|
Joined: Sep 2000
Posts: 129
Member
|
Member
Joined: Sep 2000
Posts: 129 |
Today, my website got hacked. Apparently they sent me PM with sender username: $Sender and subject: $Subject, and message: $Mess And all administrator and moderators got this PM. The page that got hacked was the front page using IIP 5.1 They deleted the content on the page index.php, and change it to their group's name.
Last edited by santana; 05/13/2003 10:25 PM.
...... x ...... Using UBBt 6.4.2 + Digg Ajax Mod, Trust Ajax Mod, Captcha Regristation & Login mod, Checkusername Ajax mode.
|
|
|
|
Joined: Jun 2001
Posts: 3,273
That 70's Guy
|
That 70's Guy
Joined: Jun 2001
Posts: 3,273 |
IIP 6.0 B1 is using the get_input function of threads to avoid variable contamination as much as possible.
|
|
|
|
Joined: Jun 2001
Posts: 3,273
That 70's Guy
|
That 70's Guy
Joined: Jun 2001
Posts: 3,273 |
Actually... I'm not exactly sure how what you describe could be done from IIP. How do you know the entry point was IIP?
|
|
|
|
Joined: Sep 2000
Posts: 129
Member
|
Member
Joined: Sep 2000
Posts: 129 |
JustDave
I am not sure what was the entry point. But the page which was hacked was the front page which is the IIP.
I will upgrade the system soon.
...... x ...... Using UBBt 6.4.2 + Digg Ajax Mod, Trust Ajax Mod, Captcha Regristation & Login mod, Checkusername Ajax mode.
|
|
|
|
Joined: Jun 2001
Posts: 3,273
That 70's Guy
|
That 70's Guy
Joined: Jun 2001
Posts: 3,273 |
That's my point though. If they had the ability to delete they could have deleted much more but chose to only delete your index page and put up something of their own. This doesn't signify that the entry point is through that page though. They would need admin access to send a mass pm. There is no function of IIP that does this. The deleting and uploading of another index is also something that IIP isn't capable of. If the attack consisted of making posts under other's names in the shout box or taking in votes for users that say they hadn't voted I would be more inclined to think that the fault is indeed with IIP and the index page. The occurances you described though are not functions found in IIP.
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
Addict
Joined: Apr 2002
Posts: 1,768 |
[] JustDave said:IIP 6.0 B1 is using the get_input function of threads to avoid variable contamination as much as possible. [/] I hope that means you're getting rid of the code that "manually registers" all the globals.
|
|
|
|
Joined: Jun 2001
Posts: 3,273
That 70's Guy
|
That 70's Guy
Joined: Jun 2001
Posts: 3,273 |
[] Dave_L said:I hope that means you're getting rid of the code that "manually registers" all the globals. [/] Yep, gone. One thing I was thinking though is that once the variables have their values set with get_input we should cycle through the global arrays and set everything to empty strings. This way if someone is running with globals on then any additional information that may have been entered is removed. Hope this made sense... lol (am I thinking correctly?)
|
|
|
|
Joined: May 1999
Posts: 1,715
Addict
|
Addict
Joined: May 1999
Posts: 1,715 |
Sounds like a really good idea.
|
|
|
|
Joined: Sep 2000
Posts: 129
Member
|
Member
Joined: Sep 2000
Posts: 129 |
Updated. The intruder got into the admin server and changed all the index.html/index.php So this attack has nothing to do with the Ubbthreads and the IIP. Regards
...... x ...... Using UBBt 6.4.2 + Digg Ajax Mod, Trust Ajax Mod, Captcha Regristation & Login mod, Checkusername Ajax mode.
|
|
|
|
Joined: Jun 2001
Posts: 3,273
That 70's Guy
|
That 70's Guy
Joined: Jun 2001
Posts: 3,273 |
That's good to hear. But it is true that the current and earlier IIP packages are less secure since they need the register globals to be on. (or in some of the later cases the globals are artificially populated) I am rectifying this though with 6.0
|
|
|
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Cool, looking forward to 6
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 70
Joined: January 2007
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|