Hi there:

I am using Classic 6.5.0. I have been receiving "Report A Post" emails with comments in them selling Viagra and diet pills. Smells like SQL injection. A temp fix is to move the post to another area then move it back to the original area and it changes the post number on it. But my question is, does anyone know of a patch that is available to fix this? Either direct from UBB or by an outside developer?

Thank you in advance!

HUH????
Classic does not use MySql. It is a flat file system using CGI and PHP for the accelerator.
It sounds more like a spam issue which pops up all the time with classic today

Just took a quick peek at your site you have report a post enabled on your site. So anyone can send a message including guests to the report a post. The only good part about it is only admins and moderators will get the message.

You could just turn the feature off I guess.

Classic wasn't exactly "secure" in the captcha implementation in the latest build; automated bots could easily spam the everloving hell out of the forum...

Fix? UBB.T7 or disable features bots are abusing.

At the least update to 6.7.3 - lots of bugs were fixed in there, tho I don't think Charles fixed any SQL injection issues

Lol considering it's not MySQL based, I don't really see how he COULD fix SQL injection issues... let alone how there could be some... That'd be amazing...

I wouldn't sweat it. The classic version is flat file based and there is not as many security issues as many on here let on.

I have been running classic since 1995 and I never had anyone get in my forum and create any problems. I have had others on my servers as well running classic and still have 2 classic boards running on my servers and still no problems.

I agree to a point depending on the classic version.
The real issue was the spamming in my case.
In his case it looks the same.
So options are close the board to guests or just turn off notify posts and give users another avenue if needed. Like a help forum.
Either case if spammers can find a email address they will use it.

That's why I use a web form for people contacting me on my web sites. No email given and none known till i reply to the form message.

Also my web form tells me many things about the person sending to me through the forum. This helps in knowing if I need to reply or not.

I am writing this with a bag over my head so you won't recognize me as I feel like a fool. I totally forgot this is a flat file and cannot be SQL injection! But it does appear to be a bot and not a human doing it as it keeps hitting the same "repot a post" from 2006.

So if there is no way to add captcha to this feature I will live with it. Moving the thread and then moving it back again is a band-aid fix.

Unless there is a captcha mod out there that anyone is aware of?

You can ban the bot via an .htaccess file if it is the same bot all the time.

The fool is us. I don't recall a true captcha mod for classic but it was discussed several times at UBBDev.com. Somebody did add a Captcha feature with a human question answer feature at some point in time but never followed up on the modification. If they did it was lost in time.

If upgrading is out of the question, then try to use what tools you have at hand.
Such as turn off features that allow bots from harvesting email accounts, close the board to guests, Email verification, Etc.

Other than that you can block by Ip not just by the classic control panel but by .htaccess if it is a repeat offender.

umm... my point



"# First version of UBB created May 7, 1996 (by Ted O'Neill)."

Ok Excuse me then 1996. I had purchased the firs version when they were only out like a few months. I still have the board archived and all of its post's as well. It was on a new site so I went by the Domain Registration date to get close. My Mistake.

Anyway no one really cares, lol.

I agree Lockerman.(Sorry Jaisp Just a habit with the name)
Who cares except for the person with the problem.
I would suggest to him as stated by myself, you and others. Use security methods available or start the upgrade process.

I actually care... do you still have the free version files from something like v1 or v2? I had them but lost them on some hard drive I can't find anymore

For posterity and all... we had it running on UBBDev a few years back but I can't find the files anymore.