Sub Menu
Links Menu
Online Users

In total there are 305 users online :: 3 registered, 0 hidden and 302 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot] based on users active over the past 60 minutes

Recent Hacking Discussion (continued...)

This is where youll find security related information.
Discuss Integramod/phpbb security issues here.

Moderator: Integra Moderator

Re: Recent Hacking Discussion (continued...)

PostAuthor: Nogami » Sun Sep 10, 2006 11:07 pm

Whew, just got back from vacation and looks like I missed all of the excitement...

I checked-over my server, and I don't see anything out of place (I had register_globals=off) in my php.ini file - was that enough to prevent this attack?

Is there anything else I should be checking?

It looks like most of the hacks did some major damage to sites, but nothing looks out of place on mine (it's a private site so new users need to be verified, and don't have much in the way of posting access until I authorize them) - that may have helped too?

N.
Last edited by Nogami on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

Nogami
Newbie
Newbie
 
Posts: 7
Likes: 0 post
Liked in: 0 post
Joined: Sun Apr 16, 2006 10:35 am
Cash on hand: 0.00

PostAuthor: Michaelo » Mon Sep 11, 2006 4:05 pm

register_globals=off did the trick... ;))

Mike
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: Recent Hacking Discussion (continued...)

PostAuthor: Oracle_SOD » Mon Sep 11, 2006 4:09 pm

Hi, we are using IM Portal (we were hacked using integramod, but decided to move over to just IM portal when restoring)

i have begun to apply the patches but can not find where to appy the following code

where does this go ?

Code: Select all
// Security update 02 September 2006 B starts // Find]) || (int)isset($HTTP_GET_VARS[STYLE_URL]) )    {       (int)$style = urldecode( (isset($HTTP_POST_VARS[STYLE_URL])) ? $HTTP_POST_VARS[STYLE_URL] : (int)$HTTP_GET_VARS[STYLE_URL] );       if($style == 0) { die('Hacking attempt'); exit; }       if ( $theme = setup_style((int)$style) )       {          setcookie($board_config['cookie_name'] . '_style', $style, time() + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);          return;       }    }        if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style']) )    {       $style = $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style'];       if ( $theme = setup_style((int)$style) )       {          return;       }    } // Security update 02 September 2006 B ends //
Last edited by Oracle_SOD on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Image
-=Quote=-
The person who says it cannot be done should not interrupt the person doing it.
User avatar
Oracle_SOD
Newbie
Newbie
 
Posts: 21
Likes: 0 post
Liked in: 0 post
Joined: Thu Jul 13, 2006 2:45 pm
Cash on hand: 0.00

PostAuthor: Michaelo » Tue Sep 12, 2006 3:23 am

This is for the change style mod which is not part of IM Portal... So this update is not required unless you add the change style block...
Mike
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: Recent Hacking Discussion (continued...)

PostAuthor: richiebgood » Thu Sep 14, 2006 3:56 am

Hi Guys, not sure if it is all related. But ever since doing these updates. I have three problems:
1.Tried to add acid theme - would not work
2. Tried to reverted back ro subice and now anoucments block does not work
3. Cannot select any stock style now (orange etc) fromprofile, just style select block
4. Attachments mod seems to be missing stuff.


Any help would be great, thanks.

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem1.gif[/flash:20kr6uij]

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem2.gif[/flash:20kr6uij]

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem3.gif[/flash:20kr6uij]



Thanks
Last edited by richiebgood on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.

richiebgood
Sr Integra Member
Sr Integra Member
 
Posts: 329
Likes: 0 post
Liked in: 0 post
Joined: Tue Aug 08, 2006 12:01 am
Cash on hand: 0.00
Location: Ireland

Re: Recent Hacking Discussion (continued...)

PostAuthor: MWE_001 » Tue Oct 03, 2006 6:58 pm

So my site was just hacked and i had it fixed minutes later. It was the def_auth.php file that was destroyed and i JUST backed up right before the hack lol what luck. Database is fine. I have dodged a bullet a few times now by being able to fix my site BUT sooner or later my site will be destroyed. This register globals thing does it work for one using IM 1.4.0? and it is an out of date version of phpbb as well.


Personally Im thinking of ditching phpbb alltogether and just getting out of the forums thing and going with a regular old website now. this is just to dam much to worry about. months and years of work gets destroyed in minutes. Good thing for backups.
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

PostAuthor: Michaelo » Wed Oct 04, 2006 2:59 am

richiebgood, try deleting all your cookies... as they do affect styles... If you still have a problem replace the def_themes.php with an original one as it can become corrupt.

MWE_001, did you add the security fixes [url=http]here![/url]? The affect 1.4.0 and 1.4.1...
Mike
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: Recent Hacking Discussion (continued...)

