Welcome, Guest. Please Login or Register.
November 23, 2024, 03:21:44 PM
Home Help Search Log in Register
News: SMF is the next generation in forum software, almost completely re-written from the ground up, make sure you don't fall for cheap imitations that suffer from feature bloat!

YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  SECURITY FIX! Users using any version prior to 1.5.1 « previous next »
Pages: 1 [2] 3 4 ... 12 Reply Ignore Print
Author Topic: SECURITY FIX! Users using any version prior to 1.5.1  (Read 99674 times)
7summits
Noobie
*
Posts: 47


Made it ma! On top of the world!

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #15 on: February 02, 2003, 04:59:25 PM »
Reply with quote

Thanks Jeff,

I just received the extra email (twice), but for all us PHP dummies out here:
What exectly happens /can happen if you don't do it?

One board I immediately changed; the other (test, on other server) I did not, but calling Packages.php or Packer.php does not do much interesting?!?

How does one get to my password if I do not fix this?

Thanks,
Harry
Logged

http://7summits.com will take you to the highest points on the continents! Climb Kilimanjaro, Aconcagua and more...
New YabbSe soon!
PioneeR
Llama Hunter
YaBB God
*****
Posts: 767


Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #16 on: February 02, 2003, 05:07:44 PM »
Reply with quote

Thanks for the announcement.. i must have missed it the first time round!

I had a packer.php error in my http logs a few days ago.. (with a 404).

Anyway.. applied the fix now .. thanks
Logged
JRCarr
Jr. Member
**
Posts: 72


The Jack of all Trades and the Master of None.

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #17 on: February 02, 2003, 05:07:45 PM »
Reply with quote

QuoteHow does one get to my password if I do not fix this?
If you think about this, would you really want someone to tell everyone how to get into yours and everybody's board that didn't make the fix? I don't think so! :)

Jack
Logged

Jack
plowking
Noobie
*
Posts: 27


I'm real purdy

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #18 on: February 02, 2003, 05:10:24 PM »
Reply with quote

I can't find my packages.php or packer.php file.

I have a folder named pacakges, but no php file for it.
Logged
Agelmar
YaBB God
*****
Posts: 931


Takako Matsu = Goddess

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #19 on: February 02, 2003, 05:10:43 PM »
Reply with quote

No, not really. But for 7summits, I will just say a little bit (nothing specific). Packages.php contains functions for adding functionality into YaBBSE. (Big suprise). Not all functionality is good functionality. That's why you want to make sure the person is an administrator before you let anything exciting happen, and I'm going to leave it at that.
Logged

Agelmar
YaBB God
*****
Posts: 931


Takako Matsu = Goddess

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #20 on: February 02, 2003, 05:11:08 PM »
Reply with quote

Quote from: plowking on February 02, 2003, 05:10:24 PMI can't find my packages.php or packer.php file.

I have a folder named pacakges, but no php file for it.
It is in the directory "Sources", and the file is Packages.php
Logged

kev
Noobie
*
Posts: 16


WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #21 on: February 02, 2003, 05:11:50 PM »
Reply with quote

Packages.php is under the Sources directory.
Logged
sensovision
Full Member
***
Posts: 100


WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #22 on: February 02, 2003, 05:12:54 PM »
Reply with quote

hi probably it was someone of us... me and my friend  yesterday search for YaBB which didn't apply patch yet and send mails to admins, sorry if we scare you but better to be scared but informed before hackers do this for you... :(

also some posted about ION I saw few boards with huge letters of saing that site was hacked :-\ Seems that hackers was faster in this case... sorry about this :(
Quote from: akpcep on February 02, 2003, 04:50:12 PMMany thanks for the heads-up. I just administered the fix.

Strangely, someone in my referrers navigated to my site by searching allinurl:yabbse in google. Scary stuff.
Logged

Denis

Are you good with the graphic? check out our design logo contest!
akpcep
Noobie
*
Posts: 33


I'm not a f*ckin llama.

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #23 on: February 02, 2003, 05:15:34 PM »
Reply with quote

I hope it was you!

Thanks for your vigilance.
Logged

darqueaynjil
Noobie
*
Posts: 19


Pimpin Baby

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #24 on: February 02, 2003, 05:31:53 PM »
Reply with quote

the first time I tried to come to the page, it said that there was a forum error or something.  Today I got 3 more e-mails about it so I came on......good thing I did it appears.

changed the code-  hopefully I won't have any problems.
Logged
NV
Noobie
*
Posts: 15


I'm a llama!

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #25 on: February 02, 2003, 05:35:57 PM »
Reply with quote

I recently also was confronted with some hacks of my board. I guessed the problem was the fact that my folders had to wide restrictions (777).

After I chmod them to 755 the problems were gone (and Yabbse still worked  ;)). A hacker managed to place a new Administrator.php resulting in strange behaviour of the board.

Logged
kkozma
Noobie
*
Posts: 39


Peanut Butter Jelly!!

Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #26 on: February 02, 2003, 06:00:18 PM »
Reply with quote

Yep, I got that email yesterday..  I searched fpr the update and found that security mod but half of it didn't work, so I just applied this mod.
Logged
TurboXS
Noobie
*
Posts: 24


Debian - Linux ist nicht gleich Linux!!

WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #27 on: February 02, 2003, 06:12:21 PM »
Reply with quote

Hi,

I changed that stuff in my board, too.
Thanks for the warnings.

But, honestly, do you think that more than 9 e-mails are necessary? I stopped counting after the 9th one :-\

Regards
Logged

Overseer
Sr. Member
****
Posts: 455


Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #28 on: February 02, 2003, 06:20:38 PM »
Reply with quote

^ more than 9   ???


ONE IS ENOUGH!!!

Logged

I learned that from the G's, a G is an Overseer, the Overseer sees.
More than you do 'cause he gets experienced - Snoop on Daz's OG

Supreme exalted, universal leader, Descendent of the kings and queens, the Overseer
The overlord, cream of the crop, creme de la creme - Gang Starr  Royalty
Daniel D.
Mod Team
YaBB God
*****
Posts: 2935


Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #29 on: February 02, 2003, 06:27:28 PM »
Reply with quote

Quote from: Overseer on February 02, 2003, 06:20:38 PM^ more than 9   ???


ONE IS ENOUGH!!!


Not for some people here...
Logged

Pages: 1 [2] 3 4 ... 12 Reply Ignore Print 
YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  SECURITY FIX! Users using any version prior to 1.5.1 « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.030 seconds with 20 queries.