Sub Menu
Links Menu
Online Users

In total there are 315 users online :: 2 registered, 0 hidden and 313 guests

Most users ever online was 1091 on Wed Aug 16, 2023 5:27 pm

Registered users: Bing [Bot], Google [Bot] based on users active over the past 60 minutes

security warning for boards with Activity Mod installed

Any topics related to phpBB (non-IntegraMOD related)

Moderator: Integra Moderator

security warning for boards with Activity Mod installed

PostAuthor: sanji » Sun May 28, 2006 6:46 pm

I just received this email from the administrators of phpBB-TweakS. There is a security warning for boards with Blend Portal System OR Activity Mod installed.

Just for your information...

sanji




It has come to my attention that Blend has a security issue. If you have Blend
Portal System OR Activity Mod installed, please disable your board or uninstall
these mods for the time being and do the file edit that I have listed below.
Here are a list of IPs that you need to ban from your site as well.

85.107.151.110, 84.112.100.97, 84.112.100.97, 200.112.130.69, 87.97.213.154,
211.66.110.157, 201.29.218.185, 195.93.60.97, 202.133.82.69, 70.136.76.25,
212.104.107.114, 157.142.200.121, 200.243.242.123, 166.111.249.39,
85.104.25.166, 85.14.214.4

These are known IPs that have used a script to infect sites with trojans via a
file in blend.
Open:
blend_data/blend_common.php

FIND

define('BLEND_DATA_PATH', 'blend_data/');

BEFORE, ADD

if (!defined('IN_PHPBB'))
die('Hack Attempt');

CLOSE & SAVE

I will release a fix for these issues ASAP.

I apologize for this huge inconvenience.



edit by found it--please read my post 2 post down for fix
Last edited by sanji on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Re: security warning for boards with Activity Mod installed

PostAuthor: Solomon » Sun May 28, 2006 7:06 pm

File edit different for Acitvity Mod Plus?

blend_common.php does not exist
Last edited by Solomon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[hr]

Solomon
Members
Members
 
Posts: 90
Likes: 0 post
Liked in: 0 post
Joined: Sat May 20, 2006 8:22 am
Cash on hand: 0.00

PostAuthor: sanji » Sun May 28, 2006 8:32 pm

Sorry, I can't help, I am not using Activity Mod. But since people do on this forum, I thought the admin might be interested...

Sorry not to be not more useful,

sanji
Last edited by sanji on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

Re: security warning for boards with Activity Mod installed

PostAuthor: found it » Mon May 29, 2006 4:00 am

[size=99px]For anyone using the activity mod plus mod the code fixes are found here[/font][/size]

http://phpbb-tweaks.com/topics.html-p-17622#17622

[size=99px]please do the 2 file edits asap...[/font][/size]

:mrgreen:
Last edited by found it on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[url=http]themes.[/url]
http://www.founditforum.com :: [url=http]Joining people together[/url]

[url=http][img=left]http://www.bbful.com/bbful_banner2.png[/img][/url]
User avatar
found it
Dev Team
Dev Team
 
Posts: 792
Likes: 0 post
Liked in: 0 post
Joined: Mon Mar 27, 2006 3:29 am
Cash on hand: 0.00

Re: security warning for boards with Activity Mod installed

PostAuthor: Solomon » Mon May 29, 2006 6:38 am

"found it";p="7713" wrote:[size=99px]For anyone using the activity mod plus mod the code fixes are found here[/font][/size]

http://phpbb-tweaks.com/topics.html-p-17622#17622

[size=99px]please do the 2 file edits asap...[/font][/size]

:mrgreen:

ty
Last edited by Solomon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[hr]

Solomon
Members
Members
 
Posts: 90
Likes: 0 post
Liked in: 0 post
Joined: Sat May 20, 2006 8:22 am
Cash on hand: 0.00

Re: security warning for boards with Activity Mod installed

PostAuthor: Solomon » Mon May 29, 2006 7:03 am

"austin" wrote:Just an FYI, there are quite a few other mods with these same issues (i dont know if their authors have released fixes or not), so keep your eyes open for changes in your site.

