IntegraMOD

Vadar probably has it right here... If you have made any of the previous fixes this will save you time and should set things straight... <img>
Mike

Explanation: If you are having problems with white pages or links in your site obtain a fresh copy of functions.php from your original source and add the latest updates from Security Forum 2nd post, 1st fix and replace the functions.php on your site.

Mike

sorry ? not sure what you are answering there

hi, am not sure whether this is the rite topic to post this..

i think we need to patch one more hole.. look at
pafiledb/includes/pafiledb_constants.php

am sure we need to put

Code: Select all

if ( !defined('IN_PHPBB') ){   die ("Hacking attempt!");}    

correct me if am not wrong.. <img>

Dont see how it could hurtà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦


I did some investigating on php security (mind you Im certainly no expert) and I found a page that seemed to have some good advise for making php more secure with .htaccess.

[url=http]Click Here[/url] for the page


Here is the .htaccess settings:

Code: Select all

   # set register globals off  php_value register_globals 0    # set allow_url_fopen off  php_value allow_url_fopen 0    # set magic_quotes_gpc off  php_value magic_quotes_gpc 0    # set magic_quotes_runtime off  php_value magic_quotes_runtime 0

Ive tryed them on my site, so far everything seemed to be working.

Anyone know anything about these, if we should, or should not use the.

Hello everybody

I am sorry to have to say i ead here about .htaccess file as the solution for protections

First these options may apply to certain people only

for example if your site is hosted by a third party, and only if you don't have access to the server's files, then you may apply an htaccess file to a specific directory, and all the subdirectories thereof.

for those who wants an .htaccess wizard generator
follow this link, but please be sure to read everything before using it, because an .htaccess file can compromise the whole of the authentication to your site or webserver. please use with care.

http://developers.evrsoft.com/tools-hta ... ator.shtml

read as much as you possibly can about this little "devil" file lol

Good luck everyone

Hello again

I just had an idea that i would love to share with you all, and if you think it's a lousy idea, then forget it, but i know a lot people who used this technique, with .htaccess file.


is to redirect the whole of your site to another new site example.

when a user clicks on
http://www.hostname.com/you_folder/portal.php

he/she will be redirected to

http://www.hostname/your_new_site/portal.php
you can block access to the first "oldsite" and it will only redirect to the new site which is identical the old one, of course you have to keep the new site updated on regular basis
to use deny from all.
I think it can help to discourage hackers, not to stop them obviously but make their lives miserable.

Please let me know what you think
Thanks

Well fresh copy of the code added with the fixes freshly applied - cross fingers!

I have tried the updates on a fresh funtions.php 3 times and it still goes white. Before applying the fix I no longer have the left side links in the ACP and am unable to view any posts at all.

"honie";p="14921" wrote:I have tried the updates on a fresh funtions.php 3 times and it still goes white. Before applying the fix I no longer have the left side links in the ACP and am unable to view any posts at all.

I Have the same problem.

If I in the ACP something change, I get a white side!
Only if I copy the secured “Includesâ€

Hi everyone

I have a small question for you guys.
if i needed to make a fresh install using Integramod 1.4.0, and use phpBB 2.0.21 or 2.0.20?

Because at the moment i am using intergramod1.4.0 but in order to update it, i have a long way to go, from phpBB 2.0.17.
so can i make a fresh install of 140 with 2.0.21, how can i do that, please?

I know there's the new release but it's still a beta release, which means if i install it now and if it turns out with lots of bugs i have to remove it and start all over again.

i don't mind installing it for tests to help you guys, to see if it has any bugs or problems, but for the live site i'd rather use something more stable.

Thank you all

"Rabi";p="14940" wrote:

"honie";p="14921" wrote:I have tried the updates on a fresh funtions.php 3 times and it still goes white. Before applying the fix I no longer have the left side links in the ACP and am unable to view any posts at all.

I Have the same problem.

If I in the ACP something change, I get a white side!
Only if I copy the secured “Includesâ€

Well patches all applied from scratch and a good percentage of users are still reporting:

"I'm seeing a 'General Error' in the Index. Box in the middle of the page just says Could not find style name 0"

I've rebuilt all the styles / caches but no difference. And no there is no style 0 is the database or anywhere I can see so there has to a problem with the patch.

HELP!

I tried this http://integramod.com/forum/viewtopic.php?t=1979 on a backed up IM140 phpbb2.0.17 forum and it worked very well. The forum updated to IM 1.40 phpbb 2.0.21 with Rev5 update patches.

