| Author |
 Topic  |
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
 Posted - 26 April 2002 : 20:14:31
|
| what was the error? No, it doesn't require any other modifications. |
 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 26 April 2002 : 20:17:46
|
It was a type mismatch error, Richard. I just downloaded the most recent version of the code (the one I had was an older one, still 3.3.03, but older) and that seems to have fixed.
I was just gonna post about it, when I saw your post.
Thanks anyway.
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs |
|
|
|
davemarks
Starting Member
United Kingdom
27 Posts |
Posted - 02 May 2002 : 09:54:15
|
For those of us who haven't changed our file in from the original, could you provide a copy of the original file with the bug fix in it which we could then download?
Dave |
|
|
|
Eddie McHam
Starting Member
1 Posts |
Posted - 05 May 2002 : 00:58:22
|
I wonder if this is how our site was hacked Thursday night. Someone got to our Admin name and password (or managed to get into our Access DB, I'm not sure), changed a bunch of Admin options, and really messed things up.
Fortunately, our posts are still there, our web host does keep backups, I was able to pretty much restore everything back to normal, and none of the participants in our forum seemed aware of what had happened (at least, no one complained to me yet....though I'll see them all at church tomorrow, so I'm about to find out.  )
Our forum was hacked by someone named GEnhacker. They changed the admin's name to something unmentionable, turned off a bunch of features, and set a base URL to their website (which I did NOT visit for fear of what might be there).
Is this fix related to what happened to our forum?
|
|
|
|
HandAble.com
Starting Member
15 Posts |
Posted - 05 May 2002 : 20:07:35
|
It should be important to note that after you apply this fix, you should go back and change passwords, especially admin passwords.
----
http://HandAble.com
|
|
|
|
James
Average Member
USA
539 Posts |
Posted - 06 May 2002 : 20:02:53
|
I would like to propose a bug/mailing list that users can subscribe to. It should be mentioned in the download with it's subscribe link and users should be encouraged to subscribe to it. It should be a weekly e-mailing with bug descriptions and links to the fix. For emergency bug/fixes such as this one, it should be sent out immediately in addtion to the weekly mailings. this should be a bug report e-mail list only. I believe that this is something more users would subscribe to than a general mailing list.
-
*Interested in Radio Control*
*The RC Web Board - http://www.rcwebboard.com/* |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 07 May 2002 : 01:20:22
|
See me signature James. We had it for a while.
«------------------------------------------------------»
Want to know when the next version comes out,
as soon as possible? Join our Mailing Lists ! |
|
|
|
James
Average Member
USA
539 Posts |
Posted - 07 May 2002 : 23:30:53
|
quote:
See me signature James. We had it for a while.
I'm referring to just a bug/fixes mailing list, not a general snitz mailing list.
-
*Interested in Radio Control*
*The RC Web Board - http://www.rcwebboard.com/* |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 07 May 2002 : 23:55:59
|
James, that is the only mailing list that we will be sending security updates to. We hardly send out emails to the list so you can be sure you won't be getting much emails from the list apart from information we want our users to know about.
I believe the security update that was sent to that mailing list recently, was the first email we sent for this year to the list.
«------------------------------------------------------»
Want to know when the next version comes out,
as soon as possible? Join our Mailing Lists ! |
|
|
|
liqu1d
Starting Member
Greece
47 Posts |
Posted - 10 May 2002 : 03:34:05
|
quote:
There is a security bug in members.asp that everyone should fix ASAP. Here is what to do:
find this section of code (near the top of members.asp):
if Request.QueryString("method") <> "" then
SortMethod = Request.QueryString("method")
end if
SearchName = Request("M_NAME")
if SearchName = "" then
SearchName = Request.Form("M_NAME")
end if
srchUName = Request("UserName")
srchFName = Request("FirstName")
srchLName = Request("LastName")
srchInitial = Request("INITIAL")
mypage = request("whichpage")
Replace it with this:
if trim(chkString(Request.QueryString("method"),"SQLString")) <> "" then
SortMethod = trim(chkString(Request.QueryString("method"),"SQLString"))
end if
SearchName = trim(chkString(Request("M_NAME"),"SQLString"))
if SearchName = "" then
SearchName = trim(chkString(Request.Form("M_NAME"),"SQLString"))
end if
srchUName = trim(chkString(Request("UserName"),"SQLString"))
srchFName = trim(chkString(Request("FirstName"),"SQLString"))
srchLName = trim(chkString(Request("LastName"),"SQLString"))
srchInitial = trim(chkString(Request("INITIAL"),"SQLString"))
if IsNumeric(srchUName) <> True then srchUName = "1"
if IsNumeric(srchFName) <> True then srchFName = "0"
if IsNumeric(srchLName) <> True then srchLName = "0"
if IsNumeric(srchInitial) <> True then srchInitial = "0"
mypage = trim(chkString(request("whichpage"),"SQLString"))
After being hacked for 3 times I applied the bug fix and everything works... almost perfect. The hacker is trying every day to get my passwords but he can't but the problem is that I cannot sort the members in any way. If I select a different column to sort members I get a message that there are no members. I suppose that the fix does not pass correctly some parameter.
Has anyone else the same problem?
Regards,
Dimitris
liqu1d magic |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 10 May 2002 : 03:53:47
|
| I just tried sorting members by clicking on the headers for the different columns on your site and it worked. |
|
|
|
liqu1d
Starting Member
Greece
47 Posts |
Posted - 10 May 2002 : 04:05:05
|
You are right. I was trying to replicate what the hacker was trying to do, to check if there is still a bug there. So, I guess I didn't pass the parameters correclty.
Sorry for that.
Keep up the good work
Best regards,
Dimitris
liqu1d magic |
|
|
|
wii
Free ASP Hosts Moderator
Denmark
2632 Posts |
Posted - 12 May 2002 : 13:51:25
|
Will this fix work on v. 3.1SR4 ?
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 12 May 2002 : 14:22:44
|
| The members.asp file in v3.1sr4 did not include the ability to search for members. It was available as a MOD. That being said, yes, it should work as long as it doesn't look very different from the v3.3.03 file. |
|
|
|
benjam_in
Starting Member
United Kingdom
19 Posts |
Posted - 13 May 2002 : 09:22:18
|
Thanks for all the help! One of the sites I develop was hacked into 3 times as well. I have added the fix and so far it seems to be working.
Really appreciate all the help. Thanks
Ben
|
|
|
|
Topic |
|
Forum Locked
Topic Locked
