Previous Thread
Next Thread
Print Thread
Rate Thread
#82321 03/13/2002 2:03 PM
Joined: Dec 2001
Posts: 699
Member
Member
Offline
Joined: Dec 2001
Posts: 699
Has it been all disabled or just in sigs?

**tests**

[Linked Image]

If it's all, I guess it's since that redirect thingy...

Sponsored Links
#82322 03/13/2002 2:31 PM
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
Spotlight Winner
Offline
Joined: Jun 2001
Posts: 2,849
Okay, so we have some locked threads and scarce information about someone using the img tags to grab cookies. There doesn't seem to be any discussion about it or updates and since this place is inhabited by UBB owners I think that's pretty bad.

I think that we deserve more than a couple words and locked threads. If there is a threat then let us know. If there is an interim fix then give it to us. If you have nothing then let us know that.

#82323 03/13/2002 2:43 PM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Stay tuned. A fix is being worked on right now and an official announcement is forthcoming.

In the mean time you may disable the IMG code on your sites if you are concerned.

Forgot to mention....if your password here was the same as your FTP, Admin, or User accounts on your own web sites shame on you. Go change them as well, and use a unique password for each!

#82324 03/13/2002 2:50 PM
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
Admin Emeritus
Joined: Jan 2000
Posts: 5,073
The IMG tag was disabled to be 110% sure that the compromise could not be reproduced while I was developing a filter. Now that the filter has been developed, the IMG tag will be re-enabled, though not in signatures.

6.2.1.1 will be released shortly with the additional filtering.


UBB.classic: Love it or hate it, it was mine.
#82325 03/13/2002 2:58 PM
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
Spotlight Winner
Offline
Joined: Jun 2001
Posts: 2,849
Can we have the info on exactly what is different so that we can implement without disturbing the hacked boards?

Sponsored Links
#82326 03/13/2002 3:00 PM
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
Admin Emeritus
Joined: Jan 2000
Posts: 5,073
The fix is a little too complicated to post here, unfortunately. However, the changes should not interfere with many existing hacks. The changes are limited to:

- lib_posting's signature appending area
- lib's check_html
- lib's imageize and related routines

You do NOT need to disable the IMG tag on your board unless you are concerned that someone might try this. I highly doubt that he'll try it anywhere else.


UBB.classic: Love it or hate it, it was mine.
#82327 03/13/2002 3:19 PM
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
Spotlight Winner
Offline
Joined: Jun 2001
Posts: 2,849
Thanks CC!

#82328 03/13/2002 3:50 PM
Joined: Mar 2001
Posts: 7,394
LK Offline
Admin / Code Breaker
Admin / Code Breaker
Offline
Joined: Mar 2001
Posts: 7,394
You won't re-enable signature images? Siggy avies are... gone? frown frown frown frown frown frown frown frown

#82329 03/13/2002 4:00 PM
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
Admin Emeritus
Joined: Jan 2000
Posts: 5,073
Not until I am 200% sure that the filters work.


UBB.classic: Love it or hate it, it was mine.
#82330 03/13/2002 4:01 PM
Joined: Mar 2001
Posts: 7,394
LK Offline
Admin / Code Breaker
Admin / Code Breaker
Offline
Joined: Mar 2001
Posts: 7,394
Oh, I thought they're gone forever! smile

Sponsored Links
#82331 03/13/2002 4:04 PM
Joined: Dec 2001
Posts: 699
Member
Member
Offline
Joined: Dec 2001
Posts: 699
quote:
Originally posted by Charles Capps:
Not until I am 200% sure that the filters work.

That'll be forever then -- it's impossible to be 200% sure wink .

#82332 03/13/2002 4:20 PM
Joined: Dec 2001
Posts: 699
Member
Member
Offline
Joined: Dec 2001
Posts: 699
Does this bug affect UBB 5?
Just wondering...

#82333 03/13/2002 5:34 PM
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
Admin Emeritus
Joined: Jan 2000
Posts: 5,073
Mmmm... a variant of it, sure. This EXACT issue is specific only to post 6.1.0 UBBs. UBB5 has not been updated in over one year. In that year+, dozens of security issues have been uncovered. Those using UBB5 need to be very cautious.


UBB.classic: Love it or hate it, it was mine.
#82334 03/13/2002 5:47 PM
Joined: Dec 2001
Posts: 699
Member
Member
Offline
Joined: Dec 2001
Posts: 699
quote:
Powered by Infopop Corporation
Ultimate Bulletin BoardTM 6.2.2 Development Beta 15.1

I wonder what the .1 added? wink

#82335 03/13/2002 6:04 PM
Joined: Jun 2001
Posts: 442
Member
Member
Offline
Joined: Jun 2001
Posts: 442
who exactly caused this trouble?
I obviously take a different view to this sort of behavior? If it happened on my board I know alot of people would be seriously p*****, it's obviously very different over here in the UK, sense of humour and tolerance!
note to remember.