Additional Edits to functions.php re style 0

The first path of the code is causing the problems in functions.phpà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦ it is incorrect as it make no sense... first off the code that calls the function passes an integer but the first few line of code requires a string... see code

WHERE style_name = '$style'

i.e. the style_name variable is a string (the actual style name)... and is used to return the style id for the next processà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦

This code makes no sense and needs work. I gather the errors stem from an old edit with CH but for now it is not required as we pass the $Style id in the calling codeà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦ so it is not requiredà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦

Code: Select all

 Find];  

This may require additional edits but for now this should solve some problemsà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦
Note the change style block also has the same errorsà¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒâ€šÃ‚ ¦. Later

Cheers Michaelo will give this a try. Will you be updatign the first post in the thread so that this Mod can be easily incorporated by others?

I am looking at the entire function to determine why the code is as is? Once I have determined what was intended I will update the post but for now its for people who are having trouble...

I will also have to rewrite the change style mod as it uses the same strange code... more later...
Mike

"Drop-Forged";p="14891" wrote:...I found a page that seemed to have some good advise for making php more secure with .htaccess.

I have added one more that may or may not actually do something....

Code: Select all

 RewriteEngine onRewriteRule phpbb_root_path hacker_trying_again [L]  

If it does what I think it does, it will rewrite the string "phpbb_root_path" with "hacker_trying_again". I suppose the following would be even more interesting as it would redirect everything containing that string to a web page.

Code: Select all

 RewriteRule (.*)phpbb_root_path(.*) /hacking_attempt.cgi?first=$1&last=$2  

One could even get cleverer and store the first and last parts to see what they were trying.

- John

Cheers for the update Mike, waiting on your wisdom <img>

"macarlisle";p="15068" wrote:Hey guys, I have just added the lines of code and I'm now getting this issue.

Parse error: syntax error, unexpected ':' in /home/westtexas/www/www/phpBB2/includes/functions.php on line 29

Any clues?

Yes: functions.php 2 fixes
You've most probably done just one placement...

The only ] I can see is in [b]Find[color=red]]
And that would be on line 29 if you placed it all together...
That's no code, that's where the second fix starts! <img>

Sorry about that, I didnt pay attiontion to entire line of code.

"macarlisle";p="15074" wrote:Sorry about that, I didnt pay attiontion to entire line of code.

No Problem
You are not the first, and I'm sure that it happens to many more who don't even dare to ask...

The answer to your problem will help them as well... <img>

One other interesting one concerning these changes....

Ref the style change we use a couple of links in QBar on the menu to swap styles between 'full' and 'mobile, such as:

http://www.4winmobile.com/portal.php?s=21

This works great on the PC, but not on any Windows Mobile machine using Pocket Internet Explorer.

Anyone any ideas why?

No matter which style is set that way we end up with the full default style loading.

Can we see the code in QBar?

Now that one is easy:

[flash=,:2jizgjxf]http://www.4winmobile.com/news/qbar.png[/flash:2jizgjxf]

Does that help?

You are calling portal with s=2... I assume you have added code to the portal.php at some point...
Can you post a ziped copy of it.

Mike

Erm, not sure, I think we did.

http://www.4winmobile.com/portal.zip

"twitchy";p="14471" wrote:Ive got one <img>

it actually only affects my album (so far ) wehn i try to access it it says

Hacking attempt... Details Logged

plz help

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

The other difference may be that I am using an .htaccess rewrite to moved forum directory. Could it be a problem there? (I thought I patched all the paths, etc.)


Thanks,
- John

"jwernerny";p="15144" wrote:

"twitchy";p="14471" wrote:it actually only affects my album (so far ) wehn i try to access it it says
Hacking attempt... Details Logged

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

Found it. It looks like I left in a couple of the early patches. If you are having the same problem, look to see if you still have lines that look like below and remove them. The 2nd post in this topic doesn't have them and they just cause problems.

Code: Select all

 // Hack Fixes  280806 //if(strstr($phpbb_root_path, '"')){     die('Hacking attempt... Details Logged');     exit;}if($phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '/' || $phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '.'){       $phpbb_root_path = './';            die('Hacking attempt... Details Logged'); exit;}// Hack Fixes  280806 //  

- John (Who is learning more about PHP then he really wanted to.)

