Warning! Please Read!

[mysticwarrior]

Officially the title was "Errors, bugs and the forum software!" but i changed, because the title needed some more important.

WARNING: Recently privatemessages from several members got deleted in the front of there eyes, there is a major possibility that this is done by a hacker. If found a major exploit, or security issue that could be responsible for the deleted messages. There is not enough evidence for it yet! So if you see your privatemessages being the deleted in the front of your eyes, or notice anything strange! Please let it know!!!

Now we really need to discuss, because something needs to happen. Maybe i can fix the problem, because in phpbb2.0.23 version, the security problem is solved. But let we first discuss what where going to do.


Old post:

The people who have read the second admin thread and the sex thread, could have seen, that the forum (very old)software had bugs, that did cause some misunderstandings. This may not suppose to be the meaning of an forum and are problems that really need to be solved or made clear.

People also mentioned that strange things did happen, like private messages that disappear out of nowhere and accounts and posts that are suddenly deleted. This made people think about that the forum maybe could have been hacked. I have some experience with php programming(a program language that's used to program this forum software) and also have some knowledge about hacking.

I also pointed out in another thread, that it wasn't most likely that we got hacked. When you understand what programming really is all about, then you understand why sometime strange things happen because of bugs and mistakes caused by an programmer. I will give you an example of such an event:

Someone told me, that a certain account was deleted and that his topics also disappeared. Well that's a strange thing isn't it? Because normally a person can't delete his account. Lucky enough, the person who told me this, gave me quit some details and i directly understood what had happened. I wish i could explain this in details, but it's better that no one knows how to delete there own account with all his posts together. But believe me, the person it self had made a small mistake and he never could have expected that this action could lead to an deleted account.

The reason why i am opening this thread, is because i don't think it's a good thing that members getting paranoid or having the idea, that using this forum is a dangerous thing. Such things, can in my opinion heart the community.

So if you experiencing strange things, like suddenly deleted private messages or you own posts that got edited, please post it over here in this thread, so we can research what's really going on and what exactly really did happen. In this way, i hope at least we can make some problems clear, that can heart the community or make user run away from the forum.

Ps. it could be that i will edit this post a little, to make things more clear.[/size]

 

[GOD]

"Sorry, but the maximum filesize for all Attachments in your Private Message Folder has been reached. Please delete some of your received/sent Attachments."

This keeps apearing and it pisses me off as i dont have any atachments and would like to add things sometimes to my PMs . Can you fix it ?

 

[druglessdouglas]

"Sorry, but the maximum filesize for all Attachments in your Private Message Folder has been reached. Please delete some of your received/sent Attachments."

This keeps apearing and it pisses me off as i dont have any atachments and would like to add things sometimes to my PMs . Can you fix it ?

Ditto

 

[mysticwarrior]

I take a look at it tomorrow, it's getting to late now and Psychonaut.com does have a HUGE problem! It seems that mail can be deleted by an major exploit. This is no joke! It effects almost all the phpbb2 versions...... And probably also the 2.0.16 version.

I think there should be announcement, and we really need to find out how many people find there deleted messages in there posts, because this looks really suspicious. We need to warn everyone, or even shut the private messages down! This is really not good, because it's to damn easy to be true. It don't say, we have been attacked because we don't have enough proof for it. But every one must be warned!!

So please people, if your messages are getting deleted but, not by you, let it now. Tomorrow i do some more research about it. And i also think we need to going to discuss about it.

 

[mysticwarrior]

Ohw and it's about time to start kicking my ass

That's what i call an strange thing! But still i am quit sure, that it isn't caused by an hacker. So to find out, i need to have more details about what you exactly did and what you where doing on the computer beside using an web browser. Because you also said that your computer got an blue screen. This is not an error that would normally be caused because you use an web browser. These are problems are two different things, and there can be many reasons why it could have occur.

 

[GOD]

THAT MEANS I AM TOTALY CLEARED . Every thing i thought and said could have been caused by that and thats why we had so much trouble understanding us all over the last few weeks . The puzle is solved , there are no mysterys .


I want a carrot .




No ones going to kick your arse you solved the problem

 

[Forkbender]

I had only 1 disappearing message. It happened half a year (?) ago and I only asked the person who sent it to send it again, didn't think much of it back then. If it happens again, I will let you know.

I made a permanent anouncement out of this thread, just so that it stays on the top of the subforum and people will see it regularly so they keep it in mind.

 

[mysticwarrior]

THAT MEANS I AM TOTALY CLEARED . Every thing i thought and said could have been caused by that and thats why we had so much trouble understanding us all over the last few weeks . The puzle is solved , there are no mysterys .


I want a carrot .




No ones going to kick your arse you solved the problem

Hehehe, i already did see you in the front of my eyes jumping with your ass from your chair and dancing the rain dance And i have to say, it freaks me out, if i use my iq and special ET empathy forces :twisted:

But let's get to the point, the issue is only about the private messages, but it serious issue tough, because the exploit i found, enables someone to delete your complete inbox. If this is already possible, then we need to start do something about it. We can't prove that we are attacked yet, because there are not enough people complaining about disappearing messages.... The ones that did got deleted, could have been the cause of some weird bug. But if we where attacked, it indeed would at least explain some of the problems.