Audi-Sport.net the only forum guaranteed to kill any server!
#82336 03/13/2002 6:05 PM
Joined: Jun 2001
Posts: 442
Member
Member
Offline
Joined: Jun 2001
Posts: 442
that was self censored btw, before someone has has ago at me, jeesh


Audi-Sport.net the only forum guaranteed to kill any server!
#82337 03/13/2002 6:16 PM
Joined: Sep 2000
Posts: 4,211
Master Hacker
Master Hacker
Joined: Sep 2000
Posts: 4,211
quote:
Originally posted by Wandoâ„¢:
who exactly caused this trouble?

It makes no difference, and it doesn't concern you, so stop asking. Your other thread was already closed for asking once, so you'd think that you'd learn after one time...

#82338 03/13/2002 6:22 PM
Joined: Jun 2001
Posts: 442
Member
Member
Offline
Joined: Jun 2001
Posts: 442
I think it does concern me, as I'm a license owner and someone is hacking UBB's


Audi-Sport.net the only forum guaranteed to kill any server!
#82339 03/13/2002 7:00 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
They'll be releasing bew versions for 6.2x tonight I believe... grab a copy of the latest now and tonight again when they release - then file compare the changes in.


- Allen wavey
- What Drives You?
#82340 03/13/2002 7:11 PM
Joined: Feb 2000
Posts: 4,625
Member
Member
Offline
Joined: Feb 2000
Posts: 4,625
Wando -
A fix is being worked on and should be done soon if not already as I type this. Relax. No more information is usually provided... smile

#82341 03/13/2002 8:12 PM
Joined: Jun 2001
Posts: 442
Member
Member
Offline
Joined: Jun 2001
Posts: 442
thanks Greg and Allen. Matt don't over react wink
(looks like tomorrow night I've got no choice but to beyond compare to the latset version(why do people get their kicks mucking around with others good work???))


Audi-Sport.net the only forum guaranteed to kill any server!
#82342 03/13/2002 8:31 PM
Joined: Jun 2001
Posts: 442
Member
Member
Offline
Joined: Jun 2001
Posts: 442
well I've locked down my board for the night, I've too much to lose there I'm afraid.


Audi-Sport.net the only forum guaranteed to kill any server!
#82343 03/14/2002 12:29 AM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
6.2.1.1 is now available in the Member's Area. smile

#82344 03/14/2002 3:15 AM
Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
Yeah I was wondering what the hell happened, all my questions have been answered. The fix is in 6.2.1.1 right?

#82345 03/14/2002 9:11 AM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Yes

#82346 03/14/2002 1:01 PM
Joined: Apr 2001
Posts: 711
Spotlight Winner
Spotlight Winner
Offline
Joined: Apr 2001
Posts: 711
The new version was made for the fix. tipsy

#82347 03/15/2002 1:01 AM
Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
quote:
Originally posted by dende:
The new version was made for the fix. tipsy

I thought so.
Better upgrade.
I deserve a rolleyes.

#82348 03/15/2002 1:29 AM
Joined: Apr 2001
Posts: 711
Spotlight Winner
Spotlight Winner
Offline
Joined: Apr 2001
Posts: 711
crazy guy. laugh

#82349 03/15/2002 4:10 AM
Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
Exactly. laugh

Just wondering, what files have changed from 6.2.1 to 6.2.1.1?

#82350 03/15/2002 9:35 AM
Joined: Nov 2001
Posts: 745
Admin Emeritus
Admin Emeritus
Offline
Joined: Nov 2001
Posts: 745
Lord Dexter: check here

#82351 03/15/2002 6:28 PM
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
Admin Emeritus
Joined: Jan 2000
Posts: 5,073
And you didn't just download the Upgrade Only zip because...? Sheesh.


UBB.classic: Love it or hate it, it was mine.
#82352 03/16/2002 4:30 AM
Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
quote:
Originally posted by Sub Zero:
Lord Dexter: check here

Thanks Sub Zero. laugh

#82353 03/16/2002 11:35 AM
Joined: Jun 2001
Posts: 729
Coder
Coder
Offline
Joined: Jun 2001
Posts: 729
CC, what about those of us on 6.1.0.4? Can you release a patch for us?

#82354 03/16/2002 12:30 PM
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
Admin Emeritus
Joined: Jan 2000
Posts: 5,073
Unfortunately the changes rely on routines only present in the 6.2 series...


UBB.classic: Love it or hate it, it was mine.
#82355 03/16/2002 1:48 PM
Joined: Jun 2001
Posts: 729
Coder
Coder
Offline
Joined: Jun 2001
Posts: 729
Sigh, will have to talk to someone about looking at this then for me. Even if it is 1 person who found it there might be more down the road unfortunatly. Expecialy on the type of board I run tends to attract stuff like this a times.


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
isaac
isaac
California
Posts: 1,157
Joined: July 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)