Mod Team
YaBB God
*****
Posts: 3689


My $txt[228]

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #149 on: February 19, 2003, 05:41:54 AM »
Reply with quote

a better way is to upgrade to 1.5.1RC1
Logged

   My mods, ysePak, codes, tutorials
    Support question IMs = bad.
Pages: 1 ... 8 9 [10] 11 12 Reply Ignore Print 
YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  SECURITY FIX! Users using any version prior to 1.5.1 « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.045 seconds with 20 queries.