Patch

Post by **JensJohansson** » Tue Dec 14, 2004 6:28 pm

I had to patch a few board files due to a security issue. I did the critical ones manually since they seemed to bundle some less useful stuff. Might do it later.

Thanks to Kaoru for pointing out that there was a bulletin.

Any irregularities -> contact me via email.

Nothing else to report at this time.

Electric Eye · Post by **Electric Eye** » Tue Dec 14, 2004 9:04 pm

JensJohansson wrote:Nothing else to report at this time.

What a pity...

So Death May Die · Post by **So Death May Die** » Tue Dec 14, 2004 9:20 pm

Electric Eye wrote:
JensJohansson wrote:Nothing else to report at this time.
What a pity...

Oh well... at least the underpopulated forum is getting fixed somewhat.

Post by **JensJohansson** » Tue Dec 14, 2004 10:38 pm

So Death May Die wrote: Oh well... at least the underpopulated forum is getting fixed somewhat.

Oh it's not really getting fixed, I mean it will look the same.

If there was some sort of compromise because of this I have just about decided I will probably just delete it. Enough already.

SQL injection on the strato site would be Very Very Bad. Tero tied mysql into almost everything. I like static pages me, call me a dinosaur. What the fuck is a filesystem if not just another database??!??

I am grepping the logs as we type. I tell you, if some goblin got in I really will wash my hands of this phpbb forum shit, this bug ridden viper's nest, this fucking shit piñata..

But lets hope for the best!

EDIT:

Well this time we all were lucky. The closest thing to a breach was some romanian trying to execute a file. Wrong binary format....

Other people just drifting by and looking around. "w;uname -a;id" etc.

Somehow the apparent battle of egos about this whole exploit doesn't give me a warm feeling about phpBB... no offense.

http://www.phpbb.com/phpBB/viewtopic.ph ... sc&start=0

I do wonder what other holes are in this piece of shit.

browneyedgirl · Post by **browneyedgirl** » Wed Dec 15, 2004 12:29 pm

I Was able to change my profile! YIPPPPPPPEEEEEEEEE!!!!:rvd:

Thanks, Jens!!!!Hope it stays clear----I like variety in my sig&avatar. I like to change it ever so often!

:leapfrog: :jump2: :crazy2:

HEEEHEEEEHEEEE!

hatescream · Post by **hatescream** » Wed Dec 15, 2004 12:43 pm

JensJohansson wrote:
So Death May Die wrote: Oh well... at least the underpopulated forum is getting fixed somewhat.
Oh it's not really getting fixed, I mean it will look the same.

If there was some sort of compromise because of this I have just about decided I will probably just delete it. Enough already.

SQL injection on the strato site would be Very Very Bad. Tero tied mysql into almost everything. I like static pages me, call me a dinosaur. What the fuck is a filesystem if not just another database??!??

I am grepping the logs as we type. I tell you, if some goblin got in I really will wash my hands of this phpbb forum shit, this bug ridden viper's nest, this fucking shit piñata..

But lets hope for the best!

EDIT:

Well this time we all were lucky. The closest thing to a breach was some romanian trying to execute a file. Wrong binary format.... Other people just drifting by and looking around. "w;uname -a;id" etc.

Somehow the apparent battle of egos about this whole exploit doesn't give me a warm feeling about phpBB... no offense.

http://www.phpbb.com/phpBB/viewtopic.ph ... sc&start=0

I do wonder what other holes are in this piece of shit.

maybe you could just erase the board and re-install it as new...

Kaoru · Post by **Kaoru** » Sat Dec 25, 2004 4:39 pm

JensJohansson wrote:Thanks to Kaoru for pointing out that there was a bulletin.

Sorry , late to come here...

After I did automatic update, I rewrote manually of mine.

BTW
Some days ago , Google bot came to my forum in many times in many days.
It used about the half of my server's Bandwidth.
(Maybe by Santy???)
I denied their IP.

Kaoru · Post by **Kaoru** » Sat Dec 25, 2004 4:46 pm

hatescream wrote:maybe you could just erase the board and re-install it as new...

I think it's not easy.
and even if Jens did re-install , but is not solved only with it in case of using PHP CGI etc.

cliff · Post by **cliff** » Sat Dec 25, 2004 7:06 pm

Kaoru wrote:[Some days ago , Google bot came to my forum in many times in many days.
It used about the half of my server's Bandwidth.
(Maybe by Santy???)
I denied their IP.

Good thing !
Google is the biggest spyware u could ever find around.
I still can't understand why Strato team put that stupid ad banner here.
Of course there was one "good" thing in it, but still, one thing against many bad ones...

Kaoru · Post by **Kaoru** » Sat Dec 25, 2004 7:22 pm

cliff wrote:
Kaoru wrote:[Some days ago , Google bot came to my forum in many times in many days.
It used about the half of my server's Bandwidth.
(Maybe by Santy???)
I denied their IP.
Good thing !
Google is the biggest spyware u could ever find around.
I still can't understand why Strato team put that stupid ad banner here.
Of course there was one "good" thing in it, but still, one thing against many bad ones...

I think Google is not bad for some purpose.
I usually don't deny them.
But at now , It is not usual.
They come too much!
So I denied them.

banner?
I think I looked it once , but it is not visible to me.
Is it still visible to you?

cliff · Post by **cliff** » Sat Dec 25, 2004 7:39 pm

Kaoru wrote:[banner?
I think I looked it once , but it is not visible to me.
Is it still visible to you?

not anymore.
They probably forgot to put it back with the new Php code.
or perhaps removed it in purpose, en tiedä.

Stratovarius Community

Patch

Re: Patch

Re: Patch

Re: Patch

Re: Patch

Re: Patch

Re: Patch

Re: Patch

Re: Patch

Re: Patch

Re: Patch