Previous Thread
Next Thread
Print Thread
Rate Thread
#285829 07/24/2005 2:27 PM
Joined: Oct 2000
Posts: 238
Enthusiast
Enthusiast
Offline
Joined: Oct 2000
Posts: 238
Hi--

My Board was attacked this weekend. My question is what do I need to do ***immediately*** to give me time to figure out what to do for a more permanent fix?

Threads version: 5.4.4php (I have yet to migrate to UBBThreads)

Discovery: I tried to login and my password had been changed.

Damage found so far: All Categories were renamed to "Admin - Lamer.Vladi - Rulezzz"

Clue: I have a new user registered 3 days ago, username Vladi.

Actions taken so far: banned username Vladi. Ran a site backup.

Is there a way I can tell what his ip address was? He made no posts under this username. I suspect banning him as a user is not much protection, so I would at least like to ban his ip host, pookmail.com, at least until I can figure out if this is the culprit. Not much protection because he probably has many e-mail addresses, even if he were to use a real one.

What else can I do short term to protect things?

Any advice as to a long term solution?

Thanks for your help!

Sponsored Links
Joined: Dec 2000
Posts: 1,471
Addict
Addict
Offline
Joined: Dec 2000
Posts: 1,471
We'll, short term protection: Shutdown the board and remove the scripts from your server. Banning IP or usernames won't protect you from such kind of attacks.

Long term solution:
Use a backup and upgrade it to the latest version of ubb.threads (and use the security mod published here) or use the latest beta version of ubb.threads.

Inform your ISP about the hack, so that they can have a look at the server and see if it has been compromised. If you're running a dedicated server, hire someone to do that for you.

Joined: Oct 2000
Posts: 238
Enthusiast
Enthusiast
Offline
Joined: Oct 2000
Posts: 238
Astaran--

Thanks for you very quick reply!

Well, I really don't want to shut it down, but will if necessary. How exactly to I go about shutting it down?

And how do I remove the scripts? Which scripts?

I'd guess I could change the file permissions for the forums directory of the site.... Am I close?

Although I have had this board for 4 or 5 years, I am definitely not a techie....

Thanks, Astaran!

Joined: Dec 2000
Posts: 1,471
Addict
Addict
Offline
Joined: Dec 2000
Posts: 1,471
I think you already managed it.
Download all files in your /forum subdirectory for backup purposes and delete the files on the server afterwards. You might want to upload a html site, explaining why the board is gone.

Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Yes, your actual forum data will be safe once you do that. Then upload a clean copy of your current forum files (5.4.4php) and upgrade immediately and delete any leftover old files once that is done.

We as site owners should understand that the minimum we must do when running a site is keep the software running it updated to current versions - it's the only way we have any chance of keeping our sites secure. Exploits will crop up still (meaning we'll have to update once the update is available), but your current files have security holes that have been widely known for years We can't force people to upgrade, but you are finding out what kiddie hackers can do now that school's out.


- Allen wavey
- What Drives You?
Sponsored Links
Joined: Oct 2000
Posts: 238
Enthusiast
Enthusiast
Offline
Joined: Oct 2000
Posts: 238
Astaran and Allen--

Thanks for the quick replies.

[]Then upload a clean copy of your current forum files (5.4.4php)[/]

Where do I find one of those, assuming I cannot find it in my backups from years ago.

SedXX #285835 07/25/2005 10:14 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Don't you fall under infopop's agreement with those who ran the old wwwthreads software? You can upgrade to the latest software for something like $32 - you'd be crazy not to


- Allen wavey
- What Drives You?
Joined: Oct 2000
Posts: 238
Enthusiast
Enthusiast
Offline
Joined: Oct 2000
Posts: 238
Allen--

Yup, I do, and I renewed last October or so, so I can still download, I think, if I can remember where to go and what the password was.

But in any case, my question was where to find a copy of 5.4.4 if I cannot locate mine, if anyone knows?

