Page Index Toggle Pages: 1 2 [3] 
Topic Tools
Very Hot Topic (More than 25 Replies) Board hacked - how to solve this Safety-Issue? (Read 6,146 times)
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Board hacked - how to solve this Safety-Issue?
Reply #7 - Aug 6th, 2012 at 7:19pm
Post Tools
I think I know what the problem is:

Look at the very end of the error message. It ends in '.pre', then you get the 'File not found'

I think a huge string was pasted into the membername field @ registration - its sitting in ./Members. as an unvalidated member. When a login has to happen, the member-locator-search trips logic over it. (it probably evaluates the filenames in the ./Members folders) There's so many rule-breakers in the string with escaped characters its hard to say how its actually read in.

So I agree with Dandello on the basic problem.

Roll Eyes

Good Luck

« Last Edit: Aug 6th, 2012 at 7:26pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
GT-Eins
YaBB Newcomer
*
Offline



Posts: 34
Location: Garbsen, Hannover, Germany
Re: Board hacked - how to solve this Safety-Issue?
Reply #6 - Aug 6th, 2012 at 7:04pm
Post Tools
.htaccess is full of entrys as I tried to rise the guardian Level in the last days to get a thumb on the problem.
Think we cannot find anything here.

  
Back to top
WWW  
IP Logged
 
GT-Eins
YaBB Newcomer
*
Offline



Posts: 34
Location: Garbsen, Hannover, Germany
Re: Board hacked - how to solve this Safety-Issue?
Reply #5 - Aug 6th, 2012 at 6:31pm
Post Tools
Our current version is YaBB 2.3.1
No mods installed
I┤ll try to check the files now
  
Back to top
WWW  
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,584
Location: UK:Scotland/livingston

None
Re: Board hacked - how to solve this Safety-Issue?
Reply #4 - Aug 6th, 2012 at 1:19pm
Post Tools
what version of yabb are you running and have you any mods installed also check the .htaccess in the cgi-bin/yabb/ or cgi-bin/yabb2/ folder if this is clean then can you make me a admin ac send this and your ftp info in a pm to me áplease Smiley
« Last Edit: Aug 6th, 2012 at 1:21pm by xnoddyx »  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,126
Location: Earth

YaBB 2.6.0
Re: Board hacked - how to solve this Safety-Issue?
Reply #3 - Aug 6th, 2012 at 4:50am
Post Tools
It looks like the login script is trying to access bogus spammy memberfiles. Check your ./Members/ directory , especially membersinfo.txt While this may not explain why the members are locked out then things clear up, this is at least a place to start. The code looks like someone managed to put urls into somewhere they don't belong.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Alejandro Raggio
YaBB Newcomer
*
Offline



Posts: 10

None
Re: Board hacked - how to solve this Safety-Issue?
Reply #2 - Aug 6th, 2012 at 4:31am
Post Tools
I'll be interested in reading the answer as well, as I probably had a similar issue with another software and want to be cautious to avoid that happening to my boards as well (actually I had plenty of bots registering, but they never got that far).
  
Back to top
 
IP Logged
 
GT-Eins
YaBB Newcomer
*
Offline



Posts: 34
Location: Garbsen, Hannover, Germany
Re: Board hacked - how to solve this Safety-Issue?
Reply #1 - Aug 6th, 2012 at 4:24am
Post Tools
Admins: please move the topic to the "Anti-Spam" -Forum if more suitable
Sorry did not discover that at the 1st view  Roll Eyes
  
Back to top
WWW  
IP Logged
 
GT-Eins
YaBB Newcomer
*
Offline



Posts: 34
Location: Garbsen, Hannover, Germany
Board hacked - how to solve this Safety-Issue?
Aug 6th, 2012 at 4:17am
Post Tools
Hi Guys
Since 3 weeks our board is for each user individually temporarly blocked for several hours.
After the login instead of the screen with the Subforums the following message appears:



After 2-3 hours the login works again.

Does anyone know this ? If Yes How did you get rid of it?

A Colleague suspected a code-injection - but I did not find any updated files in our Yabb-Folder on the server yet (hornestly I did not know where to search particulary.)

In the last year we had a rising number of Crowdturfers which I had to eliminate regulary. Maybe one was able to hack the code - but I don┤t know where & when. His ID is obvoiously deleted.

Any help is welcome!
  
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1 2 [3] 
Topic Tools
 
  « Board Index ‹ Board  ^Top