YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Page Index Toggle Pages: 1
Topic Tools
 
Logs (Read 1,339 times)
 Oct 5th, 2012 at 9:19am
There are no actions to perform.  

The Boy 
Full Member
***
Offline
Posts: 338
UK


None
Logs
Would I be right in saying that YaBB has no logs of PMs sent, and that wading through Apache logs won't give the answer I'm looking for?

Basically, its alleged a PM was sent approximately 18 months ago on my forum, and I need to be able to prove/disprove it.

I have all the backups, and all the Apache logs.  Trouble with backups, I need to extract each one, check it, then extract the next one etc...  ...problem being, I have a 90 day timeframe of when it may have happened, so that 90d x 24hr/day = 2160 backups to look through Sad
 
WWW  
IP Logged  
 Reply #1 - Oct 5th, 2012 at 10:08am
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,625
Land of the Blazing Sun!


None
Re: Logs
I will look into it.  You may be correct, but I'm unsure.  Is it only the existence of the action that we are trying to determine? Like on X day did user S send a PM?  Or, do we want to know the details?  If, so what details?

Thanks
Cool
 
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #2 - Oct 5th, 2012 at 12:06pm
There are no actions to perform.  

xnoddyx 
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Online
Posts: 1,552
UK:Scotland/livingston


YaBB 2.5
Re: Logs
The Boy wrote on Oct 5th, 2012 at 9:19am:
I have all the backups, and all the Apache logs.  Trouble with backups, I need to extract each one, check it, then extract the next one etc...  ...problem being, I have a 90 day timeframe of when it may have happened, so that 90d x 24hr/day = 2160 backups to look through  

are the backups on the server or your pc if there on your pc goto where the backups are then find all user_name.msg files for the one that got the pm copy them as you will need to rename them if your not on xp

if your on xp in the folder you copyed all the .msg files to look in all files and folders for the User ID: of the one that sent the pm and xp will have a look in the .msg files for this.

in vista and win7 this will not happen with .msg files so you will have to rename them to .txt then

   a.  Hit the start button and type "search" in the search box.
   b.  Select "Change How Windows Searches"
   c.  Hit "Advanced"
   d.  Select the "File Types" tab.
   e.  Make sure the file extension for the files you want to search in is on the list *and* is set to "Index Properties and File Contents" (yes, pick your jaw up off the floor).  I know this appears to be for file indexing, but it does seem to make a difference on whether you find the file in non-indexed locations as well.
   f.  Say "Ok" and exit all the dialog boxes

then if you press the "Alt" key when you're exploring in the folder, you can choose "Tools / Folder Options" go to the "Search" tab and select "Always search file names and contents".
then in the Search box enter the name of the one that sent the pm and it will highlight all .txt files with a pm from that user

and in the .msg .txt it looks like
118405648521935|bad_user|admin
and this is (i am pos this date_time#) then pm from bad_user pm to admin

and yes i know it's not fast but it is the only way i know how to do what you ask  Sad  sorry i can't be of more help  Cry
 
YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
WWW xnoddyx xnoddyx1  
IP Logged  
 Reply #3 - Oct 7th, 2012 at 9:07pm
There are no actions to perform.  

The Boy 
Full Member
***
Offline
Posts: 338
UK


None
Re: Logs
JonB wrote on Oct 5th, 2012 at 10:08am:
I will look into it.  You may be correct, but I'm unsure.  Is it only the existence of the action that we are trying to determine? Like on X day did user S send a PM?  Or, do we want to know the details?  If, so what details?

Thanks
Cool

Once I know the date/time when (if!!) the PM was sent, then I can extract the relevent backup, and check the .msg and .outbox files.

So hoping to use logs to get a when/if Smiley
 
WWW  
IP Logged  
 Reply #4 - Oct 8th, 2012 at 1:30pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,625
Land of the Blazing Sun!


None
Re: Logs
I worked on this last night.

