#83864
05/27/2002 1:10 PM
|
Joined: Jun 2001
Posts: 442
Member
|
|
Member
Joined: Jun 2001
Posts: 442 |
On Threadsdev.com! Seriously missing hackers on v6 over there, and I wish the ones on there would write installation instructions as good as the boys on here do!
Come on I've moved to threads, anyone else????
Audi-Sport.net the only forum guaranteed to kill any server!
|
|
|
#83865
05/27/2002 1:33 PM
|
Joined: Jan 1999
Posts: 568
Moderator / Fish
|
|
Moderator / Fish
Joined: Jan 1999
Posts: 568 |
I don't think this is the place to ask!  
|
|
|
#83866
05/27/2002 1:35 PM
|
Joined: Dec 2001
Posts: 699
Member
|
|
Member
Joined: Dec 2001
Posts: 699 |
If you fancy buying me a license I know more PHP than I do Perl  .
|
|
|
#83867
05/27/2002 1:38 PM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
|
|
|
#83868
05/27/2002 4:24 PM
|
Joined: Oct 2000
Posts: 2,223
Veteran
|
|
Veteran
Joined: Oct 2000
Posts: 2,223 |
I don't at all see a problem with someone that uses/hacks/adopts one Infopop product encouraging others to do the same. I think it's kinda neat Remember they are sibling products. I don't see a problem with Wando™ from trying to gain some attention or momentum for threads. *edited because I type so poorly  *
Picture perfect penmanship here.
|
|
|
#83869
05/27/2002 5:23 PM
|
Joined: Jun 2001
Posts: 442
Member
|
|
Member
Joined: Jun 2001
Posts: 442 |
quote:
Originally posted by Sally:
I don't think this is the place to ask!
Err I agree with navaho, both Infopop products and also threadsdev is ubbdev's sister site! As a moderator you know that of course 
Audi-Sport.net the only forum guaranteed to kill any server!
|
|
|
#83870
05/27/2002 5:45 PM
|
Joined: Mar 2002
Posts: 451
Spotlight Runner-Up
|
|
Spotlight Runner-Up
Joined: Mar 2002
Posts: 451 |
Reminds me slightly of UBBDEV's old colour scheme..
|
|
|
#83871
05/27/2002 5:48 PM
|
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
|
|
Spotlight Winner
Joined: Jun 2001
Posts: 2,849 |
I think that you could seriously give the UBBThreads community a lift if you would allow people (like me) to do a straight trade from UBB to UBBThreads for a time. I have two UBB licenses and only use one. Let me trade one of the licenses in and I will be glad to run it and do my best to help spread the word.
It's not like I'm asking for something for free, I paid 200 bucks for the spare license I'm not using.
|
|
|
#83872
05/28/2002 2:25 AM
|
Joined: May 2001
Posts: 6,708
Member
|
|
Member
Joined: May 2001
Posts: 6,708 |
I go to threads sometimes but never post.
|
|
|
#83873
05/28/2002 5:06 AM
|
Joined: Mar 2001
Posts: 7,394
Admin / Code Breaker
|
|
Admin / Code Breaker
Joined: Mar 2001
Posts: 7,394 |
XPerT, don't forget that if they'll agree they'll have to do it for everybody with spare licenses. Maybe Wando™ can sponsor it, tho
|
|
|
#83874
05/28/2002 1:18 PM
|
Joined: Dec 2001
Posts: 699
Member
|
|
Member
Joined: Dec 2001
Posts: 699 |
Yeah, don't go to the pub for a few weeks
|
|
|
#83875
05/28/2002 3:23 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
One of the things holding us up right now over there is the waiting for a final released version of v6... Scream is fixing lots of bugs on the rewrite and it's a bit silly to go through and test modifications for them only to break on the next beta release.. we're slowly getting busier, but I don't expect a whole lotta growth until v6 is outta beta
|
|
|
#83876
05/28/2002 3:49 PM
|
Joined: Jun 2001
Posts: 442
Member
|
|
Member
Joined: Jun 2001
Posts: 442 |
yeah there's a few bugs, but all in all it's good stuff, saved my server! load has gone down from 40% constant, to just 3% 
Audi-Sport.net the only forum guaranteed to kill any server!
