UBB.Developers Forums UBB.threads 7 Development How Do I? They are trying to hack my forum with javascipt in IMG tags

Someone put this inside image tags in posts on my forum:

[code erased]

and:

[code erased]

It was on my site for a few hours. I changed my moderator passwords after I deleted the hacking attempts. I disable images and censored "x", "x" and "x". I am running UBB 6.2.0. I will be upgrading soon.

Was this a professional hack attempt? Might it have gotten anything? The persons who did it got mad at my forum only in the last day or two. Do they seem to know what they are doing?

Thank you very much.

Yes, it is serious. However, 6.3 fixed all these problems, so just upgrade.

CAn you please PM me the code that was used.

Much appreciated...

I noticed that the code I posted and even the words I censored where deleted. Is there a proper way for me to ask for help about these things in the future? This attack was just one day after these people got mad at my forum. I am worried about what else they will do.

I have now upgraded to 6.3.0. I am turning images back on.

Do you think that they could have gotten any of my members information? Would my members have had to actually push a "submit" button, like the "submit reply" or "edit post" button while logged in? What about members who were not logged in and posted anonymously like I allow? Could their cookies or whatever still have been sent to that place?

Thank you for your help.

Oblomov, I sent you a PM about the members that their cookies got stolen.

I removed the code because I didn't want people to get it here and use it in older versions. I wouldn't mind if you PM it to QuickSI, but it's not the only way. I made some that work myself (some don't even need img).

Anyhow, why 6.3.0 and not 6.3.1?

LK can you also PM me the ones you know about. I would like to button up Hostboard the best I can.

Thanx!

Just look at ubbcgi.pm's unescape (and unescapeHTML) subs, and ubb_lib.cgi urlize and imageize subs (and the subs they refer to; also ubb_lib.cgi's [url] and [img] convertion, that uses urlize and imageize). If you copy them (they don't even have nothing to do with flat file, you can just copy), it will probably fix everything.

Do they have to be logged on to have their cookies stolen? If not, can cookies from other sites be stolen at the same time?

I have upgraded to 6.3.0 instead of a later version because my one year upgrade thing expired maybe a month ago or so ago and I had downloaded the 6.3.0 a little while before it expired.

Was this attack on my forum a cutting edge professional job? I have reason to believe it is the work of persons who work with cgi scripts. They just got mad at my forum in the last couple of days. I worry that more is coming.

I am very proud of the openness of my forum. I allow people to post to one of my forums without logging in as a member. I would like to see more support for this in UBB. Ideally, some day, I would like to have one of my forums a totally secure no registration forum. I would need to allow only images from my site, and have people load them in. I would need to make sure that any links that people click on would have the referrer logging disabled somehow. (I just realized that wouldn't be good enough. I would need to disallow links or warn people about following them.)

Thank you all for your help.

Yes, they have to be logged in. However, if you have other things with cookies on your UBB domain, it could've been stolen too. (btw, if you have something other than your UBB 6.3.0, ie. guestbooks, etc, I suggest you to close it)