Jump to content


How do you all like the new forum?


  • Please log in to reply
149 replies to this topic

#141 Prometheus

Prometheus

    Legendary

  • Members
  • PipPipPipPipPip
  • 642 posts
  • Location:California (I Wish)

Posted 04 January 2005 - 06:15 PM

This is going to take some getting used to!
:D
Anyway i missed you all glad to have the forum back!
I <3 RJ

#142 gorilla

gorilla

    Legendary

  • Members
  • PipPipPipPipPip
  • 1109 posts
  • Location:Your urinal tract.

Posted 05 January 2005 - 07:58 AM

I'm in blue hell!!!!

#143 Tycho Celchu

Tycho Celchu

    Godlike

  • Members
  • PipPipPipPipPipPip
  • 2470 posts
  • Location:On my butt.

Posted 06 January 2005 - 06:19 PM

Frigidman, on January 4th 2005, 06:18 AM, said:

The IMG Server is running the latest PHP version, it was even using the latest after the second time the "bug" was exploited to destroy the website files. So upgrading PHP to the latest version _did_not_ fix the problem that phpBB was the sole cause of.

Probably adding a bit of fuel to a fire...

There is either a misprint in the C|Net news article that Tuncer linked to in the comments of the downtime article, or something else is amiss.

It says:

Quote

Initial analyses by the ISC had concluded that the flaw exploited by the worm occured in the software that interprets Web pages written scripting language PHP: Hypertext Preprocessor (PHP). That flaw was found last week.

So to me, it sounds like that the update to PHP fixed it. Please tell me if you feel that I am misinterpreting the problem.
"To be great is to be misunderstood" - Ralph Waldo Emerson

#144 Frigidman™

Frigidman™

    Eye Sea Yew

  • Admin
  • 4265 posts
  • Steam ID:frigidman
  • Location:East mahn, East!
  • Pro Member:Yes

Posted 06 January 2005 - 07:01 PM

You are :)

Simple facts you may not be aware of for the situation:

The worm hit IMG before PHP was upgraded.
The worm hit IMG before phpBB was upgraded.
The worm hit IMG after PHP was upgraded.
The worm stopped hitting IMG when phpBB was deleted.

So, even though IMG upgraded to the latest PHP version, as soon as the old phpBB was put back, the whole site was blown again. Logically, that would suggest that upgrading PHP had no flippen cause of relief from that damnedable worm and it was directly related to the existence of phpBB.

Either the case, phpBB aint coming back. Its a heap of trash compared to this system.

-Fm [1oM7]
"I'm not incorruptible, I am so corrupt nothing you can offer me is tempting." - Alfred Bester


#145 Tycho Celchu

Tycho Celchu

    Godlike

  • Members
  • PipPipPipPipPipPip
  • 2470 posts
  • Location:On my butt.

Posted 06 January 2005 - 07:08 PM

Ok, here is another question:

Was the worm that hit IMG after PHP version upgraded a newer version? That could very well explain why that C|Net article claims it fixed the original problem, which it could have. Then after you did upgrade PHP, a newer version of the worm hit (like some people were reporting) that used a different vulnerability. That would seem to make sense with the situation you described.

(Probably looking at this a bit too much, but I am curious for some smaller projects of mine that use phpBB, though the latest version ;) )
"To be great is to be misunderstood" - Ralph Waldo Emerson

#146 Frigidman™

Frigidman™

    Eye Sea Yew

  • Admin
  • 4265 posts
  • Steam ID:frigidman
  • Location:East mahn, East!
  • Pro Member:Yes

Posted 06 January 2005 - 08:49 PM

According to Tuncer and Bryan, it was all in a matter of an hour or two. So, if the worm WAS a newer version that got through phpBB and the newly installed PHP 4.3.10, then the guy who wrote it was really on the ball. However, I would think that if it was a new exploit in PHP 4.3.10... then why havn't we (or many other sites) gotten hit again? The only common factor with IMG's particular case, was phpBB. All problems disappeared the moment phpBB was completely deleted from the directories.

We didn't bother to upgrade phpBB... so, don't know if it would have worked or not. Either the case, the resulting hack, was the placement of those html files with the defaced message, and the worm generation number. It was up like at gen 16 or something.

ANYHOW, apparently phpBB has been the cause of many prior cases with hacks and exploits within IMG over the past year or two. So, Tuncer got a bit fired up and threw in the towel on phpBB and decided on this new system.

Problem I see with most all of these forum packages, is that the writers go WAY to far with the code, making it so insanely complex with major overhead, high level actions and scripting, that their using almost every aspect of PHP. Using that much code, leaves much to be desired, and will no doubt open anyone up to a new found exploit within PHP or the package code itself. Most times the problems lie in shatty programming that just simply allow someone to do something henious! Like, ho, lets say write a file to the hard drive that includes args from a POST!@%$@#@ :)

-Fm [1oM7]
"I'm not incorruptible, I am so corrupt nothing you can offer me is tempting." - Alfred Bester


#147 a2daj

a2daj

    Uberspewer

  • IMG Pro Users
  • PipPipPipPipPipPipPip
  • 3400 posts
  • Pro Member:Yes

Posted 07 January 2005 - 05:27 PM

Anyone notice that a few of the people who appreciate the expanded forum selection are posting new threads in the wrong forums a little too often?
Dual 2.5 GHz G5-RADEON X800 -4 GB RAM-Revo 7.1
MBP 2.0GHz -Mobility RADEON X1600-2 GB RAM

#148 the Battle Cat

the Battle Cat

    Carnage Served Raw

  • Admin
  • 17430 posts
  • Location:Citadel City, Lh'owon
  • Pro Member:Yes

Posted 07 January 2005 - 07:20 PM

Are you saying that you think some people are purposefully posting in the wrong forum?  There is another thread in Feedback complaining about all the "moved" links is why I ask.
Gary Simmons
the Battle Cat

#149 a2daj

a2daj

    Uberspewer

  • IMG Pro Users
  • PipPipPipPipPipPipPip
  • 3400 posts
  • Pro Member:Yes

Posted 07 January 2005 - 09:11 PM

On purpose?  No.  Amused at the irony?  Yes.
Dual 2.5 GHz G5-RADEON X800 -4 GB RAM-Revo 7.1
MBP 2.0GHz -Mobility RADEON X1600-2 GB RAM

#150 Prometheus

Prometheus

    Legendary

  • Members
  • PipPipPipPipPip
  • 642 posts
  • Location:California (I Wish)

Posted 09 January 2005 - 02:32 PM

gosh!
You guys keep changing the forum and i cannot get used to it...
but each time you change it i end up liking it more.
:huh:  :D
The new forum seems to coincide with the main IMG site more now.
I <3 RJ