|
|
|
#83877
05/30/2002 3:12 AM
|
Joined: Jul 2001
Posts: 1,111
Member
|
|
Member
Joined: Jul 2001
Posts: 1,111 |
quote:
Originally posted by AllenAyres:
One of the things holding us up right now over there is the waiting for a final released version of v6... Scream is fixing lots of bugs on the rewrite and it's a bit silly to go through and test modifications for them only to break on the next beta release.. we're slowly getting busier, but I don't expect a whole lotta growth until v6 is outta beta
i asume that the bugs have been fixed that allowed hackers to break into the site then?
|
|
|
#83878
05/30/2002 5:16 AM
|
Joined: May 2001
Posts: 6,708
Member
|
|
Member
Joined: May 2001
Posts: 6,708 |
Security bugs are fixed pretty quickly.
|
|
|
#83879
05/30/2002 6:36 PM
|
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
|
|
Moderator / Kingpin
Joined: Feb 2001
Posts: 817 |
As far as I heard, all the problems ThreadsDev had (except for the very first one) had nothing to do with bugs within threads. All of the exploits used had to do with improper server settings, mismanaged passwords, and other mistakes/oversights by the staff....the kind of holes most commonly utilized by crackers/social engineers.
|
|
|
#83880
05/31/2002 1:59 AM
|
Joined: Jul 2001
Posts: 1,111
Member
|
|
Member
Joined: Jul 2001
Posts: 1,111 |
from what ive heard at a few sites (this is just what ive heard) a email was sent to infopop containing a fix for ubb.t, the way it ran alowed someone to get the server info, ip said they would look into it, and ubb.t was hacked not long after it was reported.
|
|
|
#83881
05/31/2002 2:08 AM
|
Joined: May 2001
Posts: 6,708
Member
|
|
Member
Joined: May 2001
Posts: 6,708 |
This is getting weirder by the minute. o_O
|
|
|
#83882
05/31/2002 11:42 AM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
The way it actually happened..... Threadsdev was originally set up to allow file uploads - php was a file type allowed. It's a simple thing to upload a phpmyadmin-type app at that point. That's how the site was hacked originally. All new threads installations are defaulted to just image and text files now. The next few times were sorting out all the instances of the script kiddie's apps he had hidden all over the server - some were renamed .gif .jpg etc. Once found and squashed.. the site has been stable since. The last time seems to have been an instance of an admin using the same password there as elsewhere.  There was no "magic hacking" done... the original setup wasn't as secure as it should have been... lesson learned
|
|
|
#83883
05/31/2002 6:15 PM
|
Joined: Oct 2000
Posts: 2,223
Veteran
|
|
Veteran
Joined: Oct 2000
Posts: 2,223 |
quote:
Originally posted by Anime-loo.Oo:
from what ive heard at a few sites (this is just what ive heard) a email was sent to infopop containing a fix for ubb.t, the way it ran alowed someone to get the server info, ip said they would look into it, and ubb.t was hacked not long after it was reported.
That's almost the way it worked.
The person was someone that had been occasionally swaping ideas, help, info, and assitance with Rick. He was someone known to Rick and had worked with him. At one point he found that the file upload in an early beta of 5.5.1 would allow almost any file to be uploaded and executed. Rick made the fix but the beta testers had not yet recieved it. Previously this person asked Rick for a member area extension in exchange for all the many months of help he had been giving. Rick forgot for a day to send me the email. I forgot for a day to have the extension done. The next day I remembered and asked Lori to do the extension. Lori did and emailed the person. An hour later (after recieving his extension) he used the hole that he pointed out to Rick on the threadsdev board which had not recieved the next beta (was on my desk to go out that afternoon).
Why this guy went off the deep end I don't know. He stopped answering email.
The next time it was hacked he used a password that an admin had neglected to change from the first incident.
The next time threadsdev was hacked it was another one of those files that I had not found. He had literally uploaded dozens of them. I missed one in restoring the site from backup.
The last time it was because the site ran out of memory. That server had been having memory problems all along. He just read the config.inc.php file and logged right in after the server was rebooted. The response to that was in br5. Config.inc.php can now be located anywhere in the file system. It no longer needs to be in the ubbthreads directory.
Picture perfect penmanship here.
|
|
|
#83884
05/31/2002 7:53 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
well.. that stuff too... that's my story and I'm stickin to it
|
|
|
#83885
06/01/2002 4:06 AM
|
Joined: Jul 2001
Posts: 1,111
Member
|
|
Member
Joined: Jul 2001
Posts: 1,111 |
thanks for clearing all that up
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 449
Joined: February 2008
|
|
|
Forums63
Topics37,575
Posts293,930
Members13,823
| |
Most Online6,139
Sep 21st, 2024
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
