Jump to content

IPS Releases Updates to Community Suite

Guest IPS News

By Guest IPS News
in Feedback

Recommended Posts

tonyrolm Newbie

tonyrolm

Posted
Posted

Yes, l've been working with init.php turned on.



cacheid_1 isn't used on my board, it's there because an upgrade didn't work properly without it.



Init.php has been returned to '0' now.



:(


Try running ..



http://www.yourdomain.com/upgrade/index.php

Make sure index.php is CHMOD'd


:)


Verified the CHMOD and the settings are correct.
Still getting
Incorrect access
You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'.

When I run the upgrade.php I get:
You appear to be running IPB 2.0.x already and no upgrade is required.

I appreciated any help in getting this upgraded. I also have the Galley to do but I am not proceeding any further until I get this corrected.
Thanks
Tony
  • Replies 182
  • Created
  • Last Reply
Guest

Guest

Posted
Posted

I have not seen this quesiton asked. I have a secured community site. Meaning they don't get on unless they know somebody else and they are in the membership list of clubs across the country. Very little chance a member would try to hack the site. I also don't allow people on the site unless they register and have an account and their accounts don't get approved unless we have good reason to trust them.



Are people getting hacked because they have public websites? Am I in danger if I keep a trusted membership group and don't let people on that will hack the site?



I'm just wondering how much of this requires to have access to the site to hack it.


I think you probably would be vulnarable to the security hole that was in the search function, since guests can normally use this as well. Anyway it's better to upgrade: better safe than sorry. ;)
.Jack Collaborator

.Jack

Posted
Posted

You know full well i was talking about hackers, not IPS looking for security holes to fill.



Plain and simple anyone who does that is screwed up. And you're VERY pathetic to act like it is fine to use "intelligence" to be malicious to others. i hope your board gets messed with.



[b]Edited[/b]


exactly my thoughts... I did get hacked with a 2.1.3 version by a german dude who just had a good time ######in with my website... on the other hand, people that check for these kinda leaks - call them hackers too -but hack with good intensions are needed on the internet... only way these leaks get discovered


I suggest you both re-read my post.. I wasn't talking about IPS looking for holes. I didn't suggest that it was fine to use intelligence to be malicious. The truth of the matter is that generally, if one is intelligent enough to come up with these clever exploits, then one has the sense to do good with it and not be a vandal and a retard. I do not condone malicious hackers, I was stating that there are people out there who look for exploits in software like IPB and actually report the problems to IPS rather than use their knowledge to deface other sites.
reflection Newbie

reflection

Posted
Posted

I suggest you both re-read my post.. I wasn't talking about IPS looking for holes. I didn't suggest that it was fine to use intelligence to be malicious. The truth of the matter is that generally, if one is intelligent enough to come up with these clever exploits, then one has the sense to do good with it and not be a vandal and a retard. I do not condone malicious hackers, I was stating that there are people out there who look for exploits in software like IPB and actually report the problems to IPS rather than use their knowledge to deface other sites.



cool.. then we all think alike.... just don't call someone stupid that quick

as far as I can see in the code... 2.1.6 is safe... just upgrade to that asap..... and if you are using add-ons, just simply check them for input validation.... make sure to check all vars for user input and do some proper error handling
WilliamTM Apprentice

WilliamTM

Posted
Posted

I have a question though, it asks me something to do with the skins? What the hell is that about? "Template updating" or something. :blink: :unsure:



Can someone explain? o:)

...still awating an answer please...
tonyrolm Newbie

tonyrolm

Posted
Posted

Verified the CHMOD and the settings are correct.


Still getting


Incorrect access


You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'.



When I run the upgrade.php I get:


You appear to be running IPB 2.0.x already and no upgrade is required.



I appreciated any help in getting this upgraded. I also have the Galley to do but I am not proceeding any further until I get this corrected.


