vb.org Archive
Page 15 of 37 « First 51314 15 161725 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Major Additions - VB image Hosting (https://vborg.vbsupport.ru/showthread.php?t=123481)

oatsy 02-26-2007 10:20 AM
Sorry, for some reason I was thinking there'd be a change log here to show reasons for updating from 1.3.1 to 1.4.1 or this current version. Just realised 1.3.1 was for VB 3.5 and the changelog is in there ok.

Looks as though one of the mods was indeed to prevent non-image files being uploaded. I'd be grateful if someone could confirm this could well have been my problem but that this current version is safe?

Thanks

digital3 02-28-2007 02:54 PM
Quote:
Originally Posted by flypaper (Post 1190606)
^You people (or your host) are doing something wrong. It isn't the hack...

Well, It's my server but if you see any reason why I get a blank page after trying to upload images here I am all ears

digital3 02-28-2007 03:07 PM
Never mind I fixed it. The memory limit in php was set too low.

fly 02-28-2007 03:34 PM
Quote:
Originally Posted by oatsy (Post 1190978)
Had a 3.6.4 forum hacked (as in Turkish hackers, not as in a deliberate VB mod) a couple of days ago with a hack called cmdhack, and there are some signs that it came in through a previous version of Image Hosting - version 1.3.1. I was looking here to see what the most current version is. I see 1.3.1 is outdated but I'm not sure if the recent updates change anything about security (if indeed Image Hosting was the way they got in.

The reason I think Image Hosting may have been the route in is because there were 3 new files appeared in the 'imagehosting' directory at about the time the site was hacked. There should only be image files and an index.html (with nothing in it) in there, but we had a new index file plus 2 php files. Couldn't open any of them by ftp for editing - access denied. We were able to delete the folder and replace it with a backup and the forums are up and running again now once we fixed the problem in the db - see below.

I'm still puzzled about how those files got there though. The Image Hosting feature is set to a) only accept jpg, gif, png, and bmp files. I've tried txt files etc and it won't accept them. b) only trusted members of the forum are enabled on the Image Hosting system - general public don't have permissions. All forums have HTML disabled.

I've disabled the Image Hosting hack from all users for now. I'd appreciate any thoughts on how this might have happened. Can a script be disguised as an image file? Could one of the trusted members have innocently uploaded what he thought was a clean image file but was actually the hacker's script?

I'd like to keep Image Hosting on the site because it's a terrific hack.

What happens with this cmdhack is that as soon as the forums try to load you get redirected straight to a page on the hackers site ('Turkish Hackers blah blah' rubbish).

If you do get caught with it, it's easy to get rid off as long as you have access to phpmyadmin:

Long story short ... the hack changed a couple of fields in the top level publicly accessible forum (the Category in other words). The Title field text was replaced with a refresh command and the description field had the URL details to the hackers page. As soon as the forums load the refresh/redirect command kicks you to the hackers URL after a second or two.

No new pages were added to the site - the 'You've been hacked' page was on the hackers remote site. Easy enough to fix by going into phpmyadmin, listing the 'forum' table and look for the forum that has the wrong info in it. Replace the hackers text with the correct text and off you go. You can't edit it in the admin cp because as soon as you try to list the forums in Forum Manager the redirect kicks in again.

Thanks
Wow. I wonder how files are checked before being uploaded. This is NOT good.

digital3 02-28-2007 04:00 PM
The funny part is that hackers don't even have to check to see who has what mods installed. LOL They just come here, look in these threads and then hammer us :).

Been Told 02-28-2007 04:38 PM
Quote:
Originally Posted by digital3 (Post 1192723)
The funny part is that hackers don't even have to check to see who has what mods installed. LOL They just come here, look in these threads and then hammer us :).
How can they, if you don't have your site's URL in the profile (which I do not, for that very reason)...

Very nice hack by the way!
But I'm unsure about installing this - maybe the developer can make a statement in regards to what oatsy said? That'd make my decision easier.

dip1232001 03-01-2007 12:51 PM
Quote:
Warning: imagecreatefromjpeg(/home/user/public_html/imagehosting/145e6e6fc5ab1f.jpg) [function.imagecreatefromjpeg]: failed to open stream: No such file or directory in /includes/vbimghost_include.php on line 175

Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 176

Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 176

Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /includes/vbimghost_include.php on line 176

Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177

Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177

Warning: imagecopy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 177

Warning: imagecolorallocate(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 189

Warning: imagesx(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 198

Warning: imagesy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 199

Warning: imagestring(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 201

Warning: imagejpeg(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 209

Warning: imagedestroy(): supplied argument is not a valid Image resource in /includes/vbimghost_include.php on line 210
these are the errors i am getting though the images are uploading ....and it happened when i edit the setting of the image host and uploaded i just increased the dimention and the image size.....

