Current time: 04-24-2014, 03:32 PM Hello There, Guest! (LoginRegister)


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
MyBB 0-Day? WTF?
09-14-2013, 06:52 PM
Post: #1
MyBB 0-Day? WTF?
I have a forum that is EXTREMELY locked down, as it's run on a secure VPS and managed by IT professionals and overlooked by me.

And yet some guy named "Team LNXRoot" from lnxroot.org somehow is posting threads from an account that isn't even registered, saying that he hacked my database.

WTF?

<snip - spam>
Find all posts by this user
Quote this message in a reply
09-14-2013, 06:58 PM
Post: #2
RE: MyBB 0-Day? WTF?
Hello,

I am sorry I made some mistake and denied you, it's sorted now.

Can you post your forum url here? Are you only one who has access to VPS, and you're only admin?

Jovan J.
MyBB Support Technician


Visit this user's website Find all posts by this user
Quote this message in a reply
09-14-2013, 06:59 PM
Post: #3
RE: MyBB 0-Day? WTF?
(09-14-2013 06:58 PM)Jovan J. Wrote:  Hello,

I am sorry I made some mistake and denied you, it's sorted now.

Can you post your forum url here? Are you only one who has access to VPS, and you're only admin?

I just took the forum offline for the moment to make it stop. And I have 2 fellow administrators, but I've known them for years personally and they wouldn't do this.

I can post screenshots and logs.

The IP it's from is 117.237.49.156

<snip - spam>
Find all posts by this user
Quote this message in a reply
09-14-2013, 07:15 PM
Post: #4
RE: MyBB 0-Day? WTF?
What plugins are you running? I'd be surprised if it were a major issue within the core as we normally hear about things like that pretty quickly.

Visit this user's website Find all posts by this user
Quote this message in a reply
09-14-2013, 08:06 PM
Post: #5
RE: MyBB 0-Day? WTF?
It turns out the perpetrator changed their user agent to Googlebot so he could post, because we have Googlebot set as a registered member for SEO purposes.

<snip - spam>
Find all posts by this user
Quote this message in a reply
09-14-2013, 09:58 PM (This post was last modified: 09-14-2013 09:59 PM by Josh H..)
Post: #6
RE: MyBB 0-Day? WTF?
(09-14-2013 08:06 PM)Paradox21 Wrote:  It turns out the perpetrator changed their user agent to Googlebot so he could post, because we have Googlebot set as a registered member for SEO purposes.

That's actually really intelligent. Wonder if we could check to see if googlebot is really googlebot by checking to see if it's within Google's IP ranges.

Edit: Then again, Googlebot shouldn't be in the registered group. Should have a separate group for that.

Latest YT Vid: COD eSports Updates
Nathan Malcolm Wrote:* Nathan Malcolm likes how Facebook sent him a white page and a "500 OK" response code
* Nathan Malcolm says "No facebook, that is not OK."
Visit this user's website Find all posts by this user
Quote this message in a reply
09-15-2013, 03:55 AM (This post was last modified: 09-15-2013 03:56 AM by brad-t.)
Post: #7
RE: MyBB 0-Day? WTF?
(09-14-2013 08:06 PM)Paradox21 Wrote:  It turns out the perpetrator changed their user agent to Googlebot so he could post, because we have Googlebot set as a registered member for SEO purposes.

Very glad you induced panic by postulating there was a Zero Day when really you and your IT professionals just made a stupid permission error. Thanks.

Publicly posting that there is a major security flaw in MyBB without any evidence should be grounds for suspension. This happens way too often.

HARAJUJU.net / MyBB Humanization Project
Visit this user's website Find all posts by this user
Quote this message in a reply
09-16-2013, 12:21 AM
Post: #8
RE: MyBB 0-Day? WTF?
(09-15-2013 03:55 AM)brad-t Wrote:  
(09-14-2013 08:06 PM)Paradox21 Wrote:  It turns out the perpetrator changed their user agent to Googlebot so he could post, because we have Googlebot set as a registered member for SEO purposes.

Very glad you induced panic by postulating there was a Zero Day when really you and your IT professionals just made a stupid permission error. Thanks.

Publicly posting that there is a major security flaw in MyBB without any evidence should be grounds for suspension. This happens way too often.

I concur.

[Image: an-logo.png]
Radio Asperger
Last Blog Article: Why We Went Down
Find all posts by this user
Quote this message in a reply
09-16-2013, 12:57 AM
Post: #9
RE: MyBB 0-Day? WTF?
(09-15-2013 03:55 AM)brad-t Wrote:  Publicly posting that there is a major security flaw in MyBB without any evidence should be grounds for suspension.

Evidence or not, major security flaws should be discussed with a team member privately. If this were an actually vulnerability OP would have been helping to educate any nefarious person reading this.

Advanced Sidebox - MentionMe - YourCode - QuickMerge
Visit this user's website Find all posts by this user
Quote this message in a reply
09-16-2013, 07:07 PM
Post: #10
RE: MyBB 0-Day? WTF?
By default, Spiders / Bots are in the "Guests" user group (read most everywhere, posting denied most everywhere). I create a separate group for Spiders where I can more closely regulate their permissions. This thread shows that maybe this should be the default setup.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication