Previous Thread
Next Thread
Print Thread
Rate Thread
6.5.3 Released: Security fix for 6.4.x-6.5.2 #293232
05/03/2006 8:40 PM
05/03/2006 8:40 PM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
Tonight Rick released a security update for ubb.threads that fixes a newly found security exploit. Also included are 8-9 bugfixes for buglets that have been hanging around for a while.

Everyone is encouraged to update asap.

Official announcement can be found here:

http://www.ubbcentral.com/boards/showflat.php/Number/4560078


- Allen wavey
- What Drives You?
Sponsored Links
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: SurfMinister] #293233
05/03/2006 8:59 PM
05/03/2006 8:59 PM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
Rick gives the quick fix in the announcement, if you don't want to over-write your mods. If you'd like to file compare in the other bugfixes, the affected files are:

/admin/createforum.php
/admin/doapproveusers.php
/install/createtable.php
/templates/default/editbasic.tmpl
/editpost.php
/ubbt.inc.php
/languages/english/instant_markup.php


- Allen wavey
- What Drives You?
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: SurfMinister] #293234
05/05/2006 5:47 PM
05/05/2006 5:47 PM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
6.5.4 Released

http://www.ubbcentral.com/boards/showflat.php/Number/4560139


"We have finished doing a full security audit after the problem found with the addpoll script in 6.5.2 and prior versions. We've released 6.5.4 to the members area at this time. This fixes one other *potential* problem script along with fixing some file # problems that crept into 6.5.3."


- Allen wavey
- What Drives You?
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: SurfMinister] #293235
05/24/2006 2:20 AM
05/24/2006 2:20 AM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
Mass email sent to all members here (sorry), but there's still people out there running older versions and we're getting daily reports of them being hacked.

If you've already upgraded or run another software, please disregard the message.


- Allen wavey
- What Drives You?
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: SurfMinister] #293236
05/24/2006 8:15 AM
05/24/2006 8:15 AM
Joined: May 2006
Posts: 4
B
backupgeek Offline
Lurker
backupgeek  Offline
Lurker
B
Joined: May 2006
Posts: 4
Hi,

My site got hacked really bad this week. We are going to upgrade from 6.4.2 to 6.5.4 which I found in the members area.

Can someone give specific upgrade tips for this jump so I don't loose my IIP? I have a few other mods that I hopefully will be able to retain during the upgrade.

Sponsored Links
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: killahxxx] #293237
05/24/2006 8:23 AM
05/24/2006 8:23 AM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
You'll want to upgrade IIP as well to current released files. It runs better anyways Current IIP files can be found here:

https://www.ubbdev.com/forum/showflat.php/Number/116683

For an idea of what features have been added since your version, check here:

http://www.ubbcentral.com/support/version.php?product=UBB.threads

A good number of "mods" are now features in the base code


- Allen wavey
- What Drives You?
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: SurfMinister] #293238
05/24/2006 9:05 AM
05/24/2006 9:05 AM
Joined: May 2006
Posts: 4
B
backupgeek Offline
Lurker
backupgeek  Offline
Lurker
B
Joined: May 2006
Posts: 4
How is the upgrade from 6.4 to 6.5? Are we better off doing a clean install?

Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: killahxxx] #293239
05/24/2006 9:27 AM
05/24/2006 9:27 AM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
The thing is, the hackers put files everywhere. If it were me and all I basically had was a forum, I'd nuke all files (keeping a backup of config.inc.php, main.inc.php and any other config files) and re-install. Should be no problem and you'll still have all members, posts, pm's, forums, etc.

Of course I'd backup the forum first


- Allen wavey
- What Drives You?
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: SurfMinister] #293240
05/24/2006 10:28 AM
05/24/2006 10:28 AM
Joined: Jun 2003
Posts: 9
P
pdagal Offline
Lurker
pdagal  Offline
Lurker
P
Joined: Jun 2003
Posts: 9
Does this exploit effect older version such as 6.2.3?

Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: ] #293241
05/24/2006 10:49 AM
05/24/2006 10:49 AM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
Not sure, most likely it does tho. Scripts written years ago, even tho secure then, may have many security holes found once coding practices advance and people find out where the holes were that weren't before.

Clear as mud?

As php advances, there will be new ways of doing things, including finding security exploits that really weren't there when the software was released.


- Allen wavey
- What Drives You?
Sponsored Links
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: SurfMinister] #293242
05/24/2006 11:43 PM
05/24/2006 11:43 PM
Joined: May 2001
Posts: 709
Pennsylvania
A
ADWOFF Offline
Content Queen
ADWOFF  Offline
Content Queen
A
Joined: May 2001
Posts: 709
Pennsylvania
Okay, I took the plunge, and I've decided to move from Classic to Threads after learning that Classic would be discontinued ...

I finally have a couple nights off in a row, so I was going to install threads and start working on it, but when I click on the "zip" link in the members' area, all I get is a download for an .html file!

Since I'd really love to spend the night working on this, HELP!

~Sue
adwoff.com


Sue
adwoff.com
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: Cortana] #293243
05/25/2006 8:21 AM
05/25/2006 8:21 AM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
oops, did you get this? Filing a trouble ticket with infopop will get you quick service there.


- Allen wavey
- What Drives You?
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: SurfMinister] #293244
05/25/2006 10:50 PM
05/25/2006 10:50 PM
Joined: May 2001
Posts: 709
Pennsylvania
A
ADWOFF Offline
Content Queen
ADWOFF  Offline
Content Queen
A
Joined: May 2001
Posts: 709
Pennsylvania
Hey Allen ... I did get it to work by opening up a Mozilla browser ...

~Sue


Sue
adwoff.com
Re: 6.5.3 Released: Security fix for 6.4.x-6.5.2 [Re: Cortana] #293245
05/26/2006 8:40 AM
05/26/2006 8:40 AM
Joined: Mar 2000
Posts: 25,587
Texas
AllenAyres Offline OP
I type Like navaho
AllenAyres  Offline OP
I type Like navaho
Joined: Mar 2000
Posts: 25,587
Texas
strange.. it works fine for me in IE, must be a security/firewall setting


- Allen wavey
- What Drives You?

Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with, and recommend, the following Web Hosts:
· Stable Host
· Blue Host
· Interserver.net
Visit Us on Facebook
Member Spotlight
isaac
isaac
California
Posts: 1,170
Joined: July 2001
Show All Member Profiles 
Forum Statistics
Forums64
Topics37,448
Posts293,484
Members13,793
Most Online1,498
Mar 17th, 2017
Top Posters(All Time)
AllenAyres 25,587
JoshPet 11,330
Rick 8,373
LK 7,396
Lord Dexter 6,503
Gizmo 5,938
Greg Hard 5,533
Top Posters(30 Days)
isaac 4
Today's Statistics
Currently Online 726
Topics Created 0
Posts Made 0
Users Online 1
Birthdays 21
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2018 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 7.6.2
(Preview build 20180611.dev)
Page Time: 0.057s Queries: 15 (0.017s) Memory: 3.3334 MB (Peak: 3.5545 MB) Zlib enabled. Server Time: 2018-06-22 05:39:47 UTC