Previous Thread
Next Thread
Print Thread
Hop To
Security Breach #246505 10/29/2011 5:49 PM
Joined: Aug 2006
Posts: 583
Basil Offline OP
old hand
OP Offline
old hand
Joined: Aug 2006
Posts: 583
Not really a "bug" but not sure where else to post this. I am running the latest version with the security patch. Today I was notified that there were some "anonymous" posts showing up in the "Active Topics" that were in a "non-existent" forum. Sure enough, there was a thread in a forum that had long been closed, but somehow someone was posting replies in that thread without being a member. The original thread was a legit thread, but there were dozens of recent replies that all had links to porno sites.
I recorded all the IP addresses and did a search in my server's log file.

Here is an example of what I found associated with one of those IPs:

123.234.47.195 - - [29/Oct/2011:16:30:26 -0400] "POST /xxxxxxx/ubbthreads.php HTTP/1.0" 302 - "http://www.xxxxxxxxxxxx.com/xxxxxxx/ubbthreads.php/topics/235868/2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

The permissions in the closed forum would not have (or should not have) allowed anyone not a registered member to post, but somehow someone did. Any thoughts or ideas?



Re: Security Breach [Re: Basil] #246511 10/31/2011 3:12 PM
Joined: Jun 2006
Posts: 81
Mike L Offline
member
Offline
member
Joined: Jun 2006
Posts: 81
Can't help much with the breach, but would suggest locking out ALL IP addresses from China. Not likely you have any legit users from there (then again you might, I don't know).

One thing for sure is that China is the source of a LOT of undesired internet traffic. Blocking out the complete range of IP addresses gets rid of the largest source of mischief.

Re: Security Breach [Re: Basil] #246545 11/03/2011 3:32 PM
Joined: Jul 2008
Posts: 47
JPFolks Offline
journeyman
Offline
journeyman
Joined: Jul 2008
Posts: 47
How do you block all the chinese IPs?

Also, I believe we may have had a password breach on our board. We're still using 7.01 so according to the recent security breach warning, it did not apply to us since we were not 7.3 or after. Who do we talk to about this?

Brian


Brian Austin Whitney
Founder
Just Plain Folks Music Organization
www.justplainfolks.org
Re: Security Breach [Re: Basil] #246549 11/03/2011 4:18 PM
Joined: Jun 2006
Posts: 1,344
gliderdad Offline
veteran
Offline
veteran
Joined: Jun 2006
Posts: 1,344
If your not comfortable doing the upgrade, I would contact Gizmo

To block countries you would need to do so via an .htaccess file and block ip's

http://www.wizcrafts.net/chinese-blocklist.html

http://www.countryipblocks.net/country-blocks/cidr/?country=KR&view_country_ips=Submit+Query

Re: Security Breach [Re: Basil] #246550 11/03/2011 5:40 PM
Joined: Jun 2006
Posts: 81
Mike L Offline
member
Offline
member
Joined: Jun 2006
Posts: 81
Yes. A .htaccess file is one way that works for blocking http requests and is the easiest and often the only option if you are on a hosted account.

However iptables/netfilter is best, but is far more complex to configure and is not an option for many (most?). It was beyond my talents before doing a LOT of reading.

Re: Security Breach [Re: Basil] #246567 11/05/2011 1:36 PM
Joined: Jul 2008
Posts: 47
JPFolks Offline
journeyman
Offline
journeyman
Joined: Jul 2008
Posts: 47
We have an IP ban feature built into 7.01. Would that work? Is there a way to paste in a range of IPs? Russia is the other country we'd like to block. I tried blocking anything that had a .ru but that didn't slow them down. We get 60+ bogus sign up attempts per day.

Is 7.01 at risk? If so they should have said that and not singled out only 7.3 and newer!

Thanks for the help guys,

Brian


Brian Austin Whitney
Founder
Just Plain Folks Music Organization
www.justplainfolks.org
Re: Security Breach [Re: Basil] #246572 11/06/2011 8:20 AM
Joined: Jun 2006
Posts: 1,344
gliderdad Offline
veteran
Offline
veteran
Joined: Jun 2006
Posts: 1,344
I am guessing you are using an .htaccess or iptables for the ip ban? That has nothing to do with the software and you should be fine.

Any version under the current version could be a risk. Just like your computer, web server software it is strongly recommended and advised to stay up to date with current versions.

If looked at the old change logs, you will see many bugfixes. Those could also have some security security fixes as well. There was a lot changed from v7.01 to v7.3 and probably would have been a lot to find and patch.

I think there should be a time that version numbers reach and EOL for support such as patches and stuff as its harder on the developers to keep so many versions up to date.

Re: Security Breach [Re: Basil] #246595 11/06/2011 8:32 PM
Joined: Apr 2007
Posts: 3,938
SD Offline
Former Developer
Offline
Former Developer
Joined: Apr 2007
Posts: 3,938
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1

you are at risk there, if someone really wants to hack in..

Re: Security Breach [Re: SD] #246607 11/06/2011 11:33 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Originally Posted by Sirdude
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1
+1


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Security Breach [Re: SD] #247052 11/26/2011 1:44 PM
Joined: Aug 2006
Posts: 583
Basil Offline OP
old hand
OP Offline
old hand
Joined: Aug 2006
Posts: 583
Originally Posted by Sirdude
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1

you are at risk there, if someone really wants to hack in..


That's what I am running. As I said in my original post running the latest version with the security patch that came out recently.

Update: Never mind. Your post said RE: Basil, but I'm guessing your meant your comment for another user. My bad.

Last edited by Basil; 11/26/2011 1:47 PM.
Re: Security Breach [Re: Mike L] #247053 11/26/2011 1:52 PM
Joined: Aug 2006
Posts: 583
Basil Offline OP
old hand
OP Offline
old hand
Joined: Aug 2006
Posts: 583
Originally Posted by Mike L
Can't help much with the breach, but would suggest locking out ALL IP addresses from China.


I've been thinking about that for awhile. Every time I get some bogus user from China sign up, I check what range of IPs their provider is and put the entire range in my iptables on my server. By now I've probably got half the IPs in China blocked. Guess I need to just go get the rest of them in there as well.


Forum Search
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Mobile app?
by Baldeagle - 12/06/2019 9:32 PM
How do you change Text Line spacing?
by jorb - 11/23/2019 12:14 AM
What happened to FAQ or Forum Help
by Ruben - 11/20/2019 11:58 AM
Search feature encountering an Error message
by jorb - 11/20/2019 12:06 AM
Followed List v7.7.2 Question
by Ruben - 11/12/2019 12:22 PM
Who's Online Now
1 registered members (JAISP), 66 guests, and 413 spiders.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Sky places
Sky places
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Snapshot build 20191023)