Previous Thread
Next Thread
Print Thread
Hop To
#113061 11/04/2001 9:48 PM
Anonymous
Unregistered
Anonymous
Unregistered
Every weekend since mid September. My boards revert to sometype of unknown default setting. I have this problem in 5 out 8 boards, running versions 5.47 thru 6.05.

I get view by category turned on. I have some default topics/categories enabled that I normally turn off. General Site Discussion / No Category , Staff Room / Administrator , News / Administrator.

My forums permissions get switched from Any Unregistered to Registered Only.

My world filter turns into a different list containing only general words without the squiqly brackets {}.

I don't know why this is happening. I can't imagine I am the only one.

I think it might be some type of script that someone is running but I can't be sure.

if ANYONE else has had similar problems please let me know. If ANYONE know s what else may be causing this please help me out.

I spend every Monday fixing my configurations. It really is annoying,

Thanx,
Will

[This message was edited by Charles Capps on November 05, 2002 at 10:17 AM.]

#113062 11/04/2001 10:37 PM
Joined: Jun 2006
Posts: 9,242
Likes: 1
R
Former Developer
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
Every Sunday night your boards are getting replaced with a bad backup maybe?

Default configuration for UBB is an empty censor box. I have no idea how the {} would get removed or the words changed. Are you getting the same words in the censor every Monday?

Honor The Victims

#113063 11/05/2001 12:56 AM
Anonymous
Unregistered
Anonymous
Unregistered
Yes, I beleive so. I am not having this problem on 6 other boards that I manage. It is very odd.

I have been looking into it being restored from backups but I can't imagine that would be happening to some and not others.

#113064 11/12/2001 12:17 PM
Anonymous
Unregistered
Anonymous
Unregistered
I am still having it happen.
I think someone has found a exploit in your code.
Is anyone else having a similar problem. I have checked my server logs and nothing is going on when these changes occur. Is there a way to lock your settings down with a second password?

Will

#113065 11/12/2001 2:35 PM
Anonymous
Unregistered
Anonymous
Unregistered
I highly doubt that this is a security problem. It sounds like what Dave mentioned - a bad backup getting restored.

Have you spoken with your web hosting provider?

--
Charles Capps
Programmer, Infopop Corporation
Please do not contact me privately for support - post on the board or open a support ticket instead!

#113066 11/16/2001 5:44 PM
Anonymous
Unregistered
Anonymous
Unregistered
I am the Hosting Provider, I know when my logs are backed up. It is NOT that. Checked and doubled checked.

This is now happening to other forums I run.

I sincerely believe that this is a security issue.

Will Ackerman

#113067 11/17/2001 9:42 AM
Anonymous
Unregistered
Anonymous
Unregistered
If you think somone accessed your CP, enter /ubb/BanLists/adminlog.cgi, and check if someone modifies it on every Sunday.

If you can't see anything, maybe they accessed your FTP.

#113068 11/20/2001 11:54 PM
Anonymous
Unregistered
Anonymous
Unregistered
This log doesn't exist in my directory. I am running version 6.05, can anyone tell me how to enable the adminlog?

This is the type of trouble shooting I am looking for. I appreciate the advice.

Will

#113069 11/20/2001 11:59 PM
Anonymous
Unregistered
Anonymous
Unregistered
Most of my Banlist folder only contain floodcheck logs.

#113070 11/21/2001 12:19 AM
Anonymous
Unregistered
Anonymous
Unregistered
I am going to guess that these files may be being accessed by FTP, I do not rule out the possibility of a script being used.

We have had no problems with our site (no defacements), so I more inclined to believe that the person responsible must be limited to the UBB or CGI-BIN directories.

This would rule out FTP and limit it to PERL scripting to modify our content.

In case this info is relevant we are running NT 4 servers.

Any more Help would be greatly appreciated.

Will

#113071 11/21/2001 9:52 AM
Anonymous
Unregistered
Anonymous
Unregistered
6.05 doesn't do admin-logging.

