| Author |
 Topic  |
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
gChambers
Starting Member
9 Posts |
 Posted - 24 April 2007 : 16:15:33
|
<quote> Hello all, I'm running a Snitz Forum since 2-3 years (v3.4.03), never had problems since 2 days ago.
Suddenly I can't login anymore as admin (I did not change password or did anything on the admin/profile area).
If I put username and password on the /default.asp page, it says "wrong password", if I go to /admin_login.asp it says: "There has been a problem! You are not allowed access."
But I can login as normal user and people on the forum keep posting and answering normally.
Another problem is that on the header, where is "Home | Profile | Register | ... ", the "Register" link disappeared, if you are looged on or not, the link is missing. </quote>
Funny -- I was just searching for an answer to this exact same problem -- no admin acccess / missing registration link -- looks like there is a lot of this going around.
I'll try to follow the instructions outlined in this thread and will report back with any progress.
|
 |
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 25 April 2007 : 04:11:22
|
It is highly recommended that you upgrade to the latest version of Snitz as well as it appears that this may be a result of a vulnerability in v3.4.03 - nobody has yet provided enough information as to how the member managed to create an admin account for themselves for us to be able to confirm that, though.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 25 April 2007 : 05:36:23
|
It's easy to find forums hacked using the same vulnerability. Just google for listing84. All versions up to 3.4. seem to be vulnerable, but for the 3.4 versions I only found 3.4.03 forums hacked. There are a lot 3.1. SR4 hacked forums and 3.3.x too.
If you have IIS logs, that could help. I'm having a look at some sent by a member, but not cookie info or query string info is kept in these logs, which makes it harder to find the hack. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 25 April 2007 : 05:55:28
|
Looks to me like they could be using this issue to hijack the admin's account.
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Topic |
|
Topic Locked