"jwernerny";p="15152" wrote:

"jwernerny";p="15144" wrote:

"twitchy";p="14471" wrote:it actually only affects my album (so far ) wehn i try to access it it says
Hacking attempt... Details Logged

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

Found it. It looks like I left in a couple of the early patches. If you are having the same problem, look to see if you still have lines that look like below and remove them. The 2nd post in this topic doesn't have them and they just cause problems.

Code: Select all

 // Hack Fixes  280806 //if(strstr($phpbb_root_path, '"')){     die('Hacking attempt... Details Logged');     exit;}if($phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '/' || $phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '.'){       $phpbb_root_path = './';            die('Hacking attempt... Details Logged'); exit;}// Hack Fixes  280806 //  

- John (Who is learning more about PHP then he really wanted to.)

I still have those lines in, and I'm not getting any problems. You guys probably distorted the syntax somewhere when doing the updates.

Here's my code, and my site works fine

[quote]<?php
/***************************************************************************
* functions.php
* -------------------
* begin ]

computerz, the code is fine but a bit restrictive for some mods...

If someone has a mod installed outside the root path (which can happen) or in an unusual path inside the root the fix will block them unless they add the path to the code...

It is safe to remove the code as IN_PHPHBB cannot be set by the hackers and it would need to be for a hack to work... I added the php_root_path check because several site informed they were still being hacked even after adding the IN_PHPBB... as it turned out they had other security problems...

Mike

Whew, just got back from vacation and looks like I missed all of the excitement...

I checked-over my server, and I don't see anything out of place (I had register_globals=off) in my php.ini file - was that enough to prevent this attack?

Is there anything else I should be checking?

It looks like most of the hacks did some major damage to sites, but nothing looks out of place on mine (it's a private site so new users need to be verified, and don't have much in the way of posting access until I authorize them) - that may have helped too?

N.

register_globals=off did the trick... )

Mike

Hi, we are using IM Portal (we were hacked using integramod, but decided to move over to just IM portal when restoring)

i have begun to apply the patches but can not find where to appy the following code

where does this go ?

Code: Select all

// Security update 02 September 2006 B starts // Find]) || (int)isset($HTTP_GET_VARS[STYLE_URL]) )    {       (int)$style = urldecode( (isset($HTTP_POST_VARS[STYLE_URL])) ? $HTTP_POST_VARS[STYLE_URL] : (int)$HTTP_GET_VARS[STYLE_URL] );       if($style == 0) { die('Hacking attempt'); exit; }       if ( $theme = setup_style((int)$style) )       {          setcookie($board_config['cookie_name'] . '_style', $style, time() + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);          return;       }    }        if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style']) )    {       $style = $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_style'];       if ( $theme = setup_style((int)$style) )       {          return;       }    } // Security update 02 September 2006 B ends //

This is for the change style mod which is not part of IM Portal... So this update is not required unless you add the change style block...
Mike

Hi Guys, not sure if it is all related. But ever since doing these updates. I have three problems:
1.Tried to add acid theme - would not work
2. Tried to reverted back ro subice and now anoucments block does not work
3. Cannot select any stock style now (orange etc) fromprofile, just style select block
4. Attachments mod seems to be missing stuff.


Any help would be great, thanks.

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem1.gif[/flash:20kr6uij]

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem2.gif[/flash:20kr6uij]

[flash=,:20kr6uij]http://www.irish-paintball.net/images/problem3.gif[/flash:20kr6uij]



Thanks

So my site was just hacked and i had it fixed minutes later. It was the def_auth.php file that was destroyed and i JUST backed up right before the hack lol what luck. Database is fine. I have dodged a bullet a few times now by being able to fix my site BUT sooner or later my site will be destroyed. This register globals thing does it work for one using IM 1.4.0? and it is an out of date version of phpbb as well.


Personally Im thinking of ditching phpbb alltogether and just getting out of the forums thing and going with a regular old website now. this is just to dam much to worry about. months and years of work gets destroyed in minutes. Good thing for backups.

richiebgood, try deleting all your cookies... as they do affect styles... If you still have a problem replace the def_themes.php with an original one as it can become corrupt.

MWE_001, did you add the security fixes [url=http]here![/url]? The affect 1.4.0 and 1.4.1...
Mike

Yeah Michaelo, I got ya on the other post thx, chief. Im getting ready to apply it now and see. Thx again Ray

Imagine dropping in out of the blue like I just did and discovering that there have been security problems with Integramod 1.40. This forum is full of great ideas and discussions but if someone (me) were to start from scratch today to patch a 1.40 installation on phpBB 2.0.17, where the heck would I start?

