|
Joined: Aug 2006
Posts: 583
old hand
|
old hand
Joined: Aug 2006
Posts: 583 |
Not really a "bug" but not sure where else to post this. I am running the latest version with the security patch. Today I was notified that there were some "anonymous" posts showing up in the "Active Topics" that were in a "non-existent" forum. Sure enough, there was a thread in a forum that had long been closed, but somehow someone was posting replies in that thread without being a member. The original thread was a legit thread, but there were dozens of recent replies that all had links to porno sites. I recorded all the IP addresses and did a search in my server's log file.
Here is an example of what I found associated with one of those IPs:
123.234.47.195 - - [29/Oct/2011:16:30:26 -0400] "POST /xxxxxxx/ubbthreads.php HTTP/1.0" 302 - "http://www.xxxxxxxxxxxx.com/xxxxxxx/ubbthreads.php/topics/235868/2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
The permissions in the closed forum would not have (or should not have) allowed anyone not a registered member to post, but somehow someone did. Any thoughts or ideas?
|
|
|
|
Joined: Jun 2006
Posts: 81
member
|
member
Joined: Jun 2006
Posts: 81 |
Can't help much with the breach, but would suggest locking out ALL IP addresses from China. Not likely you have any legit users from there (then again you might, I don't know).
One thing for sure is that China is the source of a LOT of undesired internet traffic. Blocking out the complete range of IP addresses gets rid of the largest source of mischief.
|
|
|
|
Joined: Jul 2008
Posts: 50
Journeyman
|
Journeyman
Joined: Jul 2008
Posts: 50 |
How do you block all the chinese IPs?
Also, I believe we may have had a password breach on our board. We're still using 7.01 so according to the recent security breach warning, it did not apply to us since we were not 7.3 or after. Who do we talk to about this?
Brian
|
|
|
|
Joined: Jun 2006
Posts: 1,344
veteran
|
veteran
Joined: Jun 2006
Posts: 1,344 |
|
|
|
|
Joined: Jun 2006
Posts: 81
member
|
member
Joined: Jun 2006
Posts: 81 |
Yes. A .htaccess file is one way that works for blocking http requests and is the easiest and often the only option if you are on a hosted account.
However iptables/netfilter is best, but is far more complex to configure and is not an option for many (most?). It was beyond my talents before doing a LOT of reading.
|
|
|
|
Joined: Jul 2008
Posts: 50
Journeyman
|
Journeyman
Joined: Jul 2008
Posts: 50 |
We have an IP ban feature built into 7.01. Would that work? Is there a way to paste in a range of IPs? Russia is the other country we'd like to block. I tried blocking anything that had a .ru but that didn't slow them down. We get 60+ bogus sign up attempts per day.
Is 7.01 at risk? If so they should have said that and not singled out only 7.3 and newer!
Thanks for the help guys,
Brian
|
|
|
|
Joined: Jun 2006
Posts: 1,344
veteran
|
veteran
Joined: Jun 2006
Posts: 1,344 |
I am guessing you are using an .htaccess or iptables for the ip ban? That has nothing to do with the software and you should be fine.
Any version under the current version could be a risk. Just like your computer, web server software it is strongly recommended and advised to stay up to date with current versions.
If looked at the old change logs, you will see many bugfixes. Those could also have some security security fixes as well. There was a lot changed from v7.01 to v7.3 and probably would have been a lot to find and patch.
I think there should be a time that version numbers reach and EOL for support such as patches and stuff as its harder on the developers to keep so many versions up to date.
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1
you are at risk there, if someone really wants to hack in..
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1 +1
|
|
|
|
Joined: Aug 2006
Posts: 583
old hand
|
old hand
Joined: Aug 2006
Posts: 583 |
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1
you are at risk there, if someone really wants to hack in.. That's what I am running. As I said in my original post running the latest version with the security patch that came out recently. Update: Never mind. Your post said RE: Basil, but I'm guessing your meant your comment for another user. My bad.
Last edited by Basil; 11/26/2011 2:47 PM.
|
|
|
|
Joined: Aug 2006
Posts: 583
old hand
|
old hand
Joined: Aug 2006
Posts: 583 |
Can't help much with the breach, but would suggest locking out ALL IP addresses from China. I've been thinking about that for awhile. Every time I get some bogus user from China sign up, I check what range of IPs their provider is and put the entire range in my iptables on my server. By now I've probably got half the IPs in China blocked. Guess I need to just go get the rest of them in there as well.
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
0 members (),
815
guests, and
186
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|