Merriweather 03-02-2007 02:53 AM
Quote:
Originally Posted by Been Told (Post 1192741)
But I'm unsure about installing this - maybe the developer can make a statement in regards to what oatsy said? That'd make my decision easier.
The developer has not posted since early December 2006 and has ignored a PM I sent for support on this mod. My guess is that it is no longer supported.

Without knowing what file the hackers used and how the files got there, I think it's unfair to assume it was the cause of this mod, though I also respect the need for clarification on the mod's security.

I have tested my personal installation of this mod and am not able to upload a .php, .html or .htaccess file.

My guess is that the hackers hit oatsey some other way, and that the folder holding oatsey's hosted images has been CHMODED to 777 (all permissions to all groups) which in itself is a security risk. You're better off using 755. On a shared server, nothing should ever be world-writable with mode 666 or 777. Doing so can potentially allows other users of the server to change your files. A hacker may have uploaded a bona-fide image file through the mod and then hacked the file through the server, which is not a problem with the mod itself.

Of course, I have no proof of this, but in my experience, you cannot use this mod to upload anything other than images.

EvilLestat 03-02-2007 09:27 PM
QUITE nice. Thank you VERY much for such an excellet hack.

This has made my forums very happy.

OffRoadManiac 03-02-2007 10:32 PM
will this work with 3.6.5?

KiraLove 03-03-2007 12:26 AM
OffRoadManiac I don't know but I am going to try. It looks great, I just hope it doesn't open a security hole and let hackers in like the one person said. :-/

katilkuzu 03-04-2007 03:29 AM
Quote:
Originally Posted by OffRoadManiac (Post 1194473)
will this work with 3.6.5?
yes it is working on my 3.6.5

imported_killer 03-04-2007 06:36 PM
how i can apply it to my custome style .. plz
btw : it's work fine with default style ..

Merriweather 03-06-2007 03:36 AM
Know that if you delete a member, you then have a bunch of photos assigned to "Guest" that show on the member photo page but can't be accessed. You have to go in the AdminCP and manually delete them. Since there's no username associated with them, you have to look at AL photos and just find them, it's a real pain. It's be great if there was some maintenance utility to remove all images not associated with a user or something. :)

Distance 03-07-2007 06:08 PM
Hey i installed this but its not watermarking the images when it has a . in the text

Also when i delete the images from the image host it doesnt delete them from the ftp??

Distance

aacircle 03-08-2007 10:32 PM
When I upload a png the background turns black. It's done this to me before and I thought that I just needed to redo the render I've redone it 4 times and it still does the black background. The render went perfectly into the photopost gallery but yet still gave me problems when I tried to use imagehost.

Is there a fix for this bug?

Thank you.

fly 03-08-2007 11:42 PM
Quote:
Originally Posted by aacircle (Post 1199177)
When I upload a png the background turns black. It's done this to me before and I thought that I just needed to redo the render I've redone it 4 times and it still does the black background. The render went perfectly into the photopost gallery but yet still gave me problems when I tried to use imagehost.

Is there a fix for this bug?

Thank you.
I would say that its pretty much impossible that an upload script is adjusting the colors of your image.

aacircle 03-08-2007 11:52 PM
If you use imagehost, would you be able to confirm if you have this same problem by uploading a .png file?

Thanks.

Merjawy 03-09-2007 05:33 AM
Thanks for the hack.. its very nice

I did test .png and I had no problem with it.. did not change anything on image or background

Merjawy 03-09-2007 05:42 AM
Quote:
Originally Posted by Distance (Post 1198207)
Hey i installed this but its not watermarking the images when it has a . in the text

Also when i delete the images from the image host it doesnt delete them from the ftp??

Distance

works fine here.. I have my domain xxxxxxxx.com as my text watermark and it puts it on just like it is

and deleting image, will delete file from directory

aacircle 03-09-2007 06:08 AM
Ok... thanks for trying. Much appreciated.

Cheers.

RedGTiVR6 03-09-2007 01:29 PM
Installed!

This is an incredibly well thought out modification!

kudos!

*marks installed* *rates mod*

BaconDelight 03-09-2007 03:39 PM
Quote:
Originally Posted by aacircle (Post 1199209)
If you use imagehost, would you be able to confirm if you have this same problem by uploading a .png file?

Thanks.
I would guess that your image has a transparent background and the black you're seeing is the page background, not an image background.

You can confirm this by right clicking the image after it's been uploaded, selecting "copy image location" and pasting that into the address bar. Is the background still black?