PostAuthor: MWE_001 » Wed Oct 04, 2006 11:08 am

Yeah Michaelo, I got ya on the other post thx, chief. Im getting ready to apply it now and see. Thx again Ray
Last edited by MWE_001 on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley

If you build it, I can break it! ~ Whispered in the tone of the movie Field of Dreams.
User avatar
MWE_001
Sr Integra Member
Sr Integra Member
 
Posts: 1265
Likes: 0 post
Liked in: 0 post
Images: 12
Joined: Fri Apr 21, 2006 6:59 pm
Cash on hand: 0.00
Location: Illinois

Re: Recent Hacking Discussion (continued...)

PostAuthor: rockeiro » Fri Oct 20, 2006 11:28 pm

Imagine dropping in out of the blue like I just did and discovering that there have been security problems with Integramod 1.40. This forum is full of great ideas and discussions but if someone (me) were to start from scratch today to patch a 1.40 installation on phpBB 2.0.17, where the heck would I start?

As suggested I already made my def_auth.php read only but I can't seem to find my php.ini file anywhere on my server.

I run my own W2003 server. The server is on IIS 6 but the forum sites have no extensions applied except for php. The Integramod forum is on a redirected url and port so maybe this has foiled the hackers so far but I still want to get this up to date to avoid problems.

http://forum.brased.org

At this point could someone step back and summarize what needs to be done and where all the files are that can be downloaded.

Appreciate it....
Last edited by rockeiro on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
:o
Brazilian Cultural Society of Edmonton http://brased.org
User avatar
rockeiro
Newbie
Newbie
 
Posts: 11
Likes: 0 post
Liked in: 0 post
Joined: Fri Jul 07, 2006 12:05 am
Cash on hand: 0.00

PostAuthor: Michaelo » Sat Oct 21, 2006 10:34 am

I believe the main reason this has not been undertaken is down to to the size of the support team coupled with the time taken to development and test IntegraMod 1.4.1.

It will include all patches and security fixes. Currently in testing... should be released soon...

Best to get everyone on the same page so we can concentrate efforts. Note most suppliers will implement php5x if they have not already done so, requiring everyone to upgrade sooner or later

Mike
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: Recent Hacking Discussion (continued...)

PostAuthor: rockeiro » Sat Oct 21, 2006 12:55 pm

OK then. I shall wait patiently for the 1.41 release. In the meantime, should I upgrade my Kismod 1.40 from php 4.3.11 to 5.1.6?

I read that chaging a few of the parameters in php.ini could avoid possible security risks. It appears it should be normally in the windows directory.

Dummy question here - how could my system be working without it?
Last edited by rockeiro on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
:o
Brazilian Cultural Society of Edmonton http://brased.org
User avatar
rockeiro
Newbie
Newbie
 
Posts: 11
Likes: 0 post
Liked in: 0 post
Joined: Fri Jul 07, 2006 12:05 am
Cash on hand: 0.00

PostAuthor: Michaelo » Sun Oct 22, 2006 3:45 am

php.ini... is in your xamppphp directory if you are using xampp and in windows/winnt if you are using something else....

KisMOd 1.4.0 is actually IntegraMod 1.4.0... Check the security forum for security issues... look at the first two post (i think!). The fixes in the main post solved all problems...

Mike
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

Re: Recent Hacking Discussion (continued...)

PostAuthor: rockeiro » Sun Oct 22, 2006 5:59 am

OK.. I'll rephrase the same message:

Is it OK to upgrade to php 5.1.6 if you have an Integramod 1.4.0 installation?

I have no php.ini file. How could this be?
Last edited by rockeiro on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
:o
Brazilian Cultural Society of Edmonton http://brased.org
User avatar
rockeiro
Newbie
Newbie
 
Posts: 11
Likes: 0 post
Liked in: 0 post
Joined: Fri Jul 07, 2006 12:05 am
Cash on hand: 0.00

Re: Recent Hacking Discussion (continued...)

PostAuthor: evolver » Sun Oct 22, 2006 12:13 pm

"rockeiro";p="16877" wrote:I have no php.ini file. How could this be?

There is always a php.ini file, but just not everyone is allowed to find and/or change it...
Some (many) hosts will hide this for the users, and all you can do then, is ask your host to do the modification, because it's also in their own interest to close that door to hackers...

So you can contact your host and ask them to set the register_globals off in php.ini...
Give them this link]http://www.zend.com/zend/art/art-oertli.php[/url]
And ask them to read the part after 'Master the Global Variable Scope' about how they can prevent security holes by doing so..
Last edited by evolver on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
ImageAlways remember you're unique, just like everyone else.
We are born naked, wet and hungry. Then things get worse.
Don't take life too seriously, you won't get out alive.
User avatar
evolver
Sr Integra Member
Sr Integra Member
 
Posts: 420
Likes: 0 post
Liked in: 0 post
Joined: Mon Mar 27, 2006 12:46 pm
Cash on hand: 0.00
Location: Oostende

PostAuthor: Michaelo » Sun Oct 22, 2006 3:55 pm

Ah! for some reason I assume it was a local forum <img>
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

PreviousNext

Return to Forum Security

Who is online

Registered users: Bing [Bot], Google [Bot], Majestic-12 [Bot]

cron