Portal Forums Calendar Active Threads
Previous Thread
Next Thread
Print Thread
Hop To
up to V6.5.4 - high risk fix (I hope so)
#129301 06/11/2006 4:31 PM
Joined: Jun 2006
Posts: 956
Berlin, Germany
Zarzal
Offline
Old Hand
Zarzal
Old Hand
Offline
Joined: Jun 2006
Posts: 956
Berlin, Germany
I adapt an older security fix to block another hole. I hope so .. I m not a coder but it seems to work for me:

in ubbthreads/includes/main.inc.php

search for:
// DO NOT EDIT ANYTHING BELOW THIS LINE!

and add ABOVE this line:
define('UBBTINCPHP',1);

in /ubbthreads/ubbt.inc.php

search for:
// ---------------------
// Include the libraries

and add ABOVE:
if (!defined('UBBTINCPHP')) {
exit;
}

This should be prevent to call ubbt.inc.php direct from a browser. For more security put a .htaccess in your ubbthreads/includes with the following content:

Deny from all

If you have register globals=on on your server be warned ! You should use this fix as soon as possible. Maybe it is fixed in 6.5.5, but I cant verify it yet.

my board: http://www.dragonclan-forum.de
my hobby: http://www.biker-reise.de
Ich kann bei Fragen zu UBBthreads in Deutsch weiterhelfen oder es zumindest versuchen
Re: up to V6.5.4 - high risk fix (I hope so)
#129302 06/11/2006 5:42 PM
Joined: Jun 2006
Posts: 956
Berlin, Germany
Zarzal
Offline
Old Hand
Zarzal
Old Hand
Offline
Joined: Jun 2006
Posts: 956
Berlin, Germany
Notice:
This is only a workaround to prevent that this file is called directly in a browser. The bugs inside ubbt.inc.php need to be fixed to made this file secure itself but I don't know how to do this the correct way. So lets wait for an official statement.

my board: http://www.dragonclan-forum.de
my hobby: http://www.biker-reise.de
Ich kann bei Fragen zu UBBthreads in Deutsch weiterhelfen oder es zumindest versuchen
Re: up to V6.5.4 - high risk fix (I hope so)
#129303 06/12/2006 6:11 AM
Joined: Aug 2004
Posts: 460
Conrad Offline
Addict
Conrad
Addict
Offline
Joined: Aug 2004
Posts: 460
Thanks.

Just so happens that my board got hacked yesterday.

Any chance someone might know what this is about. I uploaded the file myself, so I hope that this is simply the server making sure that everything is ok:

Code
 
Note: If this is the first time you recieved this mail, it contains the history for the entire month so far.

Below are the recently upload scripts that contain code to send email.  You may wish to inspect them to ensure they are not sending out SPAM.

/home/forum/public_html/ubbthreads/ubbt.inc.php:261: 		if ($config['fifth_mail']) {
/home/forum/public_html/ubbthreads/ubbt.inc.php:262: 			mail("$to","$subject","$body","From: $from{$newline}{$bcc}$headers","-f{$config['emailaddy']}");
/home/forum/public_html/ubbthreads/ubbt.inc.php:263: 		} else {
---
/home/forum/public_html/ubbthreads/ubbt.inc.php:263: 		} else {
/home/forum/public_html/ubbthreads/ubbt.inc.php:264: 			mail("$to","$subject","$body","From: $from{$newline}{$bcc}$headers");
/home/forum/public_html/ubbthreads/ubbt.inc.php:265: 		}
---
/home/forum/public_html/ubbthreads/ubbt.inc.php:261: 		if ($config['fifth_mail']) {
/home/forum/public_html/ubbthreads/ubbt.inc.php:262: 			mail("$to","$subject","$body","From: $from{$newline}{$bcc}$headers","-f{$config['emailaddy']}");
/home/forum/public_html/ubbthreads/ubbt.inc.php:263: 		} else {
---
/home/forum/public_html/ubbthreads/ubbt.inc.php:263: 		} else {
/home/forum/public_html/ubbthreads/ubbt.inc.php:264: 			mail("$to","$subject","$body","From: $from{$newline}{$bcc}$headers");
/home/forum/public_html/ubbthreads/ubbt.inc.php:265: 		}
---
/home/forum/public_html/ubbthreads/ubbt.inc.php:261: 		if ($config['fifth_mail']) {
/home/forum/public_html/ubbthreads/ubbt.inc.php:262: 			mail("$to","$subject","$body","From: $from{$newline}{$bcc}$headers","-f{$config['emailaddy']}");
/home/forum/public_html/ubbthreads/ubbt.inc.php:263: 		} else {
---
/home/forum/public_html/ubbthreads/ubbt.inc.php:263: 		} else {
/home/forum/public_html/ubbthreads/ubbt.inc.php:264: 			mail("$to","$subject","$body","From: $from{$newline}{$bcc}$headers");
/home/forum/public_html/ubbthreads/ubbt.inc.php:265: 		}
---

Re: up to V6.5.4 - high risk fix (I hope so)
#129304 06/12/2006 2:58 PM
Joined: Jun 2006
Posts: 956
Berlin, Germany
Zarzal
Offline
Old Hand
Zarzal
Old Hand
Offline
Joined: Jun 2006
Posts: 956
Berlin, Germany
You get this mail from your provider? Seems to me like an automatic generated mail from a script checker.

But there are some exploits on the way that use unfixed Threads to break the server and upload mailerscripts and other bots. On my 3 hacks (every use another hole) I have:

1) all php files on the whole server modified with an iFrame that loads lots of things and leave one or two backdoors

2) upload a bot script to the serverroot outside the webroot. Very nice tricky thing. I got now copy.

3) was hidden from my eyes. This one leave no new files on my server. I notice a slow FTP performance and do a check of the server error log. I found too unsuccessfull attemps to break in a new way and was alarmed. I contact my provider and he found 40 IRC bots threads running und my shell. Nice.

Now running 6.5.5 and wait for next one ...

my board: http://www.dragonclan-forum.de
my hobby: http://www.biker-reise.de
Ich kann bei Fragen zu UBBthreads in Deutsch weiterhelfen oder es zumindest versuchen
Re: up to V6.5.4 - high risk fix (I hope so)
#129305 06/12/2006 8:00 PM
Joined: Jun 2006
Posts: 9,242
Likes: 1
Aberdeen, WA
R
Rick Offline
Former Developer
Rick
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
Aberdeen, WA
This was addressed in 6.5.5. Anybody that is unsure of their register_globals settings or isn't running a newer version of PHP should definitely upgrade as stated in the announcement that was made concerning this a couple weeks ago.
Re: up to V6.5.4 - high risk fix (I hope so)
#129306 06/13/2006 8:23 AM
Joined: Aug 2004
Posts: 460
Conrad Offline
Addict
Conrad
Addict
Offline
Joined: Aug 2004
Posts: 460
Can I find a list of all security patches for 6.5.5 somewhere?

I'm running the sub-forum mod on my board so I'd really prefer to make the changes manually within each file.

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Version 7.7.5 Images suddenly not displaying
by Stovebolt - 05/04/2024 11:19 AM
Bots
by Outdoorking - 04/13/2024 5:08 PM
Can you add html to language files?
by Baldeagle - 04/07/2024 2:41 PM
Do I need to rebuild my database?
by Baldeagle - 04/07/2024 2:58 AM
This is not a bug, but a suggestion
by Baldeagle - 04/05/2024 11:25 PM
Who's Online Now
1 members (1 invisible), 939 guests, and 146 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Forum Rules · Mark All Read Contact Us · Forum Help · UBBCentral
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20240501)