1.2.22 Exploit via Forums?

Sirenic · 2009-10-21 21:21:25

So, I woke up from a nap from when my boards post count SKY ROCKETED.

I looked, and sure enough someone has found an exploit to post ... without even registering into my forums.

Take Note - My guests can't read the board nor shouldn't be able to post.

Here's some pics...

Look at the time of when he posted, all of them are in a MATTER of seconds that he posted. (this is just in one forum, you should see the others..)

---

Look at how the post is, it doens't show the profile, PM, Last visited, last post, etc... it just shows this:

--

When I try to search up the name via user search it comes up with nothing:

______

Please help me guys, I am desperate for help as I have no idea what to do except turn off my forums for the time being.

Reines · 2009-10-21 21:35:09

Hey.

There isn't any post flood limit on guest posting in 1.2 (when 1.2 was designed it was decided that flood control based on IP was bad), and that user info looks exactly how a post by a guest would (if the user title for the guest group is set to "New member"). My first guess would be either the guest permissions aren't as strict as you think, or someone changed them for a bit.

Can you ban the IP address the user is posting from and give me a link to your forum to check out? Email me it if you don't wish to make it public.

Sirenic · 2009-10-21 22:59:55

It's all good, Publicity isn't a problem.

the forums are www.projectp2p.net

I run a forum for a game, you might be familiar about it. (Really, REALLY Familiar)

But when downloading Flux, I was SURE to move over the stuff I only needed within the old web forum files (which you created im sure reines), so there is no reason as to why this is still happening, which is why I have come here. ^_^ I was careful when transfering over the code, and adding in some of my own. I am 85% sure it's nothing I did.

What I've done so far was turn off the ability for members to post or create topics, but are able to view the board and register within.

I've actually banned the IP address already within the Linux system I am using, but he comes back on different IPS.

Last edited by Sirenic (2009-10-21 23:41:57)

sirena · 2009-10-21 23:30:41

Look at your http access logs for the date and time of the posts, that match the IP addresses of this guy.

What do the requests look like? Do they look like regular Flux requests/posts, or not?

That might provide some clues about what is going on.

Sirenic · 2009-10-22 00:30:18

I just got word from an anonymous source that..

It's a program being used to create posts like that, and someone told me if I move my forum folder somewhere else, they'd have to create a whole new program.

Make any sense?

EDIT - Reines I have actually emailed you a program I recieved from someone that does this. Please check your email, I believe you will figure this out once you see this. ^_^

Last edited by Sirenic (2009-10-22 02:10:22)

Smartys · 2009-10-22 04:00:38

My guess? You have a copy of the forum somewhere publicly accessible pointing to the same database but with different cached permissions.

Sirenic · 2009-10-22 04:32:47

Well I chmod 777 /img/avatars

And... cache folder

is it my bad? lol. I am not so good with the "chmod" command in linux.

Dan · 2009-10-22 04:37:47

that yong min is a awful person

Sirenic · 2009-10-22 05:04:23

It's not really him Dan.

Yong Min is a nice person, but whoever is doing this to my forums is pretending to be him.

Smartys · 2009-10-22 06:21:29

Sirenic: Nothing to do with chmod. Do you have any other copies of the code sitting on the server where people might be able to access them? Also, have you double checked guest permissions?

Dan · 2009-10-22 06:56:53

Sirenic wrote:

It's not really him Dan.
Yong Min is a nice person, but whoever is doing this to my forums is pretending to be him.

i know i just came to see if Reines was still alive, tbh i thought he was dead lol and to see if you were getting any feedback for the site

Sirenic · 2009-10-22 07:13:33

Dan wrote:

Sirenic wrote:
It's not really him Dan.
Yong Min is a nice person, but whoever is doing this to my forums is pretending to be him.
i know i just came to see if Reines was still alive, tbh i thought he was dead lol and to see if you were getting any feedback for the site

Lol leave him alone.

He won't help me if 50 people go and bug him about.. you know what lol.

--

Smartys wrote:

Sirenic: Nothing to do with chmod. Do you have any other copies of the code sitting on the server where people might be able to access them? Also, have you double checked guest permissions?

Nope, I don't. And yes, I double checked them..I am sending you an email Smartys on the program coded to spam my forums, it's actually a java file not an actual exe program btw lol so when I say program I meant file ** My bad

Reines · 2009-10-22 12:35:13

I think this has been sorted via email now, but just for anyone else wondering:

The program is just a script to make multiple posts as guest, nothing fancy, it's just easier than hitting submit a bunch of times if someone wants to spam.
The problem was the guest group ID had been changed in the database, meaning the guest permissions weren't being applied.

I've moved this to the support board as it isn't a bug.

Dan · 2009-10-22 17:04:15

ty reines gl with your development

Forums

#1 2009-10-21 21:21:25

1.2.22 Exploit via Forums?

#2 2009-10-21 21:35:09

Re: 1.2.22 Exploit via Forums?

#3 2009-10-21 22:59:55

Re: 1.2.22 Exploit via Forums?

#4 2009-10-21 23:30:41

Re: 1.2.22 Exploit via Forums?

#5 2009-10-22 00:30:18

Re: 1.2.22 Exploit via Forums?

#6 2009-10-22 04:00:38

Re: 1.2.22 Exploit via Forums?

#7 2009-10-22 04:32:47

Re: 1.2.22 Exploit via Forums?

#8 2009-10-22 04:37:47

Re: 1.2.22 Exploit via Forums?

#9 2009-10-22 05:04:23

Re: 1.2.22 Exploit via Forums?

#10 2009-10-22 06:21:29

Re: 1.2.22 Exploit via Forums?

#11 2009-10-22 06:56:53

Re: 1.2.22 Exploit via Forums?

#12 2009-10-22 07:13:33

Re: 1.2.22 Exploit via Forums?

#13 2009-10-22 12:35:13

Re: 1.2.22 Exploit via Forums?

#14 2009-10-22 17:04:15

Re: 1.2.22 Exploit via Forums?

Board footer