Every weekend since mid September. My boards revert to sometype of unknown default setting. I have this problem in 5 out 8 boards, running versions 5.47 thru 6.05.
I get view by category turned on. I have some default topics/categories enabled that I normally turn off. General Site Discussion / No Category , Staff Room / Administrator , News / Administrator.
My forums permissions get switched from Any Unregistered to Registered Only.
My world filter turns into a different list containing only general words without the squiqly brackets {}.
I don't know why this is happening. I can't imagine I am the only one.
I think it might be some type of script that someone is running but I can't be sure.
if ANYONE else has had similar problems please let me know. If ANYONE know s what else may be causing this please help me out.
I spend every Monday fixing my configurations. It really is annoying,
Thanx, Will
[This message was edited by Charles Capps on November 05, 2002 at 10:17 AM.]
Every Sunday night your boards are getting replaced with a bad backup maybe?
Default configuration for UBB is an empty censor box. I have no idea how the {} would get removed or the words changed. Are you getting the same words in the censor every Monday?
I am still having it happen. I think someone has found a exploit in your code. Is anyone else having a similar problem. I have checked my server logs and nothing is going on when these changes occur. Is there a way to lock your settings down with a second password?
I am going to guess that these files may be being accessed by FTP, I do not rule out the possibility of a script being used.
We have had no problems with our site (no defacements), so I more inclined to believe that the person responsible must be limited to the UBB or CGI-BIN directories.
This would rule out FTP and limit it to PERL scripting to modify our content.
In case this info is relevant we are running NT 4 servers.
There is a known security exploit with 6.05 on NT. (It's been fixed in 6.1.) I don't know if it could do what you're experiencing.
If you don't want to upgrade, you could try "planting" some trivial changes in the control panel, or add or change a few files on the server, and then see if your modifications disappear.
Will, there is no admin log in 6.05, but there was in 5.47 and in 6.1.0.3. It will be in the /BanLists directory in the 5.47 board as in the 6.1 boards.
Have you looked at your server's access logs to see who is accessing your control panel?
Are the configurations getting set EXACTLY the same every Monday?
Is there any chance you have more then one board running off the same set of variables files? Someone making changes on one board that is accidently changing another board at the same time?
This is the first entry in my adminlog (v5.47)and is followed by about 8 other entries that are from me. I am assumeing that it should be going further back since this board is close to a year old. That was probably the last time this board was hit. I am looking through the daily logs now but the text file for one day is over 105mb so it is alot to sift through.
David - to answer your question - No it is not the same every monday. and not consistantly the same boards.
This monday I came to work to find that someone had added a new forum complete with description and all.
People are flipping out, to say the least.
The funny thing is that it was tasteful, so I am led to believe that it is a user that really cares about the Boards.
David - I don't believe that any of these boards are sharing there variable files. NO One works on these Boards over the weekend. Trust me. I am pretty much one of 3 people that enters the Control panel of any of these boards.
I upgraded my largest board to v 6.1.0 I hope this makes the difference. I am also changing all the Passwords as each forum gets hit.
Dave_L - I have done what you suggested already to see if my minor changes changed and they did.
I know you are not allowed to post exploits on this forum and I support that, but I have over 5 boards on v 6.0.5 and I would like to know more about it. If you would email any info you can on it I would greatly appreciate it.
It's a security issue. He could tell you, but then he'd have to kill you. <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" />
Charles: The vulnerability I discussed with Will was something that I had previously discussed with you, and it's been fixed in 6.1. I don't know if that was the cause of his problem.