Jump to content

Serious 4.0 security flaw? Or something else?


Lab Rats Rule

Recommended Posts

Posted

OMG!  Guests are not allowed to post at my site.  But googlebot just found a page that was throwing an error:  

Googlebot couldn't access the contents of this URL because the server had an internal error when trying to process the request. These errors tend to be with the server itself, not with the request. 

So I went and checked out the page and saw this.  This is where you show makeup looks, so the post sounds innocent enough.  BUT, there was also an email address box and capchita for a guest to post!  And you can see this without being logged in.

 I thought you might be interested in looking at My Daily Face.

error.thumb.jpg.dcb47087c56ecc790dd580cc 

Now I did do the group bug edit.  But can it be undone since there is a database query that had to be ran with it?  

Posted

So you can see a post page but it won't actually go through if you tried to post it?(that screenshot is very blurry to me)

Well, I was afraid to try it in case a hacker would steal something when I did it.  LOL...  But I just did and it was a share by email screen.  Whew...  So what I did was turn off sharing for all guests which should include the googlebot I hope.

You have to understand where I am coming from.  This is a v-bul site that was given to me in a hacked state.  I wouldn't have taken it if I was told, but it was dumped in my lap without so much of a hint of its seedy past.  So I migrated it with all new files and discarded the database.

I have all sorts of weird issues right now and I have been a bit nervous.  I have about 30 members with negative reputations and they should be positive by a hundred or more.  My dummy admin account could no longer edit the first post in any topic it created.    I had to recreate that group to clear the issue.   3 Rss feeds that can't be viewed by anyone but admin.  ETC...   Could just be 4.0 bugs, but with the sites history I am the one that feels bugged.

Posted

I feel your pain. I took over a board a few years back. I took it off line to do some major cleanup in isles 7,9,10.... Removed 90 plus spammers and their topics.

Removed those that were supposed to be moderating and tore out all the useless categories. When I was finished there were still threats of malware.... Right now it is an empty license just waiting to be brought back to life one day.

Posted

I feel your pain. I took over a board a few years back. I took it off line to do some major cleanup in isles 7,9,10.... Removed 90 plus spammers and their topics.

Removed those that were supposed to be moderating and tore out all the useless categories. When I was finished there were still threats of malware.... Right now it is an empty license just waiting to be brought back to life one day.

Thank you!    I feel like I have the cooties....  I have always called forum bumps in the night (bugs), the ghosties.  :lol:  

Posted

Thank you!    I feel like I have the cooties....  I have always called forum bumps in the night (bugs), the ghosties.  :lol: 

Never had cooties but I do have 5 very loud dogs. Great for ghost chasing but not reliable for bug tracking or spammer trashing... LOL!!!!!!!

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...