2011-07-29, 11:41 AM
as i type this message, my forum is beeing hacked... i knew i shouldn't have updated to 1.6. .. oh maÄ%ÖL$$##'§%$""32432424nn...
i was chatting and someone told me, that "hihi" text appears for a short moment before showing the thread page...
picture1: the "hihi" are the first bytes of the page, BEFORE the doctype appears...
and a few MOMENTS later: picture 2
now it says "hihihi" .. so something is hacking my sh*t RIGHT NOW....
it seems that stuff only worked on the "show thread" page..
i checked the templates (doctype, headerinclude etc) and this "hihi" was NOWHERE in it ...
i quickly set my board to "closed" .. and now, the "hihi" or "hihihi" doesn't appear anymore.. so it seems they changed it back, even after i closed the board...
--
i can access today's http logs only by tomorrow, i will see what they did... F*CK .. and i thought 1.6 had outgrown at least the most basic exploits... oh darn, am i angry.
-UPDATE:
Problem solved, sorry for panicking too much, I was sure someone changed the live content of my pages... that pretty much turned off the better half of my brain -.-
It seems a plugin was the culprit, which managed to put out several instances of "hi" as a forgotten debug code. I don't know why it has never appeared before, but since i phyically squashed this thing now, everything seems good. the "hihi" output appears no more.
I changed the topic title to something more appropriate
i was chatting and someone told me, that "hihi" text appears for a short moment before showing the thread page...
picture1: the "hihi" are the first bytes of the page, BEFORE the doctype appears...
and a few MOMENTS later: picture 2
now it says "hihihi" .. so something is hacking my sh*t RIGHT NOW....
it seems that stuff only worked on the "show thread" page..
i checked the templates (doctype, headerinclude etc) and this "hihi" was NOWHERE in it ...
i quickly set my board to "closed" .. and now, the "hihi" or "hihihi" doesn't appear anymore.. so it seems they changed it back, even after i closed the board...
--
i can access today's http logs only by tomorrow, i will see what they did... F*CK .. and i thought 1.6 had outgrown at least the most basic exploits... oh darn, am i angry.
-UPDATE:
Problem solved, sorry for panicking too much, I was sure someone changed the live content of my pages... that pretty much turned off the better half of my brain -.-
It seems a plugin was the culprit, which managed to put out several instances of "hi" as a forgotten debug code. I don't know why it has never appeared before, but since i phyically squashed this thing now, everything seems good. the "hihi" output appears no more.
I changed the topic title to something more appropriate