Continued Server issues

Post by **Lanji** » Thu Jun 23, 2005 11:49 am

Greetings everyone, sorry for the problems, but I'm currently in Boston on business and getting slammed every few hours by this problem.

What's happening is someone has found a way to get into phpBB on older boards on the server and basically load a simple spam sending file. The spam file basically takes over all of the CPU and shuts down mySQL in the process, which causes everything else to go down.

While I'm trying to get this fixed, I'm unfortinatly able to shutdown everyone that needs shutdown due to other agreements I have made.

So unfortinatly the MRC has to suffer at this time until I'm back in Wyoming.

BTW, I missed my flight this morning, so its going to be a few extra hours or even an extra day before I can do anything about this seriously.

For now I have placed tighter restrictions on the /tmp directory, but that's only working a little so far.

Also, everyone give Xuric a huge thanks for doing his best without Root right now!! He's been a huge help.

Blue Phoenix · Post by **Blue Phoenix** » Thu Jun 23, 2005 6:15 pm

Thanks xuric! Thanks Lanji!

Have a fun flight, and good luck with the php doohikies

Sabre · Post by **Sabre** » Thu Jun 23, 2005 9:40 pm

Thanks Xuric. You rock!!

NightLance · Post by **NightLance** » Thu Jun 23, 2005 9:53 pm

Xuric pwns with this. o.o

MasumiX · Post by **MasumiX** » Fri Jun 24, 2005 2:12 am

... now if we could only house train him ...

Blue Phoenix · Post by **Blue Phoenix** » Fri Jun 24, 2005 7:00 am

Oh!.....So that wasn't applejuice?

Kai · Post by **Kai** » Fri Jun 24, 2005 11:26 am

If you think it will help, you are welcome to kill anything from WT on the server until you get back

Post by **Lanji** » Mon Jul 25, 2005 11:04 pm

Another quick update, we've upgraded to phpBB 2.0.17 the "lets hope that the phpBB group gets their act together upgrade."

Thanks,
-Lanji

Shimmernet · Post by **Shimmernet** » Tue Jul 26, 2005 1:44 pm

"lets hope that the phpBB group gets their act together upgrade."

What does that mean exactly? Has there been a lot of holes in their updates lately? I always thought of coders as these celestial beings out of the reach of mere mortals. I do know however that bad software compared to good software either makes or breaks my day.

Post by **Lanji** » Tue Jul 26, 2005 7:28 pm

phpBB as one of the top free (GNU) applications on the Internet is used heavily by just about anyone that wants a free message board, and doesn't want to used a restricted license board, or a board with fewer features.

As a peice of software with source code available, its easier for hackers and script kiddies alike to figure out how to make trouble with it.

Part of my comment though is that over the last two months there have been 3 major security related upgrades, 2.0.15, 2.0.16 and 2.0.17, which is the version we are on now. Keeping up with these upgrades is very time consuming, and takes a serious chuck out of time I would be spending doing other projects.

But, such is life. But that still doesn't mean that I don't think the phpBB people shouldn't increase their staff, and speed forward a little bit on getting these simular problems fixed. (All three recent upgrades had to do with cross-site scripting problems.)

Shimmernet · Post by **Shimmernet** » Wed Jul 27, 2005 7:11 am

Wow, I never had an idea phpBB was open source or one of the projects under the GNU liscense. That's cool, I always thought they where a for profit business. I've been to their official forums once or twice when I was trying to figure out how to indent text. I noticed this board had a lot of plugins compared to the other phpBB boards I've been at. The Character Post ID is the most unique feature I've seen.

Yeah this forum must use a SQL server right? The entire database must be taken down so it must be a long process. Thanks for explaining it to me.

Kai · Post by **Kai** » Mon Aug 01, 2005 9:05 am

Heh, actually the MRC is rather tame in regards to hacks, there's an entire site dedicated to it, I've written 6 or 7 myself

Post by **Xuric** » Mon Aug 01, 2005 1:59 pm

You've written 6 or 7 hacks?

Kai · Post by **Kai** » Mon Aug 01, 2005 2:42 pm

Oh right, the PC police at the official site have decided to call them Mods now, haven't they? Add-ons, improvements, extras, hacks

Post by **Xuric** » Mon Aug 01, 2005 4:51 pm

oh, phpbbhacks.com ... I'm familiar with them. Heh, the other meaning of "hack." The kind I do.

Kai · Post by **Kai** » Tue Aug 02, 2005 9:04 am

Sorry, must have slipped into techspeak there

Me and the official site had a uh..little falling out in regards to their policies for approval like in the 1.4 days, I haven't bothered with them other than grabbing point updates in years. They will always be hacks, and exploits will be exploits. Course phpbbhacks.com might hate me now cause I never did finish Account Switch 2.0. Sigh.