Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Tonight Rick released a security update for ubb.threads that fixes a newly found security exploit. Also included are 8-9 bugfixes for buglets that have been hanging around for a while.

Everyone is encouraged to update asap.

Official announcement can be found here:

http://www.ubbcentral.com/boards/showflat.php/Number/4560078


- Allen wavey
- What Drives You?
Sponsored Links
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Rick gives the quick fix in the announcement, if you don't want to over-write your mods. If you'd like to file compare in the other bugfixes, the affected files are:

/admin/createforum.php
/admin/doapproveusers.php
/install/createtable.php
/templates/default/editbasic.tmpl
/editpost.php
/ubbt.inc.php
/languages/english/instant_markup.php


- Allen wavey
- What Drives You?
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
6.5.4 Released

http://www.ubbcentral.com/boards/showflat.php/Number/4560139


"We have finished doing a full security audit after the problem found with the addpoll script in 6.5.2 and prior versions. We've released 6.5.4 to the members area at this time. This fixes one other *potential* problem script along with fixing some file # problems that crept into 6.5.3."


- Allen wavey
- What Drives You?
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Mass email sent to all members here (sorry), but there's still people out there running older versions and we're getting daily reports of them being hacked.

If you've already upgraded or run another software, please disregard the message.


- Allen wavey
- What Drives You?
Joined: May 2006
Posts: 4
Lurker
Lurker
Offline
Joined: May 2006
Posts: 4
Hi,

My site got hacked really bad this week. We are going to upgrade from 6.4.2 to 6.5.4 which I found in the members area.

Can someone give specific upgrade tips for this jump so I don't loose my IIP? I have a few other mods that I hopefully will be able to retain during the upgrade.

Sponsored Links
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
You'll want to upgrade IIP as well to current released files. It runs better anyways Current IIP files can be found here:

https://www.ubbdev.com/forum/showflat.php/Number/116683

For an idea of what features have been added since your version, check here:

http://www.ubbcentral.com/support/version.php?product=UBB.threads

A good number of "mods" are now features in the base code


- Allen wavey
- What Drives You?
Joined: May 2006
Posts: 4
Lurker
Lurker
Offline
Joined: May 2006
Posts: 4
How is the upgrade from 6.4 to 6.5? Are we better off doing a clean install?

Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
The thing is, the hackers put files everywhere. If it were me and all I basically had was a forum, I'd nuke all files (keeping a backup of config.inc.php, main.inc.php and any other config files) and re-install. Should be no problem and you'll still have all members, posts, pm's, forums, etc.

Of course I'd backup the forum first


- Allen wavey
- What Drives You?
Joined: Jun 2003
Posts: 9
Lurker
Lurker
Offline
Joined: Jun 2003
Posts: 9
Does this exploit effect older version such as 6.2.3?

Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Not sure, most likely it does tho. Scripts written years ago, even tho secure then, may have many security holes found once coding practices advance and people find out where the holes were that weren't before.

Clear as mud?

As php advances, there will be new ways of doing things, including finding security exploits that really weren't there when the software was released.


- Allen wavey
- What Drives You?
Sponsored Links
Joined: May 2001
Posts: 794
Content Queen
Content Queen
Offline
Joined: May 2001
Posts: 794
Okay, I took the plunge, and I've decided to move from Classic to Threads after learning that Classic would be discontinued ...

I finally have a couple nights off in a row, so I was going to install threads and start working on it, but when I click on the "zip" link in the members' area, all I get is a download for an .html file!

Since I'd really love to spend the night working on this, HELP!

~Sue
adwoff.com


Sue
adwoff.com
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
oops, did you get this? Filing a trouble ticket with infopop will get you quick service there.


- Allen wavey
- What Drives You?
Joined: May 2001
Posts: 794
Content Queen
Content Queen
Offline
Joined: May 2001
Posts: 794
Hey Allen ... I did get it to work by opening up a Mozilla browser ...

~Sue


Sue
adwoff.com
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
strange.. it works fine for me in IE, must be a security/firewall setting


- Allen wavey
- What Drives You?

Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
isaac
isaac
California
Posts: 1,157
Joined: July 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)