|
Joined: Jul 2004
Posts: 87
journeyman
|
journeyman
Joined: Jul 2004
Posts: 87 |
Some 'mad' forum member - just arrived post this below:
($0 =~ m,(.*)/[^/]+,) && unshift (@INC, "$1"); # Get the script location: Windows \ ($0 =~ m,(.*)\\[^\\]+,) && unshift (@INC, "$1"); $vars_config{CGIPath}/ubb_lib_misc.cgi $ubb eq 'do_login') { $skip_cookie_check = 'true' &verify_id("$in{username}", "$in{password}"); my $pubname = $user_info[0]; my $dp = $user_info[1]; my $profile_number = $user_info[2]; my $mod_q = $user_info[3]; chomp($mod_q); $vars_display{MembersOnlyAccess} eq 'YES'config{CGIPath}/ubb_pm.cgi";("$vars_wordlets_err{dead_end}");$cat_number) = split(/:/, $in{f}); should be finished in about 20 mins if i work at it, say bye bye to the forum
Anything to worry about?
|
|
|
|
Joined: Dec 2003
Posts: 1,796
Pooh-Bah
|
Pooh-Bah
Joined: Dec 2003
Posts: 1,796 |
???
Maybe if you are running ubb.classic (an older one at that). Those files he's referencing are from .classic - most likely he's reposting some hacker code that's been on the net for years.
|
|
|
|
Joined: Jul 2004
Posts: 87
journeyman
|
journeyman
Joined: Jul 2004
Posts: 87 |
|
|
|
|
Joined: Jun 2006
Posts: 16,300 Likes: 116
|
Joined: Jun 2006
Posts: 16,300 Likes: 116 |
When you're yelling at him for attempting to hack your forum, you may mention those variables don't even exist, let alone the files he's referenced ...
|
|
|
|
Joined: Jun 2006
Posts: 81
member
|
member
Joined: Jun 2006
Posts: 81 |
Script Kiddies are the worst. This one is not even smart enough to be called a Script Kiddy.
|
|
|
|
Joined: Dec 2003
Posts: 6,562 Likes: 78
|
Joined: Dec 2003
Posts: 6,562 Likes: 78 |
When you're yelling at him for attempting to hack your forum, you may mention those variables don't even exist, let alone the files he's referenced ... Why tell him let him keep thinking the code is valid. Otherwise he will try to develop a new hack.
Blue Man Group There is no such thing as stupid questions. Just stupid answers
|
|
|
|
Joined: Jun 2006
Posts: 16,300 Likes: 116
|
Joined: Jun 2006
Posts: 16,300 Likes: 116 |
or surf online for one that may have existed 8+ years ago for 20 minutes before a security release would have been issued
|
|
|
|
Joined: Dec 2003
Posts: 6,562 Likes: 78
|
Joined: Dec 2003
Posts: 6,562 Likes: 78 |
There you go. Let the sorry dogs work for it. Thats what I am saying why help them improve.
Blue Man Group There is no such thing as stupid questions. Just stupid answers
|
|
|
|
Joined: Jul 2006
Posts: 2,143
Pooh-Bah
|
Pooh-Bah
Joined: Jul 2006
Posts: 2,143 |
Did you ever have a UBB.classic on your server? Is it still there?
Because I'm thinking this person maybe found an old UBB.classic and can read it in plain text because .cgi isn't being processed anymore?
Which means the members files are going to show in plain text.
Which means I hope your password isn't the same anymore.
That's all if you actually had a UBB.classic and it's still laying around, broken. If not, there's nothing to worry about at all, you're being bluffed.
|
|
|
|
Joined: Dec 2003
Posts: 1,796
Pooh-Bah
|
Pooh-Bah
Joined: Dec 2003
Posts: 1,796 |
That would be the only caveat (if you ran an .classic before), I'd change passwords on all admin accounts. Then ban the eejit and report him to his ISP for threats.
|
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
2 members (Gizmo, 1 invisible),
901
guests, and
169
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|