Alucqrd Posted October 7 Posted October 7 I'm experiencing a critical security issue with my IPB installation (v4.4.10): Problem: A security flaw is allowing unauthorized access to user accounts, resulting in spam messages across the board. Attempted Solutions: Attempted to update PHP to version 8.2 in my Docker container, but this caused functionality issues for users. Tried updating the board, but the process times out. Current Situation: The board remains vulnerable to this attack. Specific Request: I urgently need a security patch or guidance to address this account compromise issue without requiring a full board update or major configuration changes (custom theme). Constraints: A full update would require significant changes to my Docker configuration and PHP version, and would make my current template obsolete. Please provide a targeted solution to fix this security vulnerability as soon as possible. Any interim measures to protect user accounts would also be greatly appreciated. Thank you for your help.
Marc Posted October 7 Posted October 7 You are going to need to do a full upgrade. There is nothing I can give you to patch any vulnerabilities that have been patched throughout the 36 releases you are behind in software updates. You need to get together with your host to find out why your hosting is timing out. PHP 8.2 indeed will not work. You need to be using PHP 8.1. But I think you may be that far behind, you will need to upload all files, then switch to 8.1, then perform the upgrade. The reality is, the version you are using is coming up to being half a decade old. In terms of the issue itself. Could I ask if you are 100% sure its a vulnerability that is causing your issue? Have you changed passwords on any of the accounts in question to see if its still occuring? What you describe sounds very much like it could be account passwords that are being used, perhaps that have been gotten hold of somewhere outside of the software. SeNioR- 1
fmro Posted Tuesday at 09:59 PM Posted Tuesday at 09:59 PM Something similar is happening to me since October, meaning that someone is getting access to accounts, especially old accounts with no posts and is spamming my forum. I tried banning IP's (is using abroad IPs like from US or Germany). I am out of ideas of how to contain this crisis, so as a last resort I decided to switch registrations to email and admin validation. The problem is that everything is up to date, like I am using PHP Version 8.1.20 and Invision Community v4.7.19. I am hosted to a webhosting company on a Ubuntu Linux 18.04.6, where the ftp access is done by putty with a private key, while I can also upload files using the file manager from the webmin interface. Any suggestions on how to fix this?
Jim M Posted Tuesday at 10:19 PM Posted Tuesday at 10:19 PM The issue is not one of Invision Community or your hosting. It is one of the original user who registered had their credentials leaked via a completely unrelated to Invision Community and their clients’ website. Then they are sold on the black market and spam bots/users use them to login to sites to spam. We do have a feature to alert users when their dormant account is logged into now. You can log all users out and force them to reset their password but if the user also has email compromised, little you can do. You can also enable Two Factor Authentication so this doesn’t happen in the future.
fmro Posted 18 hours ago Posted 18 hours ago Thank you for your feedback on this. I will do a general logout on all users and force reset pass.
Recommended Posts