As suggested I already made my def_auth.php read only but I can't seem to find my php.ini file anywhere on my server.

I run my own W2003 server. The server is on IIS 6 but the forum sites have no extensions applied except for php. The Integramod forum is on a redirected url and port so maybe this has foiled the hackers so far but I still want to get this up to date to avoid problems.

http://forum.brased.org

At this point could someone step back and summarize what needs to be done and where all the files are that can be downloaded.

Appreciate it....

I believe the main reason this has not been undertaken is down to to the size of the support team coupled with the time taken to development and test IntegraMod 1.4.1.

It will include all patches and security fixes. Currently in testing... should be released soon...

Best to get everyone on the same page so we can concentrate efforts. Note most suppliers will implement php5x if they have not already done so, requiring everyone to upgrade sooner or later

Mike

OK then. I shall wait patiently for the 1.41 release. In the meantime, should I upgrade my Kismod 1.40 from php 4.3.11 to 5.1.6?

I read that chaging a few of the parameters in php.ini could avoid possible security risks. It appears it should be normally in the windows directory.

Dummy question here - how could my system be working without it?

php.ini... is in your xamppphp directory if you are using xampp and in windows/winnt if you are using something else....

KisMOd 1.4.0 is actually IntegraMod 1.4.0... Check the security forum for security issues... look at the first two post (i think!). The fixes in the main post solved all problems...

Mike

OK.. I'll rephrase the same message:

Is it OK to upgrade to php 5.1.6 if you have an Integramod 1.4.0 installation?

I have no php.ini file. How could this be?

"rockeiro";p="16877" wrote:I have no php.ini file. How could this be?

There is always a php.ini file, but just not everyone is allowed to find and/or change it...
Some (many) hosts will hide this for the users, and all you can do then, is ask your host to do the modification, because it's also in their own interest to close that door to hackers...

So you can contact your host and ask them to set the register_globals off in php.ini...
Give them this link]http://www.zend.com/zend/art/art-oertli.php[/url]
And ask them to read the part after 'Master the Global Variable Scope' about how they can prevent security holes by doing so..

Ah! for some reason I assume it was a local forum <img>

It IS a local forum on my own server that I can directly access the whole hard drive on and I'm telling you... there's no php.ini in any system path or php program path.

My Security>Info:php says Configuration File (php.ini) Path C:WINDOWS
but it's not there.

Interesting huh?

Maybe that's why this board has been running like a dawg.

I think I'll start with the php.ini-recommended file and see what you guys say need's to be tweaked from there.

Just make sure it's not hidden... after all it is windas... <img>

I will email you a copy you can use if you like...
Mike

That would be helpful.

Thank You.

Discussion moved to new thread in General Discussion: php.ini or lack thereof

There seems to be an exploit for the kb_constants.php now
http://integramod.com/home/viewtopic.php?p=70059#70059

Hello Drop Forged. Is there anyway without copying another authors word for word, give us the run down here per chance? It seems as though I , not sure about others, have been banned from that site or something. Why I would be is beyond me, I dont have permission to view portal.php on that server.

That site's down for some reason.

Basically, the fix is to place...

Code: Select all

if ( !defined('IN_PHPBB') ){   die("Hacking attempt");}

...at the top of each file, after the comment section(the file info section at the top).

Do this to each includes/kb_****.php file.

thx Teelk. I be sure to do that all.

DO NOT DO THESE EDITS I POST, IT IS MERELY A QUESTION


Do you mean to add this on kb_constants.php or all of them?

It wouldn't be

Code: Select all

 if( !defined('IN_PHPBB') )  {       die('Hacking attempt');       exit;  }  

In kb_constants.php

and

Code: Select all

 if ( !defined( 'IN_PORTAL' ) )  {       die( "Hacking attempt" );  }  

In all others except kb_constants.php?

[b]Edit]Or I just thought of something else, wouldn't it be safest to do

Code: Select all

 if( !defined('IN_PHPBB') )  {       die('Hacking attempt');       exit;  }  else  {       if( !defined('IN_PORTAL') )       {           die('Hacking attempt');           exit;       }  }  

?

Or maybe I should stick to what I'm decent at lol

The Knowledge Base MOD was designed to work with both phpBB and mxBB portal. The definition IN_PORTAL isn't used in phpBB or IM, so it is completely ignored. Placing if( !defined('IN_PHPBB') ) code at the start of the file is enough.

I'd do it to all the includes/kb_****.php files, since none of them have that code.