How much do you actually know about the 'alleged' sender?  Do you know the usernames?

Maybe you should PM me and describe what it is you are supposed to be doing, what the allegation is etc.etc. I'm normally pretty keen on forensics, but there is only so much you can do without specifics.  There may also be a more direct method of attack IF we have certain information.

Thanks & good luck
Cool
 
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #5 - Oct 8th, 2012 at 2:00pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,861
Earth


YaBB 2.5
Re: Logs
Just as an additional tickler note to make a search a little easier (maybe). Dates and times are stored in the messages in what's called epoch time, which on most systems is the number of seconds since January 1, 1970 00:00:00.
If you can calculate your boundary dates, you should be able to do a search using part of the date-number and wildcards. (maybe)


 
WWW  
IP Logged  
 Reply #6 - Oct 8th, 2012 at 6:28pm
There are no actions to perform.  

The Boy 
Full Member
***
Offline
Posts: 338
UK


None
Re: Logs
JonB wrote on Oct 8th, 2012 at 1:30pm:
How much do you actually know about the 'alleged' sender?  Do you know the usernames?

Sadly, only the recipent. Not the sender.
 
WWW  
IP Logged  
 Reply #7 - Oct 8th, 2012 at 6:32pm
There are no actions to perform.  

The Boy 
Full Member
***
Offline
Posts: 338
UK


None
Re: Logs
Dandello wrote on Oct 8th, 2012 at 2:00pm:
Just as an additional tickler note to make a search a little easier (maybe). Dates and times are stored in the messages in what's called epoch time, which on most systems is the number of seconds since January 1, 1970 00:00:00.
If you can calculate your boundary dates, you should be able to do a search using part of the date-number and wildcards. (maybe)



Yeah, got that. But my time frame is quite wide, thus hoping to get something useful from the Apache logs (which I can extract them all into the same location, and grep for a search string, but I don't think there is anything useful in the Apache logs?).

Option 2 is to extract the .msg for the recipient for the 2100+ backups I have in this 90 day timeframe (wide timeframe, as it happened 18 months ago), but would then have to go manually through all those 2100 files...
 
WWW  
IP Logged  
 Reply #8 - Oct 9th, 2012 at 1:28pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,625
Land of the Blazing Sun!


None
Re: Logs
A. Do we know an absolute verbatim string that was contained in the PM, or even better the complete message?

B. I don't think the Apache logs are going to be much help without the YaBB username, which would have to be matched to an IP. I got road-blocked on that pursuit. I know the script to access log sequence for PM's now, and access logs only really know IP's.

"A." up there has some real promise (combined with the recipients yabb username).  What exact format are the backups in?  Where are the backups stored, and on what kind of filesystem/OS.  It may be possible to scan through the backups without extracting them.

Could I ask (in order to avoid ever being put in this awful hole) what liability or presumption of duty does this (presumably court/legally ordered) rely upon?  I work on these issues in 'real life', so I am very concerned.

Good luck on this matter.  Undecided

Thanks for all your support, (and we are going to make you and all the other YaBB lovers proud  Wink )

Cool
 
I find your lack of faith disturbing.
jonbservergeek  
IP Logged  
 Reply #9 - Oct 9th, 2012 at 7:07pm
There are no actions to perform.  

The Boy 
Full Member
***
Offline
Posts: 338
UK


None
Re: Logs
A) Nope, sadly, as that would make it scriptable IMHO
Extract
Grep recipients (who we know) .msg file and if search string found, copy .msg file somewhere
Delete Extract
Repeat for next backup in timeframe

B) Yeah, I've come to that conclusion as well Sad


Backups are hourly tar+gzip of the entire YaBB filesystem.
Logs are bog standard Apache access.log (renamed when they roll over, every 3 hours)

Get a sneaking suspicion I'm going to be continuing with the manual method  Cry
 
WWW  
IP Logged  
Page Index Toggle Pages: 1
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.