Recent Hacking Discussion (continued...)

[Michaelo]

Vadar probably has it right here... If you have made any of the previous fixes this will save you time and should set things straight... <img>
Mike

Explanation: If you are having problems with white pages or links in your site obtain a fresh copy of functions.php from your original source and add the latest updates from Security Forum 2nd post, 1st fix and replace the functions.php on your site.

Mike

[Oracle_SOD]

sorry ? not sure what you are answering there

[Unregistered]

hi, am not sure whether this is the rite topic to post this..

i think we need to patch one more hole.. look at
pafiledb/includes/pafiledb_constants.php

am sure we need to put

Code: Select all

if ( !defined('IN_PHPBB') ){   die ("Hacking attempt!");}    

correct me if am not wrong.. <img>

[Drop-Forged]

Dont see how it could hurtà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦


I did some investigating on php security (mind you Im certainly no expert) and I found a page that seemed to have some good advise for making php more secure with .htaccess.

[url=http]Click Here[/url] for the page


Here is the .htaccess settings:

Code: Select all

   # set register globals off  php_value register_globals 0    # set allow_url_fopen off  php_value allow_url_fopen 0    # set magic_quotes_gpc off  php_value magic_quotes_gpc 0    # set magic_quotes_runtime off  php_value magic_quotes_runtime 0

Ive tryed them on my site, so far everything seemed to be working.

Anyone know anything about these, if we should, or should not use the.

[adbasque]

Hello everybody

I am sorry to have to say i ead here about .htaccess file as the solution for protections

First these options may apply to certain people only

for example if your site is hosted by a third party, and only if you don't have access to the server's files, then you may apply an htaccess file to a specific directory, and all the subdirectories thereof.

for those who wants an .htaccess wizard generator
follow this link, but please be sure to read everything before using it, because an .htaccess file can compromise the whole of the authentication to your site or webserver. please use with care.

http://developers.evrsoft.com/tools-hta ... ator.shtml

read as much as you possibly can about this little "devil" file lol

Good luck everyone

[adbasque]

Hello again

I just had an idea that i would love to share with you all, and if you think it's a lousy idea, then forget it, but i know a lot people who used this technique, with .htaccess file.


is to redirect the whole of your site to another new site example.

when a user clicks on
http://www.hostname.com/you_folder/portal.php

he/she will be redirected to

http://www.hostname/your_new_site/portal.php
you can block access to the first "oldsite" and it will only redirect to the new site which is identical the old one, of course you have to keep the new site updated on regular basis
to use deny from all.
I think it can help to discourage hackers, not to stop them obviously but make their lives miserable.

Please let me know what you think
Thanks

[tekguru]

Well fresh copy of the code added with the fixes freshly applied - cross fingers!

[honie]

I have tried the updates on a fresh funtions.php 3 times and it still goes white. Before applying the fix I no longer have the left side links in the ACP and am unable to view any posts at all.

[Rabi]

I have tried the updates on a fresh funtions.php 3 times and it still goes white. Before applying the fix I no longer have the left side links in the ACP and am unable to view any posts at all.

I Have the same problem.

If I in the ACP something change, I get a white side!
Only if I copy the secured “Includesâ€

[adbasque]

Hi everyone

I have a small question for you guys.
if i needed to make a fresh install using Integramod 1.4.0, and use phpBB 2.0.21 or 2.0.20?

Because at the moment i am using intergramod1.4.0 but in order to update it, i have a long way to go, from phpBB 2.0.17.
so can i make a fresh install of 140 with 2.0.21, how can i do that, please?

I know there's the new release but it's still a beta release, which means if i install it now and if it turns out with lots of bugs i have to remove it and start all over again.

i don't mind installing it for tests to help you guys, to see if it has any bugs or problems, but for the live site i'd rather use something more stable.

Thank you all

[honie]

I have tried the updates on a fresh funtions.php 3 times and it still goes white. Before applying the fix I no longer have the left side links in the ACP and am unable to view any posts at all.

I Have the same problem.

If I in the ACP something change, I get a white side!
Only if I copy the secured “Includesâ€

[tekguru]

Well patches all applied from scratch and a good percentage of users are still reporting:

"I'm seeing a 'General Error' in the Index. Box in the middle of the page just says Could not find style name 0"

I've rebuilt all the styles / caches but no difference. And no there is no style 0 is the database or anywhere I can see so there has to a problem with the patch.

HELP!

[Fubie]

I tried this http://integramod.com/forum/viewtopic.php?t=1979 on a backed up IM140 phpbb2.0.17 forum and it worked very well. The forum updated to IM 1.40 phpbb 2.0.21 with Rev5 update patches.

[Michaelo]

Additional Edits to functions.php re style 0

The first path of the code is causing the problems in functions.phpà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦ it is incorrect as it make no sense... first off the code that calls the function passes an integer but the first few line of code requires a string... see code

WHERE style_name = '$style'

i.e. the style_name variable is a string (the actual style name)... and is used to return the style id for the next processà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦

This code makes no sense and needs work. I gather the errors stem from an old edit with CH but for now it is not required as we pass the $Style id in the calling codeà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦ so it is not requiredà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦

Code: Select all

 Find];  

This may require additional edits but for now this should solve some problemsà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦
Note the change style block also has the same errorsà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦. Later

[tekguru]

Cheers Michaelo will give this a try. Will you be updatign the first post in the thread so that this Mod can be easily incorporated by others?