SECURITY FIX! Users using any version prior to 1.5.1

[7summits]

Thanks Jeff,

I just received the extra email (twice), but for all us PHP dummies out here:
What exectly happens /can happen if you don't do it?

One board I immediately changed; the other (test, on other server) I did not, but calling Packages.php or Packer.php does not do much interesting?!?

How does one get to my password if I do not fix this?

Thanks,
Harry

[PioneeR]

Thanks for the announcement.. i must have missed it the first time round!

I had a packer.php error in my http logs a few days ago.. (with a 404).

Anyway.. applied the fix now .. thanks

[JRCarr]

How does one get to my password if I do not fix this?

If you think about this, would you really want someone to tell everyone how to get into yours and everybody's board that didn't make the fix? I don't think so!

Jack

[plowking]

I can't find my packages.php or packer.php file.

I have a folder named pacakges, but no php file for it.

[Agelmar]

No, not really. But for 7summits, I will just say a little bit (nothing specific). Packages.php contains functions for adding functionality into YaBBSE. (Big suprise). Not all functionality is good functionality. That's why you want to make sure the person is an administrator before you let anything exciting happen, and I'm going to leave it at that.

[Agelmar]

I can't find my packages.php or packer.php file.

I have a folder named pacakges, but no php file for it.

It is in the directory "Sources", and the file is Packages.php

[kev]

Packages.php is under the Sources directory.

[sensovision]

hi probably it was someone of us... me and my friend  yesterday search for YaBB which didn't apply patch yet and send mails to admins, sorry if we scare you but better to be scared but informed before hackers do this for you...

also some posted about ION I saw few boards with huge letters of saing that site was hacked Seems that hackers was faster in this case... sorry about this

Many thanks for the heads-up. I just administered the fix.

Strangely, someone in my referrers navigated to my site by searching allinurl:yabbse in google. Scary stuff.

[akpcep]

I hope it was you!

Thanks for your vigilance.

[darqueaynjil]

the first time I tried to come to the page, it said that there was a forum error or something.  Today I got 3 more e-mails about it so I came on......good thing I did it appears.

changed the code-  hopefully I won't have any problems.

[NV]

I recently also was confronted with some hacks of my board. I guessed the problem was the fact that my folders had to wide restrictions (777).

After I chmod them to 755 the problems were gone (and Yabbse still worked  ). A hacker managed to place a new Administrator.php resulting in strange behaviour of the board.

[kkozma]

Yep, I got that email yesterday..  I searched fpr the update and found that security mod but half of it didn't work, so I just applied this mod.

[TurboXS]

Hi,

I changed that stuff in my board, too.
Thanks for the warnings.

But, honestly, do you think that more than 9 e-mails are necessary? I stopped counting after the 9th one

Regards

[Overseer]

^ more than 9  


ONE IS ENOUGH!!!

[Daniel D.]

^ more than 9  


ONE IS ENOUGH!!!

Not for some people here...