YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 3 
Topic Tools
 
Board hacked - how to solve this Safety-Issue? (Read 5,324 times)
 Reply #30 - Aug 10th, 2012 at 12:14pm
There are no actions to perform.  

GT-Eins 
YaBB Newbie
*
Offline
Posts: 34
Garbsen, Hannover, Germany


None
Re: Board hacked - how to solve this Safety-Issue?
Just restored the error-log with an old version - lets see what it will reveal.
 
WWW  
IP Logged  
 Reply #31 - Aug 10th, 2012 at 2:29pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Board hacked - how to solve this Safety-Issue?
You can see all the non-renderable characters in the string interrupting it. You can empty out the errorlog by hand if necessary. it's in ./Variables. Each line ends with a
Code Select All
\n 

(end of line.)  It may be invisible in your text editor but it's there.

You might also look at this captcha 'fix': http://www.yabbforum.com/community/YaBB.pl?num=1324832594 The people who use it swear by it.

I'm also wondering - just wondering, mind you - how all those
Code Select All
[url= 

got passed through because those are UBB code.

In the short term you might want to shut down registrations through the site, put up an apology and an encoded email address for people to ask to be registered. (Encoded as in using Javascript to hide the contact email - make it a gmail or free email account you can abandon later - or a separate contact form - again using a disposable email address for the contact address. )  It's more work for you but it has be less than cleaning out files repeatedly and tearing your hair out while these *tards try to break your forum.

Edited:
I know the above advice seems counter-intuitive, but they're coming back and attacking because they've gotten through the first step. So if you can stop them from getting through at all, they'll eventually give up (for a while). But get some anti-spam mods added at least so you can resume normal registration.
« Last Edit: Aug 10th, 2012 at 2:42pm by Dandello »  
WWW  
IP Logged  
 Reply #32 - Aug 11th, 2012 at 8:52am
There are no actions to perform.  

GT-Eins 
YaBB Newbie
*
Offline
Posts: 34
Garbsen, Hannover, Germany


None
Re: Board hacked - how to solve this Safety-Issue?
Thx Dandello

so
1st) the Captcha-fix
if that doesn´t work:
2nd) shut down registrations
later in the year
3rd) yabb 2.5

I´ll keep you updated on the effects
 
WWW  
IP Logged  
 Reply #33 - Aug 11th, 2012 at 1:43pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Board hacked - how to solve this Safety-Issue?
1: captcha fix AND ( SpamFruits OR Anti-Spam Question )  (They're supposed to work with 2.3.1)
2: go to hand registrations (protect your email address)
3. YaBB 2.5 - but before you open for registrations ADD captcha fix AND ( SpamFruits OR Anti-Spam Question ) and StopForumSpam.

and be on the lookout for new anti-spam mods.

Good luck.
« Last Edit: Aug 11th, 2012 at 1:44pm by Dandello »  
WWW  
IP Logged  
 Reply #34 - Aug 11th, 2012 at 10:31pm
There are no actions to perform.  

westwegoman 
Ex Member
*


YaBB 2.5
Re: Board hacked - how to solve this Safety-Issue?
I disabled the captcha and added spam fruits and the anti-spam question mod to my forum. It's been about 6 months and actually, I can't remember one getting through.
« Last Edit: Aug 11th, 2012 at 10:34pm by westwegoman »  
Never use both feet to test the depth of the water
 
IP Logged  
 Reply #35 - Aug 12th, 2012 at 12:45am
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Board hacked - how to solve this Safety-Issue?
I don't see them on mine either - and seeing  'Failed Fruit test' gives me a lift.
 
WWW  
IP Logged  
 Reply #36 - Sep 13th, 2012 at 6:11pm
There are no actions to perform.  

Elfen 
Full Member
***
Offline
Posts: 450


None
Re: Board hacked - how to solve this Safety-Issue?
Dandello wrote on Aug 10th, 2012 at 2:29pm:
You can see all the non-renderable characters in the string interrupting it. You can empty out the errorlog by hand if necessary. it's in ./Variables. Each line ends with a
Code Select All
 

(end of line.)  It may be invisible in your text editor but it's there.

Looking at the string, it seems to me that its in Windows Character Set and not the standard UTF-8 set. But looking at it, it is not an MySQL injection code stuff. That would have actual MySQL code in it to inject those links into the database, this does not have that.

Dandello wrote on Aug 10th, 2012 at 2:29pm:
I'm also wondering - just wondering, mind you - how all those
Code Select All
[url= 

got passed through because those are UBB code.

As far as I see, there are too many 's and "s in the code, along with a few :s. This would probably render such pattern matching useless I believe. Correct me if I'm wrong.

Does YaBB has pattern matching and replacement routines to try to kill injected code from being put in as a log in or posts? In the programs I write, I automatically put in things like:
Code Select All
 ~s/\</\&lt\;/;
to replace <, as used in HTML code, and render it as an acsii code &lt; which prints a '<' but renders the code useless.
 



I do the same with 'script', 'java', and a few other key words.

Everything else that all others said about setting protection and banning IP addresses, I also do.
 
 
IP Logged  
 Reply #37 - Sep 13th, 2012 at 7:55pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,853
Earth


YaBB 2.5
Re: Board hacked - how to solve this Safety-Issue?
The version in question was an older one. The newer versions of YaBB have length limits on things in the query string. And these things were ending up in the error log, so they were just filling up the error log and not doing anything detrimental to the board itself. So it was an annoyance, not a board-breaking threat.  And yes, YaBB does have pretty extensive regexes to prevent bad stuff from getting through.
 
WWW  
IP Logged  
Pages: 1 2 3 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.