Previous Thread
Next Thread
Print Thread
Hop To
Many ubbthreads sites seem compromised. #250181 09/10/2012 2:56 AM
Joined: Jun 2006
Posts: 215
smallufo Offline OP
enthusiast
OP Offline
enthusiast
Joined: Jun 2006
Posts: 215
First , there are files injected into this dir :
${ubbthreads}/images/forumimages/default

Code
-rw-r--r--  1 x x    23 2011-12-18 12:09 exploit.conf
-rw-r--r--  1 x x   993 2011-12-13 11:56 cons.php
-rw-rw-rw-  1 x x 40756 2011-11-19 16:06 admin_2011.php
-rw-r--r--  1 x x 77035 2011-09-23 00:06 gold.php
-rw-rw-rw-  1 x x    34 2011-09-15 16:28 config.php


And then , I notice a lot of 'POST action' to admin_2011.php , modifying includes/header.php and includes/footer.php
That's why there's another thread complaining unwanted Google Ads shown.
I think UBBT team should take actions ASAP !

Most important of all , find out how these PHPs are injected to the directory , are there any exploits within ? (7.5.6p2)

By the way , the attacking IPs are from China : 118.253.12.77 , 101.226.33.201

If admin needs these exploit files , just tell me.



English is not my native language.
I try my best to express my thought precisely.
I hope you understand what I mean.
If any misunderstanding results from culture gaps , I apologize first.
Re: Many ubbthreads sites seem compromised. [Re: smallufo] #250186 09/10/2012 8:53 AM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
There is already a thread here discussing this issue; as well as a temporary measure included by me on page 2 (using HTAuth to secure the admin panel); I don't think that a formal "fix" has been issued yet though.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Many ubbthreads sites seem compromised. [Re: smallufo] #250187 09/10/2012 4:29 PM
Joined: Nov 2004
Posts: 173
luket Offline
enthusiast
Offline
enthusiast
Joined: Nov 2004
Posts: 173
I can no longer access my site, I get a
ERR_CONTENT_DECODING_FAILED

When trying to view my site..


Member since November 2004
Gold Member since Feb 2008
Re: Many ubbthreads sites seem compromised. [Re: luket] #250189 09/10/2012 5:50 PM
Joined: Dec 2003
Posts: 5,998
Ruben Offline
Offline
Joined: Dec 2003
Posts: 5,998
Originally Posted by luket
I can no longer access my site, I get a
ERR_CONTENT_DECODING_FAILED

When trying to view my site..

I see your board is closed for Maintenance.
No error.
Also your breadcrumb navigation links to
http://www.iana.org/domains/example/
Which is not a valid home page for you.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Many ubbthreads sites seem compromised. [Re: smallufo] #250191 09/10/2012 6:33 PM
Joined: Jul 2008
Posts: 47
JPFolks Offline
journeyman
Offline
journeyman
Joined: Jul 2008
Posts: 47
Hey Guys,

I seem to have been hacked for the first time. The delete member button row below the member profile has been removed so I must use an old cached page to access that area and manually change the member number to access it. Perhaps this is a known or old problem for a version as old as ours. We've been hoping for the new version for years like many others but now we've been bitten.

Suggestions short of updating it? And perhaps if it's hacked, updating will be an issue? Our folks have actually been satisfied mostly with the site as is, short of wish it had functionality to react to Facebook, Twitter etc.

Thanks for any light you guys can shed!

Brian
www.justplainfolks.org


Brian Austin Whitney
Founder
Just Plain Folks Music Organization
www.justplainfolks.org
Re: Many ubbthreads sites seem compromised. [Re: Ruben] #250192 09/10/2012 7:15 PM
Joined: Nov 2004
Posts: 173
luket Offline
enthusiast
Offline
enthusiast
Joined: Nov 2004
Posts: 173
Hi Ruben,

Yeah, my site was totally borked.
By reinstalling various directories I was able to recover my forums, but my portal page is gone as well as my layout - shoutbox etc.

What folder is that layout info in? I have backups of the various folders, but I'm nervous of overwriting stuff.

More info: I restored Styles and that didn't restore my layout. I then restored Includes from a couple days ago and that broke my site again. it it would seem that the Includes folder is indeed corrupt.

Last edited by luket; 09/10/2012 7:22 PM.

Member since November 2004
Gold Member since Feb 2008
Re: Many ubbthreads sites seem compromised. [Re: smallufo] #250193 09/10/2012 7:46 PM
Joined: Nov 2004
Posts: 173
luket Offline
enthusiast
Offline
enthusiast
Joined: Nov 2004
Posts: 173
Okay, it looks like the config.inc.php is borked.. not sure what's going on here. I have two copies, one allows me to see my forums but has no formatting or layout (just standard UBB), the other one shows layout but clicking on a forum gives me:

Not Found

The requested document was not found on this server.
Web Server at game-master.net


Member since November 2004
Gold Member since Feb 2008
Re: Many ubbthreads sites seem compromised. [Re: JPFolks] #250293 09/18/2012 3:07 AM
Joined: Jul 2008
Posts: 47
JPFolks Offline
journeyman
Offline
journeyman
Joined: Jul 2008
Posts: 47
Hi Folks,

Okay we figured out what was causing this problem. It seems Google Chrome is the issue and it is cutting off the bottom tabs for some reason. We got it to work fine with Explorer and Firefox. We have another known issue with Explorer where our users have to be in compatibility mode to use the site, so many switched to using Chrome including our moderators. So now we'll have to switch back.

We may be the only people still using our version of the software. With no updates on progress in quite some time, what should we do? We don't have the tech ability most seem to have. We bought the Gold License, have been licensed users since 1999, have unfulfilled tech support hours we paid for but I can't figure out a pathway forward but have no interest going elsewhere. It would really be helpful just to know what the plan is, or if there is no plan, about going forward with new versions and support beyond other users?

Brian


Brian Austin Whitney
Founder
Just Plain Folks Music Organization
www.justplainfolks.org
Re: Many ubbthreads sites seem compromised. [Re: smallufo] #250295 09/18/2012 5:29 AM
Joined: Dec 2003
Posts: 228
Pilgrim Offline
enthusiast
Offline
enthusiast
Joined: Dec 2003
Posts: 228
We have been assured by the owner, HERE, that the update WILL be forthcoming and released in the not-too-distant future; c. 1 to 2 months. So, I wouldn't be throwing up your hands at this point as if all is lost. There are still quite a large number of customers using UBBThreads. It is a notorious mistake to judge the quality of a product or the health of a software/hardware company from what is posted on a user forum. Most often only a very small minority of people are active on such forums, many just 'lurk' and the majority don't even know they exist. grin


Artificial Intelligence is no match for natural stupidity!
Re: Many ubbthreads sites seem compromised. [Re: smallufo] #250299 09/18/2012 8:59 AM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Well, if you have a gold license, and you aren't running the latest build, I'd highly advise that you get upgraded to the latest version for SECURITY.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!

Forum Search
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Mobile app?
by Baldeagle - 12/06/2019 9:32 PM
How do you change Text Line spacing?
by jorb - 11/23/2019 12:14 AM
What happened to FAQ or Forum Help
by Ruben - 11/20/2019 11:58 AM
Search feature encountering an Error message
by jorb - 11/20/2019 12:06 AM
Followed List v7.7.2 Question
by Ruben - 11/12/2019 12:22 PM
Who's Online Now
1 registered members (may), 68 guests, and 423 spiders.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Sky places
Sky places
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Snapshot build 20191023)