SECURITY FIX! Users using any version prior to 1.5.1

[Ratman]

Hey, I just fixed my 1.4.1 board and now I'm getting an error within the Admin Center, right on top of the Forum Preferences and Settings section I get a message: "Failed to make backup of Settings.php" which wasn't there before -- e.g. about 30 seconds before uploading the patched file. Has anyone got such an error or is it just me? Maybe I should upgrade to 1.5, but anyway...
Well, and I got 9 mails too, I think it's better safe than sorry!

[Alex Rolko]

just chmod your directory and files again.

[eknee]

I've just looked at my database and it seems fine.  What did this hacker do?  

And more importantly, what can I do to fix it?

Best,
Eric

[Peter Crouch]

Well considering I usually ignore most announcements the 9 emails pricked my interest enough to actually check it out, and heaven forbid, POST!!  

[Jeff Lewis]

Hehe welcome back for if even for a few moments

[Jeff Lewis]

For any of you that HAVE been hit by this, if you have access to your logs and can send me a block of them where the person did something stupid, please do send them my way...

[Patty]

Actually, I'm wondering the same as eknee ... I saw the "google" search and that IP in my logs on Friday, but nothing screwy happened to the board. I applied the patch, but what, if anything, did the hacker do beforehand?

Oh, and I've no problems with the multiple emails -- except that the link displays a blank page when I click it. Regardless, the multiple emails just drove the "UPGRADE NOW OR ELSE" point home. Thanks for letting everyone know about this.

[rickc]

what can they do to your board with this "leak"??
 

[[Unknown]]

what can they do to your board with this "leak"??
 

Anything and everything they want.

-[Unknown]

[Alan Roy]

What exactly did this fix fix?

[sensovision]

people if you get click from Google with keywords "Powered by YaBB SE" and nothing happen don't worry it was me(if you got member phoenix it's also me) or Mike, we just searching for forums check them for error and send alert e-mail to admin if forum was in danger we don't use info for anything more I give you my word. just ask your members if possible to change passwords as security measure it's good idea to change passwords from time to time anyway. and sorry once again if we scare anyone.

Actually, I'm wondering the same as eknee ... I saw the "google" search and that IP in my logs on Friday, but nothing screwy happened to the board. I applied the patch, but what, if anything, did the hacker do beforehand?

Oh, and I've no problems with the multiple emails -- except that the link displays a blank page when I click it. Regardless, the multiple emails just drove the "UPGRADE NOW OR ELSE" point home. Thanks for letting everyone know about this.

[tricky]

Hi jeff, its tricky from mp3dreaming, i'm afraid we were too late and like countless others we were hacked yesterday! the good news is that our host is also one of our admins and has the server logs! they deleted everything! luckily we have restored a server backup which took only a few minutes! i think this was passed around as the hackers that did us were hollandfxp, the real good news is we have all the details of the hacker from the server log, he was a member of our board and didn't even connect through a proxy? i was wondering what everyone else that got hacked is planning to do about it?

tricky

[Jeff Lewis]

Sorry to hear that...and from a member? Ugh, that bothers me so much...care to send a log block to me to look over?

[tricky]

hi jeff, its tricky from mp3dreaming,
we were not so lucky and got hacked yesterday! we have all the hackers details from the server logs, our host is also an admin on the board! the hackers were posting rammell about hollandfxp but is probably just a rouse? what are the rest of the ppl who got hacked doing about it?

is there someone collating ip info etc... the guy that hacked us was also a member of the board so we have a little history?

tricky

[Agelmar]

There are still some people who have not yet applied the patch ...

Jeff, perhaps you should add something into the .xml file that displays when you go to the admin center? Not all users of YSE are members of this board, but most will see the news in the .xml file displayed in the admin center...

edited for clairty