IntegraMOD

[tekguru]

Erm, not sure, I think we did.

http://www.4winmobile.com/portal.zip

[jwernerny]

Ive got one <img>

it actually only affects my album (so far ) wehn i try to access it it says

Hacking attempt... Details Logged

plz help

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

The other difference may be that I am using an .htaccess rewrite to moved forum directory. Could it be a problem there? (I thought I patched all the paths, etc.)


Thanks,
- John

[jwernerny]

it actually only affects my album (so far ) wehn i try to access it it says
Hacking attempt... Details Logged

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

Found it. It looks like I left in a couple of the early patches. If you are having the same problem, look to see if you still have lines that look like below and remove them. The 2nd post in this topic doesn't have them and they just cause problems.

Code: Select all

 // Hack Fixes  280806 //if(strstr($phpbb_root_path, '"')){     die('Hacking attempt... Details Logged');     exit;}if($phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '/' || $phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '.'){       $phpbb_root_path = './';            die('Hacking attempt... Details Logged'); exit;}// Hack Fixes  280806 //  

- John (Who is learning more about PHP then he really wanted to.)

[computerz]

it actually only affects my album (so far ) wehn i try to access it it says
Hacking attempt... Details Logged

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

Found it. It looks like I left in a couple of the early patches. If you are having the same problem, look to see if you still have lines that look like below and remove them. The 2nd post in this topic doesn't have them and they just cause problems.

Code: Select all

 // Hack Fixes  280806 //if(strstr($phpbb_root_path, '"')){     die('Hacking attempt... Details Logged');     exit;}if($phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '/' || $phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '.'){       $phpbb_root_path = './';            die('Hacking attempt... Details Logged'); exit;}// Hack Fixes  280806 //  

- John (Who is learning more about PHP then he really wanted to.)

I still have those lines in, and I'm not getting any problems. You guys probably distorted the syntax somewhere when doing the updates.

Here's my code, and my site works fine

[quote]<?php
/***************************************************************************
* functions.php
* -------------------
* begin ]

[Michaelo]

computerz, the code is fine but a bit restrictive for some mods...

If someone has a mod installed outside the root path (which can happen) or in an unusual path inside the root the fix will block them unless they add the path to the code...

It is safe to remove the code as IN_PHPHBB cannot be set by the hackers and it would need to be for a hack to work... I added the php_root_path check because several site informed they were still being hacked even after adding the IN_PHPBB... as it turned out they had other security problems...

Mike

[Nogami]

Whew, just got back from vacation and looks like I missed all of the excitement...

I checked-over my server, and I don't see anything out of place (I had register_globals=off) in my php.ini file - was that enough to prevent this attack?

Is there anything else I should be checking?

It looks like most of the hacks did some major damage to sites, but nothing looks out of place on mine (it's a private site so new users need to be verified, and don't have much in the way of posting access until I authorize them) - that may have helped too?

N.

[Michaelo]

register_globals=off did the trick... )

Mike

[Oracle_SOD]

Hi, we are using IM Portal (we were hacked using integramod, but decided to move over to just IM portal when restoring)

i have begun to apply the patches but can not find where to appy the following code

where does this go ?

Code: Select all

// Security update 02 September 2006 B starts // Find]) || (int)isset($HTTP_GET_VARS[STYLE_URL]) )    {       (int)$style = urldecode( (isset($HTTP_POST_VARS[STYLE_URL])) ? $HTTP_POST_VARS[STYLE_URL] : (int)$HTTP_GET_VARS[STYLE_URL] );       if($style == 0) { die('Hacking attempt'); exit; }       if ( $theme = setup_style((int)$style) )       {          setcookie($board_config['cookie_name'] . '_style', $style, time() + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);          return;       }    }        if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style']) )    {       $style = $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style'];       if ( $theme = setup_style((int)$style) )       {          return;       }    } // Security update 02 September 2006 B ends //

[Michaelo]

This is for the change style mod which is not part of IM Portal... So this update is not required unless you add the change style block...
Mike

[richiebgood]

Hi Guys, not sure if it is all related. But ever since doing these updates. I have three problems:
1.Tried to add acid theme - would not work
2. Tried to reverted back ro subice and now anoucments block does not work
3. Cannot select any stock style now (orange etc) fromprofile, just style select block
4. Attachments mod seems to be missing stuff.


Any help would be great, thanks.

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem1.gif[/flash:20kr6uij]

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem2.gif[/flash:20kr6uij]

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem3.gif[/flash:20kr6uij]



Thanks

[DjPorkchop]

So my site was just hacked and i had it fixed minutes later. It was the def_auth.php file that was destroyed and i JUST backed up right before the hack lol what luck. Database is fine. I have dodged a bullet a few times now by being able to fix my site BUT sooner or later my site will be destroyed. This register globals thing does it work for one using IM 1.4.0? and it is an out of date version of phpbb as well.


Personally Im thinking of ditching phpbb alltogether and just getting out of the forums thing and going with a regular old website now. this is just to dam much to worry about. months and years of work gets destroyed in minutes. Good thing for backups.

[Michaelo]

richiebgood, try deleting all your cookies... as they do affect styles... If you still have a problem replace the def_themes.php with an original one as it can become corrupt.

