Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted August 9, 200816 yr some hackers hack my forum.. i found from where they hacked its was from the profile there is a XSS.. you gotta check it and release a fix! and then they inject to the wrapper... i didnt paid for a script that had a security holes. <_< <_< <_<
August 9, 200816 yr You should also send a support ticket in so IPS can verify this is a hacked forum :)
August 9, 200816 yr im using 2.3.3 :) Did you apply this patch? http://forums.invisionpower.com/index.php?showtopic=270637
August 9, 200816 yr As the above said (but further explained) it would be extremely useful to the staff to contact support with as much information relating to where the issue is. There is a lot of code to the user profile to look through and seeing as how the software is constantly evaluated for security issues, you might have found something many people (and various companies) might have missed. Don't post it here because there might be people who want that information for misuse! And i'm not sure the above patch will work, but it would benifit you to be using the latest version of IPB. There were code changes to the profiles (for load concerns mostly) to the user profile which might have removed that threat.
August 9, 200816 yr some hackers hack my forum.. i found from where they hacked its was from the profile there is a XSS.. [b]you gotta check it and release a fix[/b]! and then they inject to the wrapper... i didnt paid for a script that had a security holes. <_< <_< <_< lol thats security hole even existent in 2.3.5 [b]im using 2.3.3[/b] :) You're two versions behind, they might have already released a fix. This is why it's important to keep your license active, and always be running the latest version. There's very little anyone can do to help you at this point, as you don't have an active support license.
August 10, 200816 yr his usergroup says all like yours it says Members, accounts with an active license says Customers.
August 10, 200816 yr his usergroup says all like yours it says Members, accounts with an active license says Customers. Don't count on that as indicator if they have an active support contract.
August 10, 200816 yr Don't count on that as indicator if they have an active support contract. It they are in the Members group and don't have an active support contract, then it's a mistake in the software that updates the groups. If that's the case, opening a topic here is still not the proper course of action.
August 10, 200816 yr It they are in the Members group and don't have an active support contract, then it's a mistake in the software that updates the groups. If that's the case, opening a topic here is [i]still[/i] not the proper course of action. I never said posting a topic here was the proper course of action, I was just pointing out that the group indicator is not an accurate way of figuring out if the user has an active support license tied to their account.
August 11, 200816 yr lol thats security hole even existent in 2.3.5 im using 2.3.3 :) if you're using 2.3.3 how do u know that 2.3.5 still has this hole?
August 11, 200816 yr There are no presently known security holes in 2.3.5. If you believe you've found one, please report the information via a support ticket (active license or not) - please be specific about the security hole you believe you've found. If we find the information to be accurate, we'll of course package up a security update ASAP. At this time, however, I'd tend to assume that either (1) it's a modification to the software, (2) the "hole" isn't through IPB directly, or (3) that the issue was already addressed in a more recent version and you simply need to update.
Archived
This topic is now archived and is closed to further replies.