 JoshPet
FusionBB Developer
Posts: 6576
Loc: Charlotte, NC
Post Rank (AVG):
|
Everyone running UBB.Threads need to make sure they update addpost.php and addpost_newpoll.php as noted here.
If you have switched to Fusion... GREAT but if UBB.Threads still resides on your server - make sure you apply the fix, or remove the addpost_newpoll.php file if you're only using Threads for a redirect to FusionBB.
If you are on VertexHost, we have attempted to find and repair all UBB.Threads installs (well over 50 across 12 servers). But we may have been unaware of your install. You can verify the fix is in addpost.php and addpost_newpoll.php. If you're a vertexhost customer, and not sure, please open a ticket and we'll gladly verify for you.
Several of our servers were comprimised as a result of this - so we've began the day by restoring a few hacked threads users, and looking for what happened and how they did it. Once we were aware of the issue we took action and have been vigorously working to re-secure all servers and plug all security holes.
One server (destiny) suffered severe MySQL issues as a result of this security comprimise and a backup had to be restored. Technicians are still working on that server, and I'm waiting for the final verdict if all accounts MySQL databases were restored back 24 hours, or just a few. Will update our VertexHost News as soon as we are finished.
Feel Better, Feel Younger, Sleep Better - Trans-D Tropin
Visit www.BuyTransD.com - use coupon code 1004 to save $20 |
|
Ian
FusionBB Fanatic
Posts: 1236
Post Rank (AVG):
|
In response to JoshPet
Apparently this uses the process of binz - can't find any evidence of this process.
Apart from the obvious defacing of the forum - are there any other evidence we should check for?
I think I am clear on our servers - but better to be safe than sorry 
|
Jason Stix Buckley
FusionBB Fanatic
Posts: 1884
Loc: Concord NC USA
Post Rank (AVG):
|
In response to Ian
Thanks Josh for being on top of this. It appears you have alerady fixed my archive install on MotorsportsLounge.com (I checked the files and saw it was updated).
I might just have to axe my archive install soon since UBB.T appears to be a problem. Even though it was fixed this time, next time it could be worse.
That is the only problem with being the first site to transfer and use FBB in a live environment ... I moved the site before the transfer scripts were created, so all the posts from the past didn't move to the FBB install, just the member database.
But, since it meant I went to a far superior product, that is ok.
Jason "Stix" Buckley
Owner / Founder
Stix Fx Entertainment
www.stixfx.com |
|
Chris Peterson
FusionBB Community Support Manager
Posts: 3756
Loc: West Fargo, ND
Post Rank (AVG):
|
In response to Jason Stix Buckley
I'm still on the mailing list I guess, I got an email about this last night.
|
 Dan
Alpha Tester
Posts: 1300
Post Rank (AVG):
|
In response to Chris Peterson
I did as well 
|
 Rutto
FusionBB Enthusiast
Posts: 370
Loc: Milano (Italy)
Post Rank (AVG):
|
In response to Dan
I just deleted those files from my old unused UBB.Threads installation.
|
greg
FusionBB Community Support Specialist
Posts: 4802
Loc: Tombstone, AZ
Post Rank (AVG):
|
In response to Rutto
As soon as I moved to Fusion, I just deleted EVERYTHING .threads related...LOL
|
intensity
goober
Posts: 91
Post Rank (AVG):
|
In response to greg
Thanks for the headsup Josh!
|
White and Nerdy
FusionBB Fanatic
Posts: 1674
Loc: Fort Wayne
Post Rank (AVG):
|
In response to Chris Peterson
I'm still on the mailing list I guess, I got an email about this last night.
hehe, so did I.
|
White and Nerdy
FusionBB Fanatic
Posts: 1674
Loc: Fort Wayne
Post Rank (AVG):
|
In response to Dan
I did as well
happy birthday Godaddy!
|
White and Nerdy
FusionBB Fanatic
Posts: 1674
Loc: Fort Wayne
Post Rank (AVG):
|
In response to greg
As soon as I moved to Fusion, I just deleted EVERYTHING .threads related...LOL
if i was you, I'd still keep a .zip of the install and license information around just in case Josh and Dave kick the bucket or something, not likely to happen, but ya never know, never hurts to have a life insurance policy just in case.. Of course, Josh and dave would really have to be dead before I'd even consider Threads, and even then I'd probably just goto a free solution LOL
|
greg
FusionBB Community Support Specialist
Posts: 4802
Loc: Tombstone, AZ
Post Rank (AVG):
|
In response to White and Nerdy
Too late, for threads, at least. That has been GONE for many months now.
|
White and Nerdy
FusionBB Fanatic
Posts: 1674
Loc: Fort Wayne
Post Rank (AVG):
|
In response to greg
aww man, you coulda given it to ME...(grin)
I used to be a big fan of threads until Josh introduced me to FusionBB. I just couldn't afford a license, and if Fusion ever gets as expensive as UBB I won't be able to afford to keep it up either, so I always keep my options open just in case.
|
JoshPet
FusionBB Developer
Posts: 6576
Loc: Charlotte, NC
Post Rank (AVG):
|
In response to White and Nerdy
FYI - there is a second UBB.Threads security exploit. The details haven't been posted (so the hackers don't figure it out). I've just finished... once again, fixing the 55+ installs at vertex to keep things secure. 
If you want to see the announcement, there's a post here.
Feel Better, Feel Younger, Sleep Better - Trans-D Tropin
Visit www.BuyTransD.com - use coupon code 1004 to save $20 |
|
Chris Peterson
FusionBB Community Support Manager
Posts: 3756
Loc: West Fargo, ND
Post Rank (AVG):
|
In response to JoshPet
Freaking great. Sheesh.
|
Chris Peterson
FusionBB Community Support Manager
Posts: 3756
Loc: West Fargo, ND
Post Rank (AVG):
|
In response to Chris Peterson
Oh wait, now is this one for 6.5 users? I never upgraded to this.
|
JoshPet
FusionBB Developer
Posts: 6576
Loc: Charlotte, NC
Post Rank (AVG):
|
In response to Chris Peterson
6.4x and 6.5x I believe.
Feel Better, Feel Younger, Sleep Better - Trans-D Tropin
Visit www.BuyTransD.com - use coupon code 1004 to save $20 |
|
Chris Peterson
FusionBB Community Support Manager
Posts: 3756
Loc: West Fargo, ND
Post Rank (AVG):
|
In response to JoshPet
6.4x and 6.5x I believe.
I just re-read the post and it says
This fixes one other *potential* problem script along with fixing some file # problems that crept into 6.5.3
Didn't catch that before.
|
DLWebmaestro
newbie
Posts: 12
Loc: Maryland
Post Rank (AVG):
|
In response to Chris Peterson
Thanks for keeping us informed Josh! 
|
Basil
maximus
Posts: 177
Loc: New Mexico
Post Rank (AVG):
|
In response to JoshPet
I was hit with this with a vengeance yesterday and spent about 24 hours straight cleaning up and restoring my system. One word of caution - from the root directory forward, do la -alh | less in every single directory and look for suspicious files and directories. Some of the malicious scripts were buried deeeep in sub-sub-sub directories. Don’t just clean up the obvious stuff – look long and hard ant your whole server. Also look in Photopost and pp-classifieds if you use those on your forum. And be sure to look for unwanted .htaccess files (these were all over the place). By unwanted I mean .htaccess files that YOU did not put there (the hacker did).
I’m VERY glad I found this thread and was able to apply the fix.
Basil
|
05-04-06 12:07 AM - 