MWE_001, did you add the security fixes [url=http]here![/url]? The affect 1.4.0 and 1.4.1...
Mike

[DjPorkchop]

Yeah Michaelo, I got ya on the other post thx, chief. Im getting ready to apply it now and see. Thx again Ray

[rockeiro]

Imagine dropping in out of the blue like I just did and discovering that there have been security problems with Integramod 1.40. This forum is full of great ideas and discussions but if someone (me) were to start from scratch today to patch a 1.40 installation on phpBB 2.0.17, where the heck would I start?

As suggested I already made my def_auth.php read only but I can't seem to find my php.ini file anywhere on my server.

I run my own W2003 server. The server is on IIS 6 but the forum sites have no extensions applied except for php. The Integramod forum is on a redirected url and port so maybe this has foiled the hackers so far but I still want to get this up to date to avoid problems.

http://forum.brased.org

At this point could someone step back and summarize what needs to be done and where all the files are that can be downloaded.

Appreciate it....

[Michaelo]

I believe the main reason this has not been undertaken is down to to the size of the support team coupled with the time taken to development and test IntegraMod 1.4.1.

It will include all patches and security fixes. Currently in testing... should be released soon...

Best to get everyone on the same page so we can concentrate efforts. Note most suppliers will implement php5x if they have not already done so, requiring everyone to upgrade sooner or later

Mike

[rockeiro]

OK then. I shall wait patiently for the 1.41 release. In the meantime, should I upgrade my Kismod 1.40 from php 4.3.11 to 5.1.6?

I read that chaging a few of the parameters in php.ini could avoid possible security risks. It appears it should be normally in the windows directory.

Dummy question here - how could my system be working without it?

[Michaelo]

php.ini... is in your xamppphp directory if you are using xampp and in windows/winnt if you are using something else....

KisMOd 1.4.0 is actually IntegraMod 1.4.0... Check the security forum for security issues... look at the first two post (i think!). The fixes in the main post solved all problems...

Mike

[rockeiro]

OK.. I'll rephrase the same message:

Is it OK to upgrade to php 5.1.6 if you have an Integramod 1.4.0 installation?

I have no php.ini file. How could this be?

[evolver]

I have no php.ini file. How could this be?

There is always a php.ini file, but just not everyone is allowed to find and/or change it...
Some (many) hosts will hide this for the users, and all you can do then, is ask your host to do the modification, because it's also in their own interest to close that door to hackers...

So you can contact your host and ask them to set the register_globals off in php.ini...
Give them this link]http://www.zend.com/zend/art/art-oertli.php[/url]
And ask them to read the part after 'Master the Global Variable Scope' about how they can prevent security holes by doing so..

[Michaelo]

Ah! for some reason I assume it was a local forum <img>

[rockeiro]

It IS a local forum on my own server that I can directly access the whole hard drive on and I'm telling you... there's no php.ini in any system path or php program path.

My Security>Info:php says Configuration File (php.ini) Path C:WINDOWS
but it's not there.

Interesting huh?

Maybe that's why this board has been running like a dawg.

I think I'll start with the php.ini-recommended file and see what you guys say need's to be tweaked from there.

[Michaelo]

Just make sure it's not hidden... after all it is windas... <img>

I will email you a copy you can use if you like...
Mike

[rockeiro]

That would be helpful.

Thank You.

Discussion moved to new thread in General Discussion: php.ini or lack thereof

[Drop-Forged]

There seems to be an exploit for the kb_constants.php now
http://integramod.com/home/viewtopic.php?p=70059#70059

[DjPorkchop]

Hello Drop Forged. Is there anyway without copying another authors word for word, give us the run down here per chance? It seems as though I , not sure about others, have been banned from that site or something. Why I would be is beyond me, I dont have permission to view portal.php on that server.

[Teelk]

That site's down for some reason.

Basically, the fix is to place...

Code: Select all

if ( !defined('IN_PHPBB') ){   die("Hacking attempt");}

...at the top of each file, after the comment section(the file info section at the top).

Do this to each includes/kb_****.php file.

[DjPorkchop]

thx Teelk. I be sure to do that all.

[Frost]

DO NOT DO THESE EDITS I POST, IT IS MERELY A QUESTION


Do you mean to add this on kb_constants.php or all of them?

It wouldn't be

Code: Select all

 if( !defined('IN_PHPBB') )  {       die('Hacking attempt');       exit;  }  

In kb_constants.php

and

Code: Select all

 if ( !defined( 'IN_PORTAL' ) )  {       die( "Hacking attempt" );  }  

In all others except kb_constants.php?

[b]Edit]Or I just thought of something else, wouldn't it be safest to do

Code: Select all

 if( !defined('IN_PHPBB') )  {       die('Hacking attempt');       exit;  }  else  {       if( !defined('IN_PORTAL') )       {           die('Hacking attempt');           exit;       }  }  

?

Or maybe I should stick to what I'm decent at lol

[Teelk]

The Knowledge Base MOD was designed to work with both phpBB and mxBB portal. The definition IN_PORTAL isn't used in phpBB or IM, so it is completely ignored. Placing if( !defined('IN_PHPBB') ) code at the start of the file is enough.

I'd do it to all the includes/kb_****.php files, since none of them have that code.