Previous Thread
Next Thread
Print Thread
Hop To
#246505 10/29/2011 6:49 PM
Joined: Aug 2006
Posts: 583
old hand
old hand
Joined: Aug 2006
Posts: 583
Not really a "bug" but not sure where else to post this. I am running the latest version with the security patch. Today I was notified that there were some "anonymous" posts showing up in the "Active Topics" that were in a "non-existent" forum. Sure enough, there was a thread in a forum that had long been closed, but somehow someone was posting replies in that thread without being a member. The original thread was a legit thread, but there were dozens of recent replies that all had links to porno sites.
I recorded all the IP addresses and did a search in my server's log file.

Here is an example of what I found associated with one of those IPs:

123.234.47.195 - - [29/Oct/2011:16:30:26 -0400] "POST /xxxxxxx/ubbthreads.php HTTP/1.0" 302 - "http://www.xxxxxxxxxxxx.com/xxxxxxx/ubbthreads.php/topics/235868/2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

The permissions in the closed forum would not have (or should not have) allowed anyone not a registered member to post, but somehow someone did. Any thoughts or ideas?



Basil #246511 10/31/2011 4:12 PM
Joined: Jun 2006
Posts: 81
M
member
member
M Offline
Joined: Jun 2006
Posts: 81
Can't help much with the breach, but would suggest locking out ALL IP addresses from China. Not likely you have any legit users from there (then again you might, I don't know).

One thing for sure is that China is the source of a LOT of undesired internet traffic. Blocking out the complete range of IP addresses gets rid of the largest source of mischief.

Basil #246545 11/03/2011 4:32 PM
Joined: Jul 2008
Posts: 50
J
Journeyman
Journeyman
J Offline
Joined: Jul 2008
Posts: 50
How do you block all the chinese IPs?

Also, I believe we may have had a password breach on our board. We're still using 7.01 so according to the recent security breach warning, it did not apply to us since we were not 7.3 or after. Who do we talk to about this?

Brian


Brian Austin Whitney
Founder
Just Plain Folks Music Organization
www.justplainfolks.org
Basil #246549 11/03/2011 5:18 PM
Joined: Jun 2006
Posts: 1,344
G
veteran
veteran
G Offline
Joined: Jun 2006
Posts: 1,344
If your not comfortable doing the upgrade, I would contact Gizmo

To block countries you would need to do so via an .htaccess file and block ip's

http://www.wizcrafts.net/chinese-blocklist.html

http://www.countryipblocks.net/country-blocks/cidr/?country=KR&view_country_ips=Submit+Query

Basil #246550 11/03/2011 6:40 PM
Joined: Jun 2006
Posts: 81
M
member
member
M Offline
Joined: Jun 2006
Posts: 81
Yes. A .htaccess file is one way that works for blocking http requests and is the easiest and often the only option if you are on a hosted account.

However iptables/netfilter is best, but is far more complex to configure and is not an option for many (most?). It was beyond my talents before doing a LOT of reading.

Basil #246567 11/05/2011 2:36 PM
Joined: Jul 2008
Posts: 50
J
Journeyman
Journeyman
J Offline
Joined: Jul 2008
Posts: 50
We have an IP ban feature built into 7.01. Would that work? Is there a way to paste in a range of IPs? Russia is the other country we'd like to block. I tried blocking anything that had a .ru but that didn't slow them down. We get 60+ bogus sign up attempts per day.

Is 7.01 at risk? If so they should have said that and not singled out only 7.3 and newer!

Thanks for the help guys,

Brian


Brian Austin Whitney
Founder
Just Plain Folks Music Organization
www.justplainfolks.org
Basil #246572 11/06/2011 9:20 AM
Joined: Jun 2006
Posts: 1,344
G
veteran
veteran
G Offline
Joined: Jun 2006
Posts: 1,344
I am guessing you are using an .htaccess or iptables for the ip ban? That has nothing to do with the software and you should be fine.

Any version under the current version could be a risk. Just like your computer, web server software it is strongly recommended and advised to stay up to date with current versions.

If looked at the old change logs, you will see many bugfixes. Those could also have some security security fixes as well. There was a lot changed from v7.01 to v7.3 and probably would have been a lot to find and patch.

I think there should be a time that version numbers reach and EOL for support such as patches and stuff as its harder on the developers to keep so many versions up to date.

Basil #246595 11/06/2011 9:32 PM
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1

you are at risk there, if someone really wants to hack in..

SD #246607 11/07/2011 12:33 AM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Originally Posted by Sirdude
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1
+1


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
SD #247052 11/26/2011 2:44 PM
Joined: Aug 2006
Posts: 583
old hand
old hand
Joined: Aug 2006
Posts: 583
Originally Posted by Sirdude
i'd highly recommend going to version 7.5.6 with patches, if you are running 7.0.1

you are at risk there, if someone really wants to hack in..

That's what I am running. As I said in my original post running the latest version with the security patch that came out recently.

Update: Never mind. Your post said RE: Basil, but I'm guessing your meant your comment for another user. My bad.

Last edited by Basil; 11/26/2011 2:47 PM.
Mike L #247053 11/26/2011 2:52 PM
Joined: Aug 2006
Posts: 583
old hand
old hand
Joined: Aug 2006
Posts: 583
Originally Posted by Mike L
Can't help much with the breach, but would suggest locking out ALL IP addresses from China.

I've been thinking about that for awhile. Every time I get some bogus user from China sign up, I check what range of IPs their provider is and put the entire range in my iptables on my server. By now I've probably got half the IPs in China blocked. Guess I need to just go get the rest of them in there as well.


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
1 members (Ruben), 476 guests, and 111 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)