Previous Thread
Next Thread
Print Thread
Hop To
#226951 05/31/2009 12:06 PM
Joined: May 2007
Posts: 18
S
stranger
stranger
S Offline
Joined: May 2007
Posts: 18
Hi there:

I am using Classic 6.5.0. I have been receiving "Report A Post" emails with comments in them selling Viagra and diet pills. Smells like SQL injection. A temp fix is to move the post to another area then move it back to the original area and it changes the post number on it. But my question is, does anyone know of a patch that is available to fix this? Either direct from UBB or by an outside developer?

Thank you in advance!

Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
HUH????
Classic does not use MySql. It is a flat file system using CGI and PHP for the accelerator.
It sounds more like a spam issue which pops up all the time with classic today


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Just took a quick peek at your site you have report a post enabled on your site. So anyone can send a message including guests to the report a post. The only good part about it is only admins and moderators will get the message.

You could just turn the feature off I guess.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Classic wasn't exactly "secure" in the captcha implementation in the latest build; automated bots could easily spam the everloving hell out of the forum...

Fix? UBB.T7 or disable features bots are abusing.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Dec 2003
Posts: 1,796
Pooh-Bah
Pooh-Bah
Joined: Dec 2003
Posts: 1,796
At the least update to 6.7.3 - lots of bugs were fixed in there, tho I don't think Charles fixed any SQL injection issues wink


- Allen
- ThreadsDev | PraiseCafe
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Originally Posted by AllenAyres
ho I don't think Charles fixed any SQL injection issues wink
Lol considering it's not MySQL based, I don't really see how he COULD fix SQL injection issues... let alone how there could be some... That'd be amazing...


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Feb 2007
Posts: 1,294
Likes: 2
Veteran
Veteran
Joined: Feb 2007
Posts: 1,294
Likes: 2
I wouldn't sweat it. The classic version is flat file based and there is not as many security issues as many on here let on.

I have been running classic since 1995 and I never had anyone get in my forum and create any problems. I have had others on my servers as well running classic and still have 2 classic boards running on my servers and still no problems.


Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Originally Posted by JAISP
I have been running classic since 1995 and I never had anyone get in my forum and create any problems. I have had others on my servers as well running classic and still have 2 classic boards running on my servers and still no problems.
I agree to a point depending on the classic version.
The real issue was the spamming in my case.
In his case it looks the same.
So options are close the board to guests or just turn off notify posts and give users another avenue if needed. Like a help forum.
Either case if spammers can find a email address they will use it.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Feb 2007
Posts: 1,294
Likes: 2
Veteran
Veteran
Joined: Feb 2007
Posts: 1,294
Likes: 2
That's why I use a web form for people contacting me on my web sites. No email given and none known till i reply to the form message.

Also my web form tells me many things about the person sending to me through the forum. This helps in knowing if I need to reply or not.

Joined: May 2007
Posts: 18
S
stranger
stranger
S Offline
Joined: May 2007
Posts: 18
I am writing this with a bag over my head so you won't recognize me as I feel like a fool. I totally forgot this is a flat file and cannot be SQL injection! But it does appear to be a bot and not a human doing it as it keeps hitting the same "repot a post" from 2006.

So if there is no way to add captcha to this feature I will live with it. Moving the thread and then moving it back again is a band-aid fix.

Unless there is a captcha mod out there that anyone is aware of?

Joined: Feb 2007
Posts: 1,294
Likes: 2
Veteran
Veteran
Joined: Feb 2007
Posts: 1,294
Likes: 2
You can ban the bot via an .htaccess file if it is the same bot all the time.

Code
order allow,deny
deny from xxx.xxx.xxx.xxx
allow from all

Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
The fool is us. I don't recall a true captcha mod for classic but it was discussed several times at ubbdev.com. Somebody did add a Captcha feature with a human question answer feature at some point in time but never followed up on the modification. If they did it was lost in time.

If upgrading is out of the question, then try to use what tools you have at hand.
Such as turn off features that allow bots from harvesting email accounts, close the board to guests, Email verification, Etc.

Other than that you can block by Ip not just by the classic control panel but by .htaccess if it is a repeat offender.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Dec 2003
Posts: 1,796
Pooh-Bah
Pooh-Bah
Joined: Dec 2003
Posts: 1,796
Originally Posted by Gizmo
Originally Posted by AllenAyres
ho I don't think Charles fixed any SQL injection issues wink
Lol considering it's not MySQL based, I don't really see how he COULD fix SQL injection issues... let alone how there could be some... That'd be amazing...


umm... my point wink

Originally Posted by JAISP
I have been running classic since 1995


"# First version of UBB created May 7, 1996 (by Ted O'Neill)."

wink


- Allen
- ThreadsDev | PraiseCafe
Joined: Feb 2007
Posts: 1,294
Likes: 2
Veteran
Veteran
Joined: Feb 2007
Posts: 1,294
Likes: 2
Ok Excuse me then 1996. I had purchased the firs version when they were only out like a few months. I still have the board archived and all of its post's as well. It was on a new site so I went by the Domain Registration date to get close. My Mistake.

Anyway no one really cares, lol.

Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Originally Posted by JAISP
Ok Excuse me then 1996. I had purchased the firs version when they were only out like a few months. I still have the board archived and all of its post's as well. It was on a new site so I went by the Domain Registration date to get close. My Mistake.

Anyway no one really cares, lol.
I agree Lockerman.(Sorry Jaisp Just a habit with the name)
Who cares except for the person with the problem.
I would suggest to him as stated by myself, you and others. Use security methods available or start the upgrade process.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Dec 2003
Posts: 1,796
Pooh-Bah
Pooh-Bah
Joined: Dec 2003
Posts: 1,796
I actually care... do you still have the free version files from something like v1 or v2? I had them but lost them on some hard drive I can't find anymore frown

For posterity and all... we had it running on ubbdev a few years back but I can't find the files anymore.


- Allen
- ThreadsDev | PraiseCafe

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
1 members (Ruben), 476 guests, and 111 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)