MyBB Community Forums 1.8 Support General Support v
Mybb security issue!

Threaded Mode
Not Solved Mybb security issue!
mhh_rabih Offline

Big Board Owner
Posts: 69
Threads: 24
Joined: Dec 2017
Reputation: 0
#1
Not Solved 2019-01-30, 02:57 PM (This post was last modified: 2019-01-30, 03:23 PM by mhh_rabih.)
Dear folks, 

Actually Im getting attack on mybb 1.8.19
Here how things appears: 

Member is offline, (user Cpanel) but he is online less than one min.
If i search logs of the same member, I see he is hitting unreadPosts:
this in the last few hrs for unreaded posts: 48876 55.93% 1215 4.39%    4.58 MiB GET  HTTP/1.1 /xmlhttp.php?action=unreadPosts_getUnreads&fid0

Over 500 members are effected with being offline and showing online less than one min.
Note that, there IP's still showing the original one!

Now, If I change any of these members password, he will not able to keep showing online less than a minute.

Also I would like to ask about task.php 
what is this file used for and is it normal for it to be accessed by forum visitors directly (I see it in access.log).

Kindly advice.
https://mhhauto.com
World's most trustworthy automotive forum!
Find
Reply
WallBB Offline

Contributor
Posts: 2,790
Threads: 60
Joined: Mar 2016
Reputation: 227
#2
Not Solved 2019-01-30, 04:43 PM
task.php should not be used by forum visitors, they won't be able to access it.

You are probably using unread posts plugin by Lucas. It might be possible that plugin may be vulnerable, can you try disabling the plugin for time being and see if you are getting same attack ? This seems like a case of DDOS to me.
- MyBB Heart
Find
Reply
mhh_rabih Offline

Big Board Owner
Posts: 69
Threads: 24
Joined: Dec 2017
Reputation: 0
#3
Not Solved 2019-01-30, 06:50 PM
I disabled/uninstall this plugin but no change!

URI /xmlhttp.php?action=unreadPosts_getUnreads&fid0

Still under attack!

Best regards.
https://mhhauto.com
World's most trustworthy automotive forum!
Find
Reply
frostschutz Offline

Contributor
Posts: 4,390
Threads: 63
Joined: Nov 2008
Reputation: 262
#4
Not Solved 2019-01-30, 08:14 PM (This post was last modified: 2019-01-30, 08:15 PM by frostschutz.)
This user has been denied support. This user has been denied support.
(2019-01-30, 02:57 PM)mhh_rabih Wrote: Also I would like to ask about task.php 
what is this file used for and is it normal for it to be accessed by forum visitors directly (I see it in access.log).

It's normal, it's how PHP task systems work in lieu of a real cron functionality. Tasks are run by piggy-backing on user visit requests. If nobody visits your site (or you remove task.php from the user templates), tasks will not run.


(2019-01-30, 06:50 PM)mhh_rabih Wrote: I disabled/uninstall this plugin but no change!

URI /xmlhttp.php?action=unreadPosts_getUnreads&fid0

Still under attack!

Best regards.

You can't stop people from sending requests to your webserver.

If you don't like it you have to start banning IP (on firewall or webserver level, not just in the admin cp).
Google SEO | Gravatar | Hooks | HTMLPurifier | Overview | Patches | PluginLibrary @ GitHub/frostschutz
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)