Apache Server at threadsdev.com !!! Oh! more secure !! LOL UBBThreads ver 5.5.1 FREE DOWNLOAD IF ANY BODY GOT SOME PROBLEMS WITH THIS PRODUCT PLZ SEND MAIL TO US : compume2000@hotmail.com , condor@phreaker.net and will be HAPPY :-) UBBThreads ver 9.0.4 MMMMMM THIS VER WILL BE AVAILABLE IN Apr 5 2222 -%2 AD SO PLZ SEND MONEY TO US AFTER SEND THIS MASSAGE ( 100$ for STUPID USER !! ) , ( 200$ for idiot USER) and finally ( 0$ for moron USER)
alr I apologize. As I recall you had asked to be removed as a user from that board at threadsdev and were. When I restored it from a backup after moving the site I apparantly restored you too. I take full credit for that, as well as the fact that I seemingly restored this person's Admin rights, which allowed him to email all of the registered users via the admin panel.
If you'll email me again with the two users or email addresses he mailed to I'll remove you from the current database before I turn the site back on.
Datal, I apologize to you as well if you received the wrong information as to what seemingly occured.
I say seemingly because primary indications are that I restored something I shouldn't have but I am not 100% sure, just 99%. When I know for sure I will post the full story but that is what it looks to be at the moment.
It doesn't really inspire much confidence that threadsdev.com is constantly hacked. Is this a problem with UBBThreads or is it a problem with your server set-up or is it a problem with PHP? Are we (ie UBBThreads users) all at risk from the sort of attacks that the site is being subjected to and if so what steps should we take to prevent our sites from being attacked?
Basically, the very first time it was hacked was my fault. They used the bug with file uploads to upload a php shell and database script. So, I fixed that bug and closed the hole. One of the times was due to admins not changing their password. Another one was at the time that the bug existed they uploaded that shell and database script to another forum on the server. Using that they were able to overwrite the config.inc.php file on threadsdev.com and read the database (grab the passwords). Threadsdev was moved to a new server but not all the passwords were changed.
Hopefully that clears things up. The main thing everyone should do to keep their forums safe is never, never, never, never, never allow .php files to be uploaded, or you'll be cleaning up for quite some time as you can see <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" />
------------------- Rick Baker UBBThreads developer
I just "upgraded" my license to UBBThreads a couple of days ago, and this hacking thing (the site still isn't up yet as I post this) coupled with the problems that I'm having importing my UBB messages is really terrifying me.
I too got the same email as alr and have a few sites which allow uploads. What is the best way to make sure that php scripts are not uploaded (apart from disabling uploads altogether)?
First thing is make sure you are running 5.5.1. Second is use the allow files option in the config file and only allow extensions that you need. A good start is to only allow the following:
.zip,.txt,.jpg,.gif,.png
------------------- Rick Baker UBBThreads developer
Whats the status of the forum? we have been without a place to converse with our hacks and such for a while. I think personally if there was indeed a backup then I could have restored my system in a little bit right after deleting the old admin names that caused this plaque.
No data was lost on this but there are a few other reasons for the delays. The main one being that we want to make sure that things are secure before firing it back up. If everyone wants a threads board to discuss things on in the meantime you can use UBBCentral until the threadsdev site comes back up. I don't have all the details on the status of threadsdev so I can't give a timeframe.
------------------- Rick Baker UBBThreads developer
The site is up but you get an error if you were logged in. I'm trying to figure out how to make the portal entry page work with the new version. (shhhh <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" /> )
Good timing... I just started to work on version 2.0 of the UBB -> UBBT import script <img border="0" title="" alt="[Wink]" src="images/icons/wink.gif" />
</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face="">First thing is make sure you are running 5.5.1. Second is use the allow files option in the config file and only allow extensions that you need. A good start is to only allow the following:</font><hr /></blockquote><font size="" face="">For those of us who have severely hacked boards (meaning upgrading is a royal pain), any chance we could get the code to fix this up? Feel free to email me at destes@ix.netcom.com if you don't want to post the details of the security problem publicly.
Thanks much <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />
-Steve Estes (Tyriel) Forum Mod and Member, Guardians of Destiny, www.GofD.org AIM: EnderW271 ICQ: 6854118 Email: destes@ix.netcom.com
Whenever possible I do post the actual code fixes. However this one required a pretty hefty change throughout addpost.php to fix so I wasn't able to do so.
------------------- Rick Baker UBBThreads developer