I realy do not get the point in hacking other... But good that u have a backup😋
(21 Dec 2014, 21:44 )gunz Wrote: [ -> ]I realy do not get the point in hacking other...
Again, I do not think it was not a deliberate hacking attack. It looks like a bug that was accidentally exploited.
Or am I just being overly positive? 😉
Tried phpfreechat version 1.7 and 2.1.0. Could not make 2.1.0 work and switched to 1.7. Still an upgrade from 1.5 😉
Now I see less reasons not to upgrade the forum software. A complete reinstall should also clean up all the mess from the not used plugins. Also, the latest version is more actively supported. All I need is one day. At least. Two days is more reasonable. The plan is to keep the old installation in a "cold standby" mode.
You have one day, make it happen... or else 😉
No, I haven't yet. Too busy.
Ah bugger!
The uploading tool (for attachments) has gone missing - so I'm limited to one at a time uploads using the old method 😟
MJ
(23 Dec 2014, 15:28 )madjack Wrote: [ -> ]The uploading tool (for attachments) has gone missing
Yep, see above (previous page, actually) why. I will enable it again after I upgrade the forum, though no guarantee. I still have no definitive response from the MyBB developers and no reaction at all from the plugin developer (he's from Iran and his MyBB forum is ... mmmm... not quite readable because of my limited language capabilities 😉 ). At least I know that several significant bugs were fixed in 1.8.
Yeah, this is the dilemma. Allow the plugin an pray, that the forum will remain intact or ... upgrade and ... pray 😁
First, I want to apologyze for any trouble caused. It was not my intention to hack, nor I was ripping the site. I've always felt very welcomed in this site and the last thing I would've liked was to cause trouble.
I honestly believe there is a bug in your site and somehow I accidentally was given access to an area I shouldn't and, also by mistake, erased the files. All I wanted to do was to upload some files in a new post I was working, but the upload interface wasn't working properly. At some point I was able to upload a video, but later I wasn't able to find it back. At another point I saw files that were not mine, and I indeed attempted to erase them, but then the connection with the site was lost. I'm terribly sorry... 😟
If I can be on any help to your tech team to find the bug, please let me know. I can tell them the browser, OS, and any other thing relevant to this incident so it doesn't happen again.
Dan
(21 Dec 2014, 14:31 )Like Ra Wrote: [ -> ]I think it was not a hack, but more a coincidence. The plugin may contain a bug but shouldn't the forum access control prevent deleting attachments uploaded by other users?
This is what I send to the MyBB developers:
I think this is what happened - the user was ripping the site with a software that supports javascript and "clicks" on all buttons in all possible combinations. We had this issue before when a user with admin rights was backing up all attachments uploaded to the production inventory database. And wget "clicked" on the "delete" button as well.
But in this case the user does not have elevated rights and that shouldn't have happened.
(01 Jan 2015, 18:42 )dan2010 Wrote: [ -> ]All I wanted to do was to upload some files in a new post I was working, but the upload interface wasn't working properly. At some point I was able to upload a video, but later I wasn't able to find it back. At another point I saw files that were not mine, and I indeed attempted to erase them, but then the connection with the site was lost.
Wow, this is what happened, that's interesting... This is what I saw in the logs:
a.b.c.d - - [19/Dec/2014:20:35:02 +0000] "POST /forum/mybb/xmlhttp.php?action=proremoveAttachment HTTP/1.1" 200 567 "http://www.likera.com/forum/mybb/newthread.php?action=editdraft&tid=1617" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36"
I wonder what caused assigning all images to you. I do not remember doing any weird things with the database, but I did restart PHP and Apache quite often to re-cache the source files. Possibly it was related.
(01 Jan 2015, 18:42 )dan2010 Wrote: [ -> ]At another point I saw files that were not mine, and I indeed attempted to erase them
Very understandable, I would do the same.
The glitch could be caused by the plugin - I noticed that more plugins written by the same author are marked as vulnerable.
Pity there is no alternative to this plugin, the uploading mechanism will be addressed in MyBB 2.0 which is way too far away...
Isn't web-administration a pure fun? 😁