Abbadon93 Wrote:Thanks for the upgrade.
Here are a few suggestions from a total newbie in MyBB management :
- I tried the patch plugin to upgrade from 1.2.6 to 1.2.9. As there is nowhere an information which say how to use it... it wasn't useful, but it is a really good idea as a patch to upgrade MyBB is the easiest way for everybody.
- So, I put the complete 1.2.9 zip and launch the upgrade page. I guess it works BUT, when I use the version check, it write that it is always 1.2.6.
Anyway, thanks for your great work.
The plugin only temporarily patches the security vulnerability until you can fully update the files. It won't perform the entire upgrade process for you.
Abbadon93 Wrote:Thanks for the upgrade.
Here are a few suggestions from a total newbie in MyBB management :
- I tried the patch plugin to upgrade from 1.2.6 to 1.2.9. As there is nowhere an information which say how to use it... it wasn't useful, but it is a really good idea as a patch to upgrade MyBB is the easiest way for everybody.
- So, I put the complete 1.2.9 zip and launch the upgrade page. I guess it works BUT, when I use the version check, it write that it is always 1.2.6.
Anyway, thanks for your great work.
Then you didn't override all the files.
The patch plugin will ONLY protect you from this one vulnerability. By only use the plugin your still vulnerable to other vulnerabilities because you haven't upgraded all the way.
it's working so far... and will continue that way
Q1. How can I find out that somebody tried to hack my page??
Q2. Ofcourse I update the Important Security Update and the plugin.
About the plugin one question it said upload -activate - and
delete and then???
spinning Wrote:Q1. How can I find out that somebody tried to hack my page??
Q2. Ofcourse I update the Important Security Update and the plugin.
About the plugin one question it said upload -activate - and
delete and then???
Q1:
Chris Boulton Wrote:Quote:What if some other mybb users have been affected already? Is there a way for the rest of the community to know? If we are affected already, will the security patch still work? If we are already affected, what should we do?
The best thing for you to do is to change your Administrator password, and if you for some reason used the same database password/ftp password etc then change those too.
Also - if you'd like you can run the MyBB 1.2.3 vulnerability scanner to see if for some reason a file was uploaded to a place it shouldn't be: http://community.mybboard.net/showthread...#pid120546
Q2: No don't delete the plugin. You upload and activate it.
Quote:Q2: No don't delete the plugin. You upload and activate it.
I read delete the file so I delete the php file
Quote:This plugin patches the 1.2.9 security patch only. Please remove this plugin once you have fully upgraded to the latest version.
spinning Wrote:Quote:Q2: No don't delete the plugin. You upload and activate it.
I read delete the file so I delete the php file
Quote:This plugin patches the 1.2.9 security patch only. Please remove this plugin once you have fully upgraded to the latest version.
Did you not read the part "once you have fully upgraded to the latest version". Using the plugin does NOT mean you've upgraded to the fullest version.
Sometimes English is hard for me, so I did replace the files ( mybb_129_changed_files.zip) and upload the pluging to the plugin manager and activate it that all, more I did not.
Ow and I think my forum is clean by testing nothing was found, I am gonna change my password
Upgraded all my sites..no problems. Took me about 15 minutes. Thanks for finding and releasing this security update so quickly.
To those that don't know how to upgrade from old versions. Feel free to PM me and I will try to assist. Basically if you are on 1.2.8 you simply upload the files to overwrite your existing ones. No upgrade.php to run. That's only needed when database or template changes are required. If you are on a previous version you should FIRST upgrade to 1.2.8 then upgrade to 1.2.9. At least that's my opinion. The 1.2.8 upgrade is fairly straight forward with only a lot of files to upload then you run the upgrade script.
spinning Wrote:Sometimes English is hard for me, so I did replace the files ( mybb_129_changed_files.zip) and upload the pluging to the plugin manager and activate it that all, more I did not.
Ow and I think my forum is clean by testing nothing was found, I am gonna change my password
If you replaced the files in the zip on your server, then you do not need the plugin.