| Author |
 Topic  |
|
|
pierretopping
Junior Member
United Kingdom
224 Posts |
 Posted - 20 June 2013 : 09:52:54
|
Hi All,
We are running 3.4.05, and thought we had applied all the security fix's, but one user account is still being hacked.
I have checked the log files and got the below...
Any thoughts please 
/forum/post_info.asp - 80 - 192.80.186.242 HTTP/1.0 Opera/9.80+(Windows+NT+6.1)+Presto/2.12.388+Version/12.10 ASPSESSIONIDCAASQCAB=MHLLEJHBFOIBOCBBHHCNDNBN http://www.tredegar.co.uk/forum/post.asp?method=Topic&FORUM_ID=29 |
|
|
Carefree
Advanced Member
Philippines
4217 Posts |
Posted - 20 June 2013 : 12:14:31
|
| That IP goes to a cloud server, could be anyone from anywhere. Best guess is that if you applied all the posted security fixes, you have a mod somewhere which has a security hole of its own. |
 |
|
|
pierretopping
Junior Member
United Kingdom
224 Posts |
Posted - 20 June 2013 : 12:44:50
|
quote:
Originally posted by Carefree
That IP goes to a cloud server, could be anyone from anywhere. Best guess is that if you applied all the posted security fixes, you have a mod somewhere which has a security hole of its own.
Thanks Carefree.
The only fix I can see for the version I'm running on that effects post_info.asp is for version.07 ?
Would you think it is worth while me checking that I have done fix http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60011
??
Thanks 
P. |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
pierretopping
Junior Member
United Kingdom
224 Posts |
Posted - 20 June 2013 : 17:26:57
|
Hi, we'll the post appears to be from an existing member,but contains all type of links.
It has only happened to one long standing member of the forum, and he has changed his password, and as carefree said the IP address is from a cloud ,,,,, |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
pierretopping
Junior Member
United Kingdom
224 Posts |
Posted - 21 June 2013 : 08:03:05
|
quote:
Originally posted by ruirib
So you are saying that hack was a post made by someone using someone else's account?
Hackers usually do not do just that, so it doesn't really seem a hack to me. Have you implemented the fix here (look to the final solution posted): http://forum.snitz.com/forum/topic.asp?TOPIC_ID=67497&SearchTerms=appVarsLoadError ?
I
Hi ruirib,
Thanks for the link, I have now placed that fix in my config.asp file.
It is very strange, I even changed the users name (but kept his member_id the same) and it was stilled spammed.
Very strange how its only the one users account that is being used.
Thanks for your help all 
Pierre |
|
|
| |
Topic |
|
