Snitz Forums 2000 - SECURITY FLAW?

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Help Groups for Snitz Forums 2000 Users

Help: General / Classic ASP versions(v3.4.XX)

SECURITY FLAW?

New Topic

Topic Locked

Printer Friendly

Author

Topic

Aaron S.
Average Member

USA
985 Posts

Posted - 03 December 2007 : 23:54:25

A newlt registered person showed up on my site today as an Admin.

I have no idea how this happened.

I think I am up to date on all security patches.

Anyone else seeing anything wierd on their sites?

--Aaron

DOWNLOAD GREAT NEW MODS HERE

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 04 December 2007 : 05:12:03

Yep, there is one. I would advise everyone to stop admiting new members until we can sort this out.

Snitz 3.4 Readme | Like the support? Support Snitz too

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 04 December 2007 : 06:42:45

The fix I posted a couple days ago should work. In active.asp, lines# 123-130 should look like this:


if Request.Form("AllRead") = "Y" then
    '## The redundant line below is necessary, don't delete it.
    lastDate = ChkString(Request.Form("BuildTime"),"SQLString")
    Session(strCookieURL & "last_here_date") = lastDate
    Session(strCookieURL & "last_here_date") = lastDate
    UpdateLastHereDate lastDate,strDBNTUserName
    ActiveSince = ""
end if

Replace what you have now with this code.

Snitz 3.4 Readme | Like the support? Support Snitz too

Edited by - ruirib on 04 December 2007 06:44:00

Aaron S.
Average Member

USA
985 Posts

Posted - 04 December 2007 : 07:34:01

THANKS!

DOWNLOAD GREAT NEW MODS HERE

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 04 December 2007 : 07:54:21

Are you subscribed to the security related bug fixes forum?

Snitz 3.4 Readme | Like the support? Support Snitz too

boborg
Starting Member

21 Posts

Posted - 04 December 2007 : 11:02:05

Sadly I think I felt victim of a hacker using this flaw. Deleted all posts and inserted hacked by Santaxa.

I've got some logs from the FORUM_IPLOG mod if someone would like to see them.

I'm now subscribing to the security related bug fixes forum.

Edited by - boborg on 04 December 2007 11:02:40

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 04 December 2007 : 11:48:30

The posted fix protects against it. Hope you had a backup.

Snitz 3.4 Readme | Like the support? Support Snitz too

the agony booth
Starting Member

19 Posts

Posted - 04 December 2007 : 14:00:40

I got hit by this one, as well.

Quick question, how do I delete the new admin? I don't have direct access to the database right now, and it's not letting me delete this person through the members list.

http://www.agonybooth.com/

the agony booth
Starting Member

19 Posts

Posted - 04 December 2007 : 14:30:59

Okay, I figured it out. You have be logged in as the "super admin" to delete an admin user.

Thankfully, all the hacker did was redirect traffic to his site. He used the IP address 203.160.1.52, which some of you may want to block from your site.

(EDIT: Even Wikipedia considers this to be the IP of a "zombie computer".)

http://www.agonybooth.com/

Edited by - the agony booth on 04 December 2007 14:32:04

endomorph
Junior Member