on random and not-rare-enough occasion, i will get bursts of like 20-30 "mail delivery error" emails. its horrible, but i get spam everywhere, so i think nothing of it.

however, recently, my host temporarily suspended my account because of reports that i had a script phishing emails. i went through my folders and couldn't see anything blatant, but they persist.

the best we can do to locate the problem is in my boards. i could just delete and clean install, but its a heavily modded beast, and i'd hate to lose all the pretty colors.

any advice or suggestions on how to slay the phish monster?

if it helps, here are some headers of an email supposedly sent from me:

--------------------------
Your account has been suspended for sending out phishing mail and blacklisting
the server.

The following is a sample of such mail.


X-HmXmrOriginalRecipient: donbuckley713@hotmail.com
X-Message-Status: n:0
X-SID-PRA: service@paypal-usa.com
X-Message-Info:
txF49lGdW42nHkihnciyRA8dt81i40jVQoEjQRmnHBETj6spJfUCESeFy9SXv0na
Received: from cerebus.lunarpages.com ([209.200.254.239]) by
bay0-mc7-f21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Mon, 7 May 2007 09:47:29 -0700
Received: from robkam2 by cerebus.lunarpages.com with local (Exim 4.63)
(envelope-from <robkam2@cerebus.lunarpages.com>)
id 1Hl6Mz-0002se-7m
for donbuckley713@hotmail.com; Mon, 07 May 2007 09:47:29 -0700
To: donbuckley713@hotmail.com
Subject: Your payment has been sent
From: service@paypal-usa.com
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
Message-Id: <E1Hl6Mz-0002se-7m@cerebus.lunarpages.com>
Date: Mon, 07 May 2007 09:47:29 -0700
X-AntiAbuse: This header was added to track abuse, please include it with any
abuse report
X-AntiAbuse: Primary Hostname - cerebus.lunarpages.com
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [32539 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - cerebus.lunarpages.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php
X-Source-Dir: robkamphausen.com:/public_html/ubbthreads
Return-Path: robkam2@cerebus.lunarpages.com
X-OriginalArrivalTime: 07 May 2007 16:47:29.0277 (UTC)
FILETIME=[66502AD0:01C790C7]

--------------------------

Rob - still running 6.5?

There's old bugs in there for sure that can be exploited in many ways, email phishing probably the least of your worries - at *least* update to 6.5.5

You're gonna need to go through file-by-file and check the files on your site, there were holes that allowed uploading of shell scripts and from there most anything else.

hey double a

yeah, still 6.5

i've never been brazen enough to upgrade, because of all the effort i put into making that version purdy. but, i guess its gotten to the "have to" point.

maybe i'll do like you said, and just go to 6.5.5, or 6.7 -- or something pre 7, anyway. try to get the most out of the product at the level i'm at, without having to rework everything.

its been awhile... does the documentation show you where the upgrades are, from 6.5 to 6.x? i.e; what files i'll have to alter? (i dont want to accidentally write over half of a mod because it was "different" when comparing)

and... actually... i dont know where to get older versions of threads anymore.

even your "UBB.Threads 6.5.5 Released" announcement doesn't work anymore

6.5.5 is the latest in the threads branch (pre7); it can be found in the UBBCentral.com members area.

thanks gizmo!

guess i gotta renew the ole membership

I say, if it protects the integrity of your site, and your server, it's well worth it

That's an easy 'duh'

purdy don't count when you get pwned by a script kiddie fresh outta stuff to do and summer's only 2 days old

I rather like "Purdy doesn't count when some script kiddie puts a mallicious script on your server that nukes your sql database, then removes all data from your webspace"

ok, $125 later, and i have my 6.5.5 (membership expired 1-1-05!)

so... any good source for finding out what, exactly, was changed between 6.5 and 6.5.5? to try to make this upgrade as painless as possible?

I use Beyond Compare ( www.scootersoftware.com ) to find out the total differences.

CC was pretty good about noting the differences, check the announcements at ubbcentral for each release. You can also check out the upgrade files and their associated changes.

heya double a

i have beyond compare (i believe from your recommendation a few years ago!), but so much is modded on my board, it'll pick up [i]every[i] change, and not just the upgrade between 6.5 and 6.5.5

i'll poke around on ubbcentral to see if there's an actual list. looks like most of the discussion, tho, is just about the general changes (i.e; this type) and not an actual list of which files i should be poking around in.

the "upgrade_changes.txt" file is probably what i need, though its unfortunately a little daunting for a jump from 6.5 to 6.5.5.

i wonder if this is all i need?

I would normally have 2 instances of BC open - one to compare un-modified copies of 6.5 to 6.5.5 and another to compare 6.5.5 to my currently used files - those changes in the unmodified versions I would then hop over to the other instance and make the changes there.