Any clue which other mods or what to look for in other mods not mentioned?
Last edited by Solomon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[hr]

Solomon
Members
Members
 
Posts: 90
Likes: 0 post
Liked in: 0 post
Joined: Sat May 20, 2006 8:22 am
Cash on hand: 0.00

Re: security warning for boards with Activity Mod installed

PostAuthor: obiku » Mon May 29, 2006 11:50 am

If I look in some of my lang files, most of them do not have the code

Code: Select all
if ( !defined('IN_PHPBB') ){     die("Hacking attempt") ;}

in them. Only the lang extend files have this code in them.

My question is now, is it necessary to put this code in the lang files
Last edited by obiku on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
http://www.familie-smit.nl
http://portfolio.familie-smit.nl

Do not tsunami my inbox... instead use the forums...
Hard work may not kill me, but why take a chance?

[hr]
User avatar
obiku
Dev Team
Dev Team
 
Posts: 218
Likes: 0 post
Liked in: 0 post
Joined: Tue May 02, 2006 10:22 am
Cash on hand: 0.00
Location: level 8

Re: security warning for boards with Activity Mod installed

PostAuthor: Solomon » Tue May 30, 2006 11:07 am

"obiku";p="7792" wrote:If I look in some of my lang files, most of them do not have the code

Code: Select all
if ( !defined('IN_PHPBB') ){     die("Hacking attempt") ;}

in them. Only the lang extend files have this code in them.

My question is now, is it necessary to put this code in the lang files

Good question, hopefully one of the "experts" will tune in.
Last edited by Solomon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[hr]

Solomon
Members
Members
 
Posts: 90
Likes: 0 post
Liked in: 0 post
Joined: Sat May 20, 2006 8:22 am
Cash on hand: 0.00

Re: security warning for boards with Activity Mod installed

PostAuthor: sanji » Tue May 30, 2006 1:40 pm

"obiku";p="7792" wrote:If I look in some of my lang files, most of them do not have the code

My question is now, is it necessary to put this code in the lang files


I am not absolutely sure, but I think there is no need to have this code in the language files. They only contains list of words, and no function, and do not connect with the database...

sanji
Last edited by sanji on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[img]http://www.secret-japan.com/forum/images/banners/fuji%20secret-japan%2088x31.gif[/img] [url=http]Secret Japan[/url] : discover Japan off the beaten tracks

sanji
Sr Integra Member
Sr Integra Member
 
Posts: 291
Likes: 0 post
Liked in: 0 post
Joined: Wed Apr 12, 2006 8:18 pm
Cash on hand: 0.00

PostAuthor: Michaelo » Tue May 30, 2006 3:40 pm

Correct! <img>
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

PostAuthor: Solomon » Tue May 30, 2006 4:08 pm

"Michaelo";p="7941" wrote:
"sanji";p="7917" wrote:
"obiku";p="7792" wrote:If I look in some of my lang files, most of them do not have the code

My question is now, is it necessary to put this code in the lang files


I am not absolutely sure, but I think there is no need to have this code in the language files. They only contains list of words, and no function, and do not connect with the database...

sanji


Correct! <img>

http://phpbb-tweaks.com/topics.html-p-17622#17622

Aren't those lang files in the Activity Mod Plus fix?
Are you saying the fix is not needed then?
Last edited by Solomon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[hr]

Solomon
Members
Members
 
Posts: 90
Likes: 0 post
Liked in: 0 post
Joined: Sat May 20, 2006 8:22 am
Cash on hand: 0.00

PostAuthor: obiku » Wed May 31, 2006 12:39 am

"Solomon";p="7943" wrote:
"Michaelo";p="7941" wrote:http://phpbb-tweaks.com/topics.html-p-17622#17622

Aren't those lang files in the Activity Mod Plus fix?
Are you saying the fix is not needed then?


Very interresting question. There are no functions in the lang_activity.php and lang_activity_char.php, but austin said to put this code
Code: Select all
if ( !defined('IN_PHPBB') ) {    die("Hacking attempt") ; }

in them. I only see an include in the lang_activity.php, but is only includes the lang_activity_char.php in witch no function appears or a connection to the database???
Last edited by obiku on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
http://www.familie-smit.nl
http://portfolio.familie-smit.nl

Do not tsunami my inbox... instead use the forums...
Hard work may not kill me, but why take a chance?