Thanks, Allen!

Last edited by dgermann; 07/26/2005 11:10 AM.
SedXX #285837 07/26/2005 11:21 AM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
I may have it on an old workstation, the best place to check tho would be at infopop tho. A link to the members area is at www.ubbcentral.com too


- Allen wavey
- What Drives You?
Joined: Dec 2000
Posts: 1,471
Addict
Addict
Offline
Joined: Dec 2000
Posts: 1,471
You won't need the old 5.4.4 files while upgrading. Just grab the new version and follow the upgrade instructions in the manual.

Sponsored Links
Joined: Mar 2000
Posts: 528
Junior Member
Junior Member
Offline
Joined: Mar 2000
Posts: 528
Aye, there are SQL upgrade scripts in there that allow you to upgrade your database structure in a stepped manner.

Now BEFORE you even do that...make sure you back up your database! There have been issues upgrading (once in a blue moon)...better to be safe than sorry.

Joined: Oct 2000
Posts: 238
Enthusiast
Enthusiast
Offline
Joined: Oct 2000
Posts: 238
Medar, Astaran, Allen--

Thanks! I will heed your advice. It is backed up. Not sure I know enough to do the upgrade myself, unless it is a simple install like running an rpm....

Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3


- Allen wavey
- What Drives You?
Joined: Oct 2000
Posts: 238
Enthusiast
Enthusiast
Offline
Joined: Oct 2000
Posts: 238
Allen--

Thanks! I have looked through this file and it looks understandable.

Their instructions say:

[]3) Use your UBB.threadsâ„¢ control panel to turn your board off.[/]

Huh? Don't think there is anything like that in the Admin stuff in 5.4.4. So am I stuck? What do they really want done here?

Their instructions also say:

[]If a step returns "FAILED" instead of "OK", please carefully copy down the exact error message provided with the failure, and contact Infopop Support for further assistance.[/]

Just how fast and reliable are they in responding? I can see posting a message there and it never being answered.... On the other hand, I know I can come here and get an answer in hours, if not minutes.

So, are there a lot of difficulties and questions that come up in this process, or is it something a newbie can do, in less than an hour, in your experience? Under an hour and it is worth it to me to understand my board better. Over an hour, and it is worth it for me to hire someone to do it....

Thanks Allen!

SedXX #285843 07/29/2005 12:25 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
In less than an hour unless your site is huge

There's quite a few steps in the database upgrading process that can take a good amount of time if your server isn't very speedy, but it's a matter of clicking on the link to go to the next step for the most part.


- Allen wavey
- What Drives You?
SedXX #285844 07/29/2005 12:26 PM
Joined: May 2001
Posts: 550
Code Monkey
Code Monkey
Offline
Joined: May 2001
Posts: 550
They are responding fast if you issue a support ticket.

Before upgrade, take a look at the infopop
http://www.ubbcentral.com/boards/postlist.php/Cat/0/Board/UBB7
for the issues that await you.

Joined: Oct 2000
Posts: 238
Enthusiast
Enthusiast
Offline
Joined: Oct 2000
Posts: 238
Anno and Allen--

Thanks for the useful estimate and the reference to the kinds of problems people are experiencing.

One question--does the upgrad software cover older versions like mine, or just a upgrade from the more recent versions?

Thanks for the very big help you are to me!

Joined: May 2001
Posts: 550
Code Monkey
Code Monkey
Offline
Joined: May 2001
Posts: 550
Not sure but I think this is explained in the document Allen linked to, as well in the documentation that accompanies the upgrade files.

Joined: Oct 2000
Posts: 238
Enthusiast
Enthusiast
Offline
Joined: Oct 2000
Posts: 238
Anno--

Thanks!

SedXX #285848 08/01/2005 11:10 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
it covers the older versions too


- Allen wavey
- What Drives You?

Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
Bill B
Bill B
Issaquah, WA
Posts: 87
Joined: December 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Morgan 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)