again and again hacked..

[Yaroslav]

some hackers hack my forum.. i found from where they hacked its was from the profile there is a XSS.. you gotta check it and release a fix!

and then they inject to the wrapper... i didnt paid for a script that had a security holes. <_< <_< <_<

[Lindsey_]

You should also send a support ticket in so IPS can verify this is a hacked forum :)

[Wondering Soul]

Are you actually using the latest version of IP.Board?

[Yaroslav]

lol thats security hole even existent in 2.3.5 im using 2.3.3 :)

[ColdinCbus]

im using 2.3.3 :)

Did you apply this patch? http://forums.invisionpower.com/index.php?showtopic=270637

[Cybertimber2009]

As the above said (but further explained) it would be extremely useful to the staff to contact support with as much information relating to where the issue is. There is a lot of code to the user profile to look through and seeing as how the software is constantly evaluated for security issues, you might have found something many people (and various companies) might have missed.
Don't post it here because there might be people who want that information for misuse!
And i'm not sure the above patch will work, but it would benifit you to be using the latest version of IPB. There were code changes to the profiles (for load concerns mostly) to the user profile which might have removed that threat.

[Michael]

some hackers hack my forum.. i found from where they hacked its was from the profile there is a XSS.. [b]you gotta check it and release a fix[/b]!

and then they inject to the wrapper... i didnt paid for a script that had a security holes. <_< <_< <_<

lol thats security hole even existent in 2.3.5 [b]im using 2.3.3[/b] :)

You're two versions behind, they might have already released a fix. This is why it's important to keep your license active, and always be running the latest version. There's very little anyone can do to help you at this point, as you don't have an active support license.

[Cybertimber2009]

Whos to say his licence is inactive? He just hasn't updated to 2.3.5.

[riven3d]

his usergroup says all like yours it says Members, accounts with an active license says Customers.

[ColdinCbus]

his usergroup says all like yours it says Members, accounts with an active license says Customers.

Don't count on that as indicator if they have an active support contract.

[Michael]

Don't count on that as indicator if they have an active support contract.

It they are in the Members group and don't have an active support contract, then it's a mistake in the software that updates the groups. If that's the case, opening a topic here is still not the proper course of action.

[ColdinCbus]

It they are in the Members group and don't have an active support contract, then it's a mistake in the software that updates the groups. If that's the case, opening a topic here is [i]still[/i] not the proper course of action.

I never said posting a topic here was the proper course of action, I was just pointing out that the group indicator is not an accurate way of figuring out if the user has an active support license tied to their account.

[Michael]

True, although I just so happen to know that it is accurate in this case.

[cinek]

lol thats security hole even existent in 2.3.5 im using 2.3.3 :)

if you're using 2.3.3 how do u know that 2.3.5 still has this hole?

[Lindsey_]

Hmm, IPB 2.3.5 then IPB 2.3.3 :unsure:

[bfarber]

There are no presently known security holes in 2.3.5. If you believe you've found one, please report the information via a support ticket (active license or not) - please be specific about the security hole you believe you've found.

If we find the information to be accurate, we'll of course package up a security update ASAP. At this time, however, I'd tend to assume that either (1) it's a modification to the software, (2) the "hole" isn't through IPB directly, or (3) that the issue was already addressed in a more recent version and you simply need to update.