Thanks


Tony



Is this the "I've been hacked too Forum" are the forum for people asking for upgrade help?
I need to know how I can get help upgrading my IPB from 2.1.5 to 2.1.6. Do I need to open a ticket?
I was trying to avoid that.
Any thoughts on my issue?
Thanks
Tony
Guest

Guest

Posted
Posted

you're fine if you just upload the modified files.
afterwards you can run the upgrade.php script

tonyrolm Newbie

tonyrolm

Posted
Posted

you're fine if you just upload the modified files.


afterwards you can run the upgrade.php script




I'm fine? No I'm not fine.
I will open a ticket.

Verified the CHMOD and the settings are correct.
Still getting
Incorrect access
You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'.

When I run the upgrade.php I get:
You appear to be running IPB 2.0.x already and no upgrade is required.

I appreciated any help in getting this upgraded. I also have the Galley to do but I am not proceeding any further until I get this corrected.
Thanks
Tony
bfarber Grand Master

bfarber

Posted
Posted

You appear to be running IPB 2.0.x already and no upgrade is required.



If you are upgrading from 2.0 or 2.1 to the latest release, you should be hitting index.php not upgrade.php..
tonyrolm Newbie

tonyrolm

Posted
Posted

If you are upgrading from 2.0 or 2.1 to the latest release, you should be hitting index.php not upgrade.php..



Verified the CHMOD and the settings are correct.
When I type index.php
I get:
Incorrect access
You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'.
I upgrading my IPB from 2.1.5 to 2.1.6.
Tony
bfarber Grand Master

bfarber

Posted
Posted

Yeah, since that text is no where in the index.php I'm referring to (domain.com/upgrade/index.php) my only recommendation is to submit a ticket at this point.

tonyrolm Newbie

tonyrolm

Posted
Posted

Verified the CHMOD and the settings are correct.


When I type index.php


I get:


Incorrect access


You cannot access this file directly. If you have recently upgraded, make sure you upgraded 'admin.php'.


I upgrading my IPB from 2.1.5 to 2.1.6.


Tony


Ok I finally figured it out. Given that this was a patch upgrade my Winzip had problems with the multiple named files when extracted to a folder prior to ftp transfer.
The result was 2 filename index.php, 2 filename version_history.php, and 2 filename version_upgrade were being over written prior to the ftp.
I manually ftp each file to appropiate forums folder and the upgrade worked.
I do issue a word of caution to those users with custom skins. The upgrade explanation when it gets to the skin rebuilding can have damaging effects if you select the wrong choice. :o my bad.
Thanks for putting up with me. This IPB is all new to me but everyday I learn more and more.
Now to re-import my skins back.
Thanks
hunter8 Newbie

hunter8

Posted
Posted

It corrects all the 2.1.5 fixes which include:



Potential eval of PHP code in the search system (very clever 'hack', forces preg_replace into 'e' mode).



I've just upgraded to 2.1.6 from 2.1.5 but before I did I had someone register with a .ru email address, they made one post which started with eval and what looked like a paragraph of character codes, I then saw that this new member was searching for something - have I been hacked ? If so will the upgrade to 2.1.6 fix it or should I be looking for something else on my forum that they may have done ? :unsure:

I also had another member register about 5 days ago with a .ru email address but they never validated their account, could they have done something as a validating member ?
Petrescu Rookie

Petrescu

Posted
Posted

I've just upgraded to 2.1.6 from 2.1.5 but before I did I had someone register with a .ru email address, they made one post which started with eval and what looked like a paragraph of character codes, I then saw that this new member was searching for something - have I been hacked ? If so will the upgrade to 2.1.6 fix it or should I be looking for something else on my forum that they may have done ? :unsure:



I also had another member register about 5 days ago with a .ru email address but they never validated their account, could they have done something as a validating member ?


I've just had that happen to me also, a couple of hours ago with an .ru email address. They signed up and automatically became admin and started a topic named "test", along with a paragraph of character codes, which was deleted, by whoever it was - it was sent to the trash can. I also noticed this person was online in my Admin CP. I was online at the time it happened and immediately deleted the user and IP.

And then upgraded from 2.1.4 to 2.1.6. :(

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...