UBB.threads PHP Forum Software Community Forums UBB.threads 7 Version 7 Support Threat to delete data

Some 'mad' forum member - just arrived post this below:

($0 =~ m,(.*)/[^/]+,) && unshift (@INC, "$1");
# Get the script location: Windows \
($0 =~ m,(.*)\\[^\\]+,) && unshift (@INC, "$1"); $vars_config{CGIPath}/ubb_lib_misc.cgi $ubb eq 'do_login') {
$skip_cookie_check = 'true' &verify_id("$in{username}", "$in{password}");
my $pubname = $user_info[0];
my $dp = $user_info[1];
my $profile_number = $user_info[2];
my $mod_q = $user_info[3]; chomp($mod_q);
$vars_display{MembersOnlyAccess} eq 'YES'config{CGIPath}/ubb_pm.cgi";("$vars_wordlets_err{dead_end}");$cat_number) = split(/:/, $in{f}); should be finished in about 20 mins if i work at it, say bye bye to the forum


Anything to worry about?

???

Maybe if you are running ubb.classic (an older one at that). Those files he's referencing are from .classic - most likely he's reposting some hacker code that's been on the net for years.

Thanks ;-)

When you're yelling at him for attempting to hack your forum, you may mention those variables don't even exist, let alone the files he's referenced ...

Script Kiddies are the worst. This one is not even smart enough to be called a Script Kiddy.

Why tell him let him keep thinking the code is valid.
Otherwise he will try to develop a new hack.

or surf online for one that may have existed 8+ years ago for 20 minutes before a security release would have been issued

There you go.
Let the sorry dogs work for it.
Thats what I am saying why help them improve.

Did you ever have a UBB.classic on your server? Is it still there?

Because I'm thinking this person maybe found an old UBB.classic and can read it in plain text because .cgi isn't being processed anymore?

Which means the members files are going to show in plain text.

Which means I hope your password isn't the same anymore.

That's all if you actually had a UBB.classic and it's still laying around, broken. If not, there's nothing to worry about at all, you're being bluffed.

That would be the only caveat (if you ran an .classic before), I'd change passwords on all admin accounts. Then ban the eejit and report him to his ISP for threats.