| Author |
 Topic  |
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
 Posted - 18 December 2007 : 17:34:11
|
That just means that the fix stopped you from being hacked. The bug forum has an updated version that will ensure that only numeric expressions will be stored in the database.
|
Snitz 3.4 Readme | Like the support? Support Snitz too |
 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 18 December 2007 : 19:40:33
|
Deleting the guy would be an option. That doesn't happen in all forums, there are quite a few where those side effects did not occur.
Anyway, if you want to avoid that, you can either apply the recommendation made here or replace the current version of your UpdateLastHereDate function, in inc_func_common.asp by this code:
function UpdateLastHereDate(fTime,UserName)
UserIPAddress = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If UserIPAddress = "" or Left(UserIPAddress, 7) = "unknown" Then
UserIPAddress = Request.ServerVariables("REMOTE_ADDR")
ElseIf InStr(UserIPAddress, ",") > 0 Then
UserIPAddress = Left(UserIPAddress, InStr(UserIPAddress, ",")-1)
ElseIf InStr(UserIPAddress, ";") > 0 Then
UserIPAddress = Left(UserIPAddress, InStr(UserIPAddress, ";")-1)
End If
If InStr(UserIPAddress, ":") > 0 then
UserIPAddress = Left(UserIPAddress, InStr(UserIPAddress, ":")-1)
End If
If Not isValidForumDateString(fTime) Then
fTime = DateToStr(strForumTimeAdjust)
End If
'## Forum_SQL - Do DB Update
strSql = "UPDATE " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " SET M_LASTHEREDATE = '" & fTime & "'"
strSql = strSql & ", M_LAST_IP = '" & UserIPAddress & "'"
strSql = strSql & " WHERE " & strDBNTSQLName & " = '" & ChkString(UserName, "SQLString") & "' "
my_conn.Execute (strSql),,adCmdText + adExecuteNoRecords
end function
function isValidForumDateString(fDate)
set regEx = New RegExp
regEx.Global = true
regEx.Pattern = "^[123][0-9]{13}$"
retVal = regEx.Test(fDate)
set regEx = nothing
if Not retVal Then
validDateString = false
Else
validDateString = true
end if
end function
This won't solve the problem for that user, though. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
weeweeslap
Senior Member
USA
1077 Posts |
Posted - 18 December 2007 : 20:49:20
|
| The problem was also found to be in some mods, one of the mods being Unanswerd topics where unanswered.asp has the same flaw and needs to be fix and such was announced in the forum here (can't find it right now) so if you have that mod in your modded site, or any other mod that was sort of based off active.asp, then you should check that out Image. |
coaster crazy |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 18 December 2007 : 20:57:00
|
Image,
You know, somehow your code is less resistant to a bad value in a last visit date than my own test 3.4.06 version. The result I usually saw is exemplified by the image posted by Aaron here: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=66059
Anyway, I've provided you with two alternatives that won't cause that issue on versions of the forum code less resistant to a bad value on the members last visit date, one of which had been posted a few days ago. You, not being born yesterday, must have realized that already, so I fail to see the point of this last post of yours.
Even better, you can code your own fix and add it to your forum version, if you don't like any of mine.
|
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
SiSL
Average Member
Turkey
671 Posts |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
mdelcour2000
Junior Member
United States
133 Posts |
Posted - 26 January 2008 : 16:22:38
|
ok, I have installed the fixes from Ruirub several times over, today, my forum was hacked once more. This time they deleted almost all of my members and their posts and left this message:
Hacked By Ozel Kuvvetler-BordoBereliler / AYT
Don't Be Silent About War Of Iraq !
Innocent People Die Every Day,Every Hour In Iraq !
We Are Your Nightmare In CyberWorld !
Don't Forget it ;
One Turk Against The World..
SawTurk - Swantska - The UnderTaker - ClientCode - Deli61 - pikatel1 - Vasili - F34RL355 - Amen - Turk67 - AdReNalin
SANAL ALEMiN BORDO BERELi ASKERLERi
AYYILDIZ TiM
They also deleted my forum logo and changed several other things. You can see the results they left at www.thatsmychurch.com hurry though, I am going to shut this down tommorrow 1-27-08!
Please help me find some answers! |
http://lacledeforum.com/
"Never get so busy doing the work of the kingdom that you forget who the King is" |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 26 January 2008 : 16:43:19
|
| Did you check for admins you don't know? |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
mdelcour2000
Junior Member
United States
133 Posts |
Posted - 26 January 2008 : 22:00:21
|
| yes, I have a few mods installed on it, however I have disabled most of them. Here is a link to a Zip File containing Default.asp, Config.asp, inc_func_common.asp, and active.asp I don't know exactly what all you want. www.thatsmychurch.com/churchfiles.zip |
http://lacledeforum.com/
"Never get so busy doing the work of the kingdom that you forget who the King is" |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 27 January 2008 : 06:11:59
|
What mods were those? Active.asp seems adequately protected, that shouldn't be the way in. Maybe you should just download a new 3.4.06 clean version and replace all your files by the ones in the download.
Do you have access to web server logs? I really would like to see hoe they got in. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 27 January 2008 : 07:37:34
|
I missed that, certainly because I have no login.
My advice would be to just delete all existing files and use a new Snitz download. Make sure it's a recent download, to include the active.asp patch. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
mdelcour2000
Junior Member
United States
133 Posts |
Posted - 27 January 2008 : 12:48:44
|
| thanks, I will do that. I appreciate everyone's help! :)) |
http://lacledeforum.com/
"Never get so busy doing the work of the kingdom that you forget who the King is" |
|
|
|
Topic |
|
Topic Locked
