YaBB SE Community

YaBB SE Info => News From the YaBB SE Team => Topic started by: Jeff Lewis on February 02, 2003, 12:00:18 PM

Title: SECURITY FIX! MAKE THIS CHANGE!
Post by: Jeff Lewis on February 02, 2003, 12:00:18 PM
We sent out one email already and apparently some people are opting NOT to make this change and are now getting exploited...MAKE THIS FIX!

http://www.yabbse.org/community/index.php?board=9;action=display;threadid=17919 (http://www.yabbse.org/community/index.php?board=9;action=display;threadid=17919)
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: 7summits on February 02, 2003, 12:06:48 PM
errr, that's email and anouncement # 3 within an hour..
Someone exploiting Yabbse.org?
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Agelmar on February 02, 2003, 12:07:20 PM
Definitely make this change. It is very easy, the lines are near the top of the file, you won't even have to scroll down to see it most likely. This is a very important fix.

And to Jeff, I just got my 3rd email notifying me of this post... not sure if this was intentional or not, but just fyi...
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Agelmar on February 02, 2003, 12:08:04 PM
OK, I take it it I got 3 announcements in an hour for a reason. Hopefully nothing's being exploited and Jeff just wants to make sure people get the message...
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: andrea on February 02, 2003, 12:17:08 PM
Wow, currently online: 279 Guests, 108 Users

Hopefully everybody got the message now.  :)

Jeff, you should maybe lock these new 3 threads such that the discussion is focussed in the original thread.
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Agelmar on February 02, 2003, 12:24:31 PM
mmmm... you mean these 4 new threads?

Is this really Jeff doing this, or is someone having a bit of fun? I have to admit, the emails are starting to get a bit excessive...
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: andrea on February 02, 2003, 12:45:45 PM
Yeah in the meanwhile its already 4. Maybe not all were sent by Jeff...
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Robbie on February 02, 2003, 12:48:08 PM
and 5 it is!! :o
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Vagcmyevad on February 02, 2003, 01:00:45 PM
We get the message Jeff, 6's enough...
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Robbie on February 02, 2003, 01:09:18 PM
it's 7 by now!!
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Agelmar on February 02, 2003, 01:11:00 PM
Yes, 7 emails is waaaay too much. As I said, I'm all for security, but I am also for a nice and tidy inbox..
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Vagcmyevad on February 02, 2003, 01:18:46 PM
8. >:(
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Agelmar on February 02, 2003, 01:43:45 PM
Please Jeff, make it stop... is your NotifyUsersNewAnnouncement() looping infinitely or what?
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: orange on February 02, 2003, 01:44:22 PM
Well, this will achieve two things anyway:

(1) everyone will apply the security fix now
(2) everyone will disable e-mail announcements having recieved the 9 e-mails so far, so if there is something important in future no-one will know about it.

Ah well.
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Jeff Lewis on February 02, 2003, 03:39:19 PM
Oops sorry. I went out and I guess it looped or something...will have to see if soeone was messing with the code here for the mass mailings.

Maybe now at least people will apply this fix? It's very important and some people have choosen to ignore it and have been hit...
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: markd on February 02, 2003, 03:47:08 PM
Just to be on the safe side, we are running RC1.  We don't have to make this change/update or no?

thanx

p.s.  i know this aint the forum for it, but after we installed RC1, the javascript HTML and Smilies stopped working.

-markd
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: andrea on February 02, 2003, 04:08:06 PM

p.s.  i know this aint the forum for it, but after we installed RC1, the javascript HTML and Smilies stopped working.


Make sure you did upload the uubc.js in ASCII mode (not BINARY).
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: markd on February 02, 2003, 04:53:46 PM
Hehe.. it was my bad.. I never moved the new one from the upgrade package to the live directory - we were still on the old one from 1.5.0  :)

thanx
-markd
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Agelmar on February 02, 2003, 06:12:26 PM
LOL, I called it...

NotifyUsersNewAnnouncement(), our benevolent friend... all hail!
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: HollyRidge on February 02, 2003, 08:54:03 PM
Come on guys... 8 emails is a bit excessive... dont ya think???
Title: Re:SECURITY FIX! MAKE THIS CHANGE!
Post by: Jeff Lewis on February 02, 2003, 08:57:53 PM
Made you come didn't it?  :P

It was purely accidental, read the other thread for more info...