There are two options, or the site owner takes his responsibility, or otherwise we need to solve the issue our selfs. I could for example try, to update the forum to 2.0.23, then lots of the bugs and security issues we have are already been solved. Or we do start with an upgrade and launch phpbb3.0 without a frontpage. The upgrade to phpbb3.0 would change everything radically and i first have to see, if we can integrate the old database into the database of phpbb3.0.

Fork or caducues, who's going to discuss it with the site owners? I could try to send them an email to find out what there thoughts are about this issue.

Ohw and uhhhhhh, GOD i have thought about it a long time. But i have to be honest with you, so i decided to give you a special carot! You can even put in some green socks

 

[GOD]

Thanks for the carot , i shall go and buy some vasaline .

The thing with the PMs . Its been said by several people that PMs get sent and dont arive . I think Star did a thread about it a few months ago . Its hard to judge if PMs realy do reach people because just because they dont answered doesnt mean the didnt get the PM...... = I`m used to people ignoring my PMs .

I dont have a chair as with my intelligence i`d rather sit on the floor because even i cant fall off that............

 

[mysticwarrior]

Thanks for the carot , i shall go and buy some vasaline .

The thing with the PMs . Its been said by several people that PMs get sent and dont arive . I think Star did a thread about it a few months ago . Its hard to judge if PMs realy do reach people because just because they dont answered doesnt mean the didnt get the PM...... = I`m used to people ignoring my PMs .

I dont have a chair as with my intelligence i`d rather sit on the floor because even i cant fall off that............

I hope the vaseline works, because i heart that those carot's like to have a hard time on people, especially people who complain about green socks.....

But yeah, i think you get my point. In the past, i talked to really to many people in my life, that told me they where hacked etc. While they just caused the problem by them self. And since hacking is a really difficult thing to understand, most of the times, it will be the last thing that really did happen.

But i can't blame people for it, because you really need to understand a lot about how software is build, and how computers process the code. To reach a certain level of understanding, requires already a learning process that cost lots of time. If we take a look at REAL hackers, we find really smart people(i am not one of them, i wish i where ) that won't just attack every site. Yet, there are kids out there, who are attacking random sites with exploits that they downloaded from the internet, just for the fun. Of course it happens to much that sites get attacked, so we need to act before such fucking nasty kid, could even have the change, to destroys an very important source of information, which you wouldn't find easy on the internet.

 

[dennis1978]

damn,

i think pm's are not getting send as we speak.
They end up in the "out" box, not the "sent" box.

crap.

 

[JustinNed]

If a hacker is the case let's just hope it's independent and not informant. I'd suggest cleaning anything up you made need to in PMs until it gets sorted out.

 

[Caduceus Mercurius]

Officially the title was "Errors, bugs and the forum software!" but i changed, because the title needed some more important.

I still think the original title was better. Don't cause panic unnecessarily.

WARNING: Recently privatemessages from several members got deleted in the front of there eyes,

We're not sure if they got deleted, and as far as recent events are concerned I've heard of only one or two members who lost a PM.

 

[mysticwarrior]

Officially the title was "Errors, bugs and the forum software!" but i changed, because the title needed some more important.

I still think the original title was better. Don't cause panic unnecessarily.

WARNING: Recently privatemessages from several members got deleted in the front of there eyes,

We're not sure if they got deleted, and as far as recent events are concerned I've heard of only one or two members who lost a PM.

Alright, maybe we still are not attacked yet. But today someone contacted me, and if i have to believe his words, the security is even more worse then i thought it would be or had expected it to be. Maybe it causes a little panic, but it wasn't my intention.

I do think, we directly need a backup of the complete forum. If some script kiddy attacks us right now, then we might have a huge problem.

 

[Forkbender]

Yes, backup please.

Can you ask it at the office, tomorrow, CM?

 

[JustinNed]

Yes, backup please.

Can you ask it at the office, tomorrow, CM?

+1

 

[restin]

Can I sell you some very very cheap viagra, sir? :lol:

(sorry I realize the situation is serious...)

 

[mysticwarrior]

Can I sell you some very very cheap viagra, sir? :lol:

(sorry I realize the situation is serious...)

not yet needed

 

[Caduceus Mercurius]

Yes, backup please.

Can you ask it at the office, tomorrow, CM?

I think I can do a backup in the phpbb control screen, there's a page that says:

Database Utilities : Backup

Here you can back up all your phpBB-related data. If you have any additional custom tables in the same database with phpBB that you would like to back up as well, please enter their names, separated by commas, in the Additional Tables textbox below. If your server supports it you may also gzip-compress the file to reduce its size before download.

I don't know about the Joomla part yet.

 

[dennis1978]

But when you backup like that, remove them from the site!

Anyone using the same configuration as you do can easily guess where you
keep the backups and then steal them.

A better way to backup is to export databases with phpMyAdmin or something at the host, then you can backup both bb and joomla that way. Also, they get exported in a way you can import them with one click if needed later on.