| Author |
 Topic  |
|
putimeswebmaster
New Member
67 Posts |
 Posted - 13 May 2002 : 16:31:24
|
I get the following error trying to click on a member in members.asp now:
Microsoft OLE DB Provider for ODBC Drivers error '80040e21'
Multiple-step OLE DB operation generated errors. Check each OLE DB status value, if available. No work was done.
/forum/pop_profile.asp, line 110
Pop Up Times Webmaster
http://www.popuptimes.com |
 |
|
|
TD
Starting Member
22 Posts |
Posted - 13 May 2002 : 16:53:47
|
Well, a little too late for me. My forum has been hacked. Now what? Should I just start all over again?
|
|
|
|
GenerationEdge
Junior Member
105 Posts |
Posted - 13 May 2002 : 20:00:51
|
quote:
I don't want to go off on a tangent here  , but after installing the patch, I get the following error message from /members.asp:
quote:
Microsoft VBScript compilation error '800a03f4'
Expected 'If'
/forum/members.asp, line 59
Did I miss anything???
maku
I'm also getting this error. Reverted back to the saved one till I can figure out why I'm getting this error from the patch.
Jason
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 13 May 2002 : 20:31:59
|
| you aren't patching pop_profile.asp, so I don't know why the patch for members.asp would have any affect on it. |
|
|
|
johnoconnor99
Starting Member
26 Posts |
Posted - 24 May 2002 : 05:56:11
|
Instead of applying the fix could I simply download version v3.3.04 and replace my members.asp in v3.3.03 with members.asp in version v3.3.04 ?
Thanks.
JohnO
Thanks Richard. Heres a couple more questions for ya.
1: Would it cause my database any problems if I changed to version v3.3.05 ?
2: Will Access cause me any problems once the forums start growing ? I have over 200 Members in just one week and 1500 posts on four forums.
Edited by - johnoconnor99 on 24 May 2002 06:04:17 |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 24 May 2002 : 05:59:28
|
| yes, the fix is included in v3.3.05 as well. |
|
|
|
BorisVM
Starting Member
34 Posts |
Posted - 04 June 2002 : 09:28:09
|
My forum got "hacked" as well yesterday. If it was a real "hack" then I could extend congratulations to the person who did it, but this way I just banged my head against the wall several times for not investing 10 minutes to change several lines of code.
Richard, thank you for the fix.
Boris
Edited by - BorisVM on 04 June 2002 09:28:54 |
|
|
|
BraswCh
Starting Member
1 Posts |
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 14 June 2002 : 14:10:36
|
| Yes, the fix in this topic is a fix for that vulnerability. The fix that is suggested by that hacker is not the proper fix. |
|
|
|
peachsys
Starting Member
USA
1 Posts |
Posted - 11 July 2002 : 22:41:19
|
Okay...So I got hacked yesterday with this one. I have the IP mod so I know who di it, his ISP (a DSL on suwest.com), etc. He also put in the home page of Valhalla something or other, which appears to be a hack site dedicated to hating Snitz! Any ideas of what I shoudl do with this info? Is there a board of known hackers I should post his IP to?
He didn't really do anything except change the logos and links so far...I know...Fix it and move on...but I'm irked!
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 15 July 2002 : 22:24:03
|
I don't know how I kept missing this topic.. anyway I applied the fix but have to wonder now how the vulnerability works. I read the bugtracker topic and interepreted it the way I thought it should work and before applying the fix I tried to use in on my forum but i did not see any "harmful" info. Could someone email me and give me an idea of how this exploit worked? I assure you I have no malicious intent, just extremely curious.
Dayve "new member of the sf2k mailing list"
http://www.nineinchnailz.com |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 15 July 2002 : 23:32:01
|
quote:
Did you see this: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26930 ? I think you can understand how the hack worked from the info there.
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs
good info but if you can forgive me I can't seem to get how this vulnerability works with the members.asp, I tried it and could not come up with anything questionable. I was just interested in seeing what this attack could do for the wanna-be hacker that visits my site. I have applied the patch but I will continue scratching my head and read more on this general subject.
http://www.nineinchnailz.com |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 15 July 2002 : 23:44:19
|
Dayve,
I've emailed you with a (hopefully) more detailed explanation. Hope it helps.
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs |
|
|
|
ahdkaw
Starting Member
United Kingdom
13 Posts |
Posted - 08 August 2002 : 09:06:10
|
Much praise to the hard-working Administrators of this wonderful board. 
My board was recently attacked by a Turkish SQL Injector, and luckily I caught him in the act as he was logged in as admin and changing the forum settings. The first thing I did was change the Admin password, and then thanks to that, he did the SQL Injection thing again, and I got the info following him through the Active Users mod.
To be perfectly honest, I was shocked at the information presented before me, so I instantly backed up my forum, and then deleted it from under him.
I then came here with the information to hand, and found the security fix for it within a matter of seconds! Many thanks to Richard Kinser for all his hard work. :)
Since adding all the fixes and changing all the moderator and administrator passwords, I have re-opened the forum.
And guess what? Today, another Turkish SQL Injector was trying it again, but he had no such luck this time, and I could laugh heartily at his attempts.
I think I will keep up to date on the fixes from now on.  |
|
|
|
Topic |
|
Forum Locked
Topic Locked