You can't really stop with 6.5.4, as a couple more security holes were found by script kiddies that allowed them to upload shell scripts and take over servers - hence 6.5.5

Your problem is gonna be that most files were changed going from 6.5 to 6.5.5, will take you hours to get them all in. If it were me I'd move straight to 7.1.1 and forget trying to save those little bits and pieces. An hour of template work and you can make 7.1.1 look an awful lot like what you are running now.

i agree

Yep - jump straight to 7.x and if you need any assistance - just ask

its looking more and more inevitable that i will have to move to 7.x ;(

i have some questions, if you'll entertain them:

• 1) do i download the full 7.1.1 version from the member's area? or do i get the importer from threads 6.5.x?
  
  2) its been awhile since i've put in a new version -- do i clear out my ubbthreads folder first, and just upload all the clean files? ...and does that depend on how you answer question #1?

i'm also interested in the status of some mods/hacks that were popular on my current 6.5 boards. i don't know much about this latest version, so can you help me with this check list and tell me if 7.x offers:

• 1) article hack - it places an alternate "showflat" template in any forum you choose. i use it extensively on my forum blog
  
  2) forum instructions - the ability to add text/images above the threads on postlist.php
  
  3) sig images
  
  4) hidden forums
  
  5) group PMs
  
  6) limit access to forums by post count -

bah, my brain is kinda exploding now with general apprehension. if you take a quick gander at my boards, you think much, if not all, of what i've done and added can be brought to life with relative ease in the new world?

You will want the full (latest) version and the importer; you will need both.

Going from 6.x to 7.x isn't an upgrade; it's a seperate install with an import of your 6.x board; theres an upgrade guide here


RE: Hacks; I don't think any of those are in 7 (as stock or as mods).

ok, gonna go get started -- thanks!




bah!

as if i'm not having a hard enough time...

so, i started the install/import process a few days ago. about 2 hours in to the import, when i was processing thread 36k something out of 44k something, my server host disabled the threads_importer.php file because it caused too much of a CPU drain, or something.

after hours and days of fighting with them, explaining that this is the only way i can update my boards and fix the initial security problem, i finally got back to the process again, today.

i bookmarked the last URL before the file was disabled, so that i didn't have to start the import process from the beginning again. however, about 3 minutes into it this time, it now hangs on a specific thread, and wont go any further.

it gets to Processing topics (38013 - 38032) of 44721 total topics., and the 9th thread on the page, but just sits forever until IE times out.

nothin is working for me!!!!!

any idea what the problem is there, or what i can do to avoid it?

also, and i know i'm only half-way through the process, but now my mysql database has ballooned to twice its original size. and, because my forums are so big, thats an enormous size!

once my new 7.1 boards are up and running, is there anything i can do to remove the 6.5 info from the database, so that it cuts in half again? (or is that something that happens automatically at the end of the upgrade?)

Ie has its own timeout, just load it in firefox and let it go; FFox has a much MUCH longer timeout than IE.

As for the size, it stores both an "original" and a "formatted" version of every posting; so it will be huge. No way to fix it. It will not go down.

holy crap. wull thats ... pretty disappointing to hear, to say the least.

i finally finished the install of 7.1.1, but this database issue seems like it will cause me all sorts of new problems. i was workin on a huge database before with a 130mb gz backup file. now, its 278mb!

its pretty unbelievable. why were things set up in this new fashion? doesn't it cause issues all over the place?

does the fact that i'm using an all new table prefix (ubbt instead of w3t) mean anything? i mean, is it a scenario where all the w3t portions of my database can be nixed to free up space, or did everything just get converted and ballooned?

helps optimize things; rick talked about it at central.

and the table prefix opton doens't matter; the ubb7 default is differant than 6, and i'm using threads_ and ubb_ on mine

ahh, so its not like my old boards are taking up space in w3t, and my new ones are doubling it with all the same threads at ubbt?

just double checking.

i haven't deleted my old boards yet (just copying over the settings, first. might take me another day or so.)

if thats just the way it is, then i still might be in a crapload of trouble. my cpanel lists my MySQL disk space at 1824.37 megabytes. which... is big.

i dont remember off the top of my head what it was prior to 7.1.1, as i only ever really looked at the cron backup file sizes, but i know it was never even close to that.

these message boards are the only thing using my database. its a huge message board, true, but... should it really be taking up that much space?

7.x will be double the size of 6.x; as posts are stored twice; all posts, no way around it whatsoever.

BTW, your board isn't huge, talk to Ian, his are huge lol

man, that is nutty.

now, after all the trouble getting rid of the old boards to please my server hosts, i'm worried they're gonna come after me for having too large of a database! (never got so close to 2GB before!)

on a side note, i gotta admit i'm pretty impressed that the GZ can compress the database backup that much! 1.8 gb to less than 300 mb is amazing!

other than literally deleting threads/members, is there anything else you can think of that i can do to sorta ease the burden of the beast a bit?

Other than begging Rick for some sort of flatfile archiving system (like i've been trying for a while)