[hr]
User avatar
obiku
Dev Team
Dev Team
 
Posts: 218
Likes: 0 post
Liked in: 0 post
Joined: Tue May 02, 2006 10:22 am
Cash on hand: 0.00
Location: level 8

Re: security warning for boards with Activity Mod installed

PostAuthor: Michaelo » Wed May 31, 2006 7:10 am

IN_PHPBB - This constant is set to prevent cross-site script hacks that could potentially exploit the database. User facing files (files intended to be called by the user like index.php and viewtopic.php) define this constant. Non-user facing files (not intended to be called by users, such as db.php and common.php) check to make sure this constant is set thereby disallowing direct execution of these files. IN_PHPBB should be the first thing handled in most files. MODs must...

1. Define IN_PHPBB in user facing files using this syntax:
Code: Select all
        define('IN_PHPBB', true);  

2. Check for IN_PHPBB in non-user facing files with this code]         if ( !defined('IN_PHPBB') )       {          die("Hacking attempt");       }  [/code]
...technically, the check is not required in non-user facing files that contain ONLY functions (like functions.php). If any global variables, requires(), constant definitions, or code outside of a function is present then checking for IN_PHPBB is absolutely required.

You can find the rest of the article [url=http]HERE[/url]

Update: Facing files = file called directly by the user... language files are not called by the user neither do they contain functions so I dont know why there is a need to add the check but it doesnt hurtà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland

PostAuthor: Solomon » Wed May 31, 2006 8:58 am

"obiku";p="7957" wrote:[quote=&quot;Solomon&quot;;p=&quot;7943&quot;]
"Michaelo";p="7941" wrote:http://phpbb-tweaks.com/topics.html-p-17622#17622

Aren't those lang files in the Activity Mod Plus fix?
Are you saying the fix is not needed then?


Very interresting question. There are no functions in the lang_activity.php and lang_activity_char.php, but austin said to put this code
Code: Select all
if ( !defined('IN_PHPBB') ) {    die(&quot;Hacking attempt&quot;) ; }

in them. I only see an include in the lang_activity.php, but is only includes the lang_activity_char.php in witch no function appears or a connection to the database???

So Austin probably just wanted to be on the safer than sorry side of the lang_activity files?

[quote=""Michaelo";p="7989""]
IN_PHPBB - This constant is set to prevent cross-site script hacks that could potentially exploit the database. User facing files (files intended to be called by the user like index.php and viewtopic.php) define this constant. Non-user facing files (not intended to be called by users, such as db.php and common.php) check to make sure this constant is set thereby disallowing direct execution of these files. IN_PHPBB should be the first thing handled in most files. MODs must...

1. Define IN_PHPBB in user facing files using this syntax]         define('IN_PHPBB', true);  [/code]
2. Check for IN_PHPBB in non-user facing files with this code:
Code: Select all
        if ( !defined('IN_PHPBB') )       {          die(&quot;Hacking attempt&quot;);       }  

...technically, the check is not required in non-user facing files that contain ONLY functions (like functions.php). If any global variables, requires(), constant definitions, or code outside of a function is present then checking for IN_PHPBB is absolutely required.

You can find the rest of the article [url=http]HERE[/url]

Update]
Thanks for the article
Last edited by Solomon on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
[hr]

Solomon
Members
Members
 
Posts: 90
Likes: 0 post
Liked in: 0 post
Joined: Sat May 20, 2006 8:22 am
Cash on hand: 0.00

PostAuthor: Michaelo » Wed May 31, 2006 9:06 am

I guess so unless there is something we are not aware of.
Last edited by Michaelo on Wed Dec 31, 1969 4:00 pm, edited 1 time in total.
Kiss Portal Engine phpbbireland (status: Released)
User avatar
Michaelo
Administrator
Administrator
 
Posts: 1646
Likes: 0 post
Liked in: 0 post
Joined: Sat Mar 11, 2006 5:14 pm
Cash on hand: 0.00
Location: Dublin, Ireland


Return to phpBB Related Topics

Who is online

Registered users: Bing [Bot], Google [Bot]

cron