There is a known security exploit with 6.05 on NT. (It's been fixed in 6.1.) I don't know if it could do what you're experiencing.

If you don't want to upgrade, you could try "planting" some trivial changes in the control panel, or add or change a few files on the server, and then see if your modifications disappear.

#113072 11/21/2001 2:36 PM
Anonymous
Unregistered
Anonymous
Unregistered
Will, there is no admin log in 6.05, but there was in 5.47 and in 6.1.0.3. It will be in the /BanLists directory in the 5.47 board as in the 6.1 boards.

Have you looked at your server's access logs to see who is accessing your control panel?

Are the configurations getting set EXACTLY the same every Monday?

Is there any chance you have more then one board running off the same set of variables files? Someone making changes on one board that is accidently changing another board at the same time?

Honor The Victims

#113073 11/21/2001 9:33 PM
Anonymous
Unregistered
Anonymous
Unregistered
Thu Nov 8 01:39:06 2001

This is the first entry in my adminlog (v5.47)and is followed by about 8 other entries that are from me. I am assumeing that it should be going further back since this board is close to a year old. That was probably the last time this board was hit. I am looking through the daily logs now but the text file for one day is over 105mb so it is alot to sift through.

David - to answer your question - No it is not the same every monday. and not consistantly the same boards.

This monday I came to work to find that someone had added a new forum complete with description and all.

People are flipping out, to say the least.

The funny thing is that it was tasteful, so I am led to believe that it is a user that really cares about the Boards.

David - I don't believe that any of these boards are sharing there variable files. NO One works on these Boards over the weekend. Trust me. I am pretty much one of 3 people that enters the Control panel of any of these boards.

I upgraded my largest board to v 6.1.0 I hope this makes the difference. I am also changing all the Passwords as each forum gets hit.

Dave_L - I have done what you suggested already to see if my minor changes changed and they did.

I know you are not allowed to post exploits on this forum and I support that, but I have over 5 boards on v 6.0.5 and I would like to know more about it. If you would email any info you can on it I would greatly appreciate it.

Thank you all for your help

Will Ackerman

wackerman@hfnm.com

#113074 12/03/2001 3:28 PM
Anonymous
Unregistered
Anonymous
Unregistered
I wouldlike to thank everyone who helped me try and fix this problem.

I very big thanks to DAVE_L, your posts were exactly what I was looking for.

Thank you all,

Will

#113075 12/03/2001 3:45 PM
Anonymous
Unregistered
Anonymous
Unregistered
Uh, so what WAS the fix?

--
Charles Capps
Programmer, Infopop Corporation
Please do not contact me privately for support - post on the board or open a support ticket instead!

#113076 12/03/2001 5:15 PM
Anonymous
Unregistered
Anonymous
Unregistered
It's a security issue. He could tell you, but then he'd have to kill you. <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" />

#113077 12/03/2001 6:30 PM
Anonymous
Unregistered
Anonymous
Unregistered
Uh, well, if it's a security issue with the UBB, I'd like to know now rather than find out later...

--
Charles Capps
Programmer, Infopop Corporation
Please do not contact me privately for support - post on the board or open a support ticket instead!

#113078 12/04/2001 12:25 PM
Anonymous
Unregistered
Anonymous
Unregistered
Charles: The vulnerability I discussed with Will was something that I had previously discussed with you, and it's been fixed in 6.1. I don't know if that was the cause of his problem.

#113079 12/04/2001 2:05 PM
Anonymous
Unregistered
Anonymous
Unregistered
OKay, thank you. Nevertheless, could you drop me a mail with a reminder / details? I'll want to make sure it's really fixed.

Topic closed.

--
Charles Capps
Programmer, Infopop Corporation
Please do not contact me privately for support - post on the board or open a support ticket instead!


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
2 members (Gizmo, Nightcrawler), 553 guests, and 186 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)