Ranma2k 03-10-2007 08:53 AM
Hi everyone .
I'm sorry i was away lately but i really had big issues in real life concerning work/ financial things

now with everything is back to normal I'm going to continue working on it ..
i have setup a test env for the software and currently I'm working on having all the issues resolved

So in order to set the goal for the new ver ( 2.0) it should have :

1- Multiple storing system ( Local host / remote host ) can only use one !
2- Add-on En/Disabling system
3- Comment/rating system
4- Personal Folders ( ability for each user to create folders )
5- fixing the issues with the current versions.

If anyone have any addition to this list please Write it in a well documented way including the reason and they way he want it . so it would be easy for all of us to understand.

Thanks all

aacircle 03-10-2007 09:13 AM
Good to have you back Ranma2k! Our members really love your hack very much. Thanks a million!

RedGTiVR6 03-10-2007 11:02 AM
oh - btw - this is one of the best install pages I've seen in a hack ever!

*nominated for MOTM*

fly 03-10-2007 12:05 PM
Quote:
Originally Posted by Ranma2k (Post 1200061)
Hi everyone .
I'm sorry i was away lately but i really had big issues in real life concerning work/ financial things

now with everything is back to normal I'm going to continue working on it ..
i have setup a test env for the software and currently I'm working on having all the issues resolved

So in order to set the goal for the new ver ( 2.0) it should have :

1- Multiple storing system ( Local host / remote host ) can only use one !
2- Add-on En/Disabling system
3- Comment/rating system
4- Personal Folders ( ability for each user to create folders )
5- fixing the issues with the current versions.

If anyone have any addition to this list please Write it in a well documented way including the reason and they way he want it . so it would be easy for all of us to understand.

Thanks all
Sweet Jesus, good to see you man. Hope all is well now.

Distance 03-10-2007 12:27 PM
Quote:
Originally Posted by Merjawy (Post 1199348)
works fine here.. I have my domain xxxxxxxx.com as my text watermark and it puts it on just like it is

and deleting image, will delete file from directory
How strange... it removes it now..

However it doesnt watermark bmp's or animated gifs by the looks of it

imported_killer 03-10-2007 02:56 PM
Sorry guys For dumb question .. but
I did all the steps in the manual and when i try to upload image this messsage is appear :

you don't have permission

plz anyone help me .. cuz i need this hack

thanks in advanced .

blind-eddie 03-10-2007 05:45 PM
admincp/usergroups/pick your usergroup & edit your permissions

Distance 03-10-2007 07:32 PM
Quote:
Originally Posted by Distance (Post 1200166)
It doesnt watermark bmp's or animated gifs by the looks of it
Also i get this error when uploading pngs..



Warning: imagepng() [function.imagepng]: gd-png: fatal libpng error: zlib error in /includes/vbimghost_include.php on line 204

Warning: imagepng() [function.imagepng]: gd-png error: setjmp returns error condition in /includes/vbimghost_include.php on line 204

Ranma2k 03-11-2007 04:57 AM
Quote:
Originally Posted by Distance (Post 1200421)
Also i get this error when uploading pngs..



Warning: imagepng() [function.imagepng]: gd-png: fatal libpng error: zlib error in /includes/vbimghost_include.php on line 204

Warning: imagepng() [function.imagepng]: gd-png error: setjmp returns error condition in /includes/vbimghost_include.php on line 204
what ver of GD you have ?

Top Nurse 03-11-2007 08:14 AM
Nice Hack that Kicks Ass!

This is exactly what we were looking for as our forum members aren't to hip to the computing scene. We like making it nice and easy for the old folks to be able to post pics on our forum. ;)

Had a little trouble at first because I entered the wrong path to our forums. Here is a little tool (attached) for finding out what your forum path is. Just load it up to your forum folder via FTP and access the file through your web browser. The path to your forum will be printed out on the screen and then you just copy and paste. I found this tool at A Small Orange.

giovannicosta 03-11-2007 01:30 PM
Does this have support(does it work) for vb 3.6.5?

blind-eddie 03-11-2007 07:34 PM
yes & yes

chubzilla 03-11-2007 09:46 PM
i get this error when i rebuild thumbnails
Warning: getimagesize(/home/user/public_html/pgpwagvb/imagehosting/145f4806390ed5.jpg): failed to open stream: No such file or directory in /admincp/vbimghost.php on line 279
Thumbnail Not created for IMG_0075.jpg

Warning: getimagesize(/home/user/public_html/pgpwagvb/imagehosting/145f4750a8b197.jpg): failed to open stream: No such file or directory in /admincp/vbimghost.php on line 279
Thumbnail Not created for _42325766_borat_ap203b.jpg

Warning: getimagesize(/home/user/public_html/pgpwagvb/imagehosting/145f476d70413d.bmp): failed to open stream: No such file or directory in /admincp/vbimghost.php on line 279
Thumbnail Not created for 2nd.bmp

Warning: getimagesize(/home/user/public_html/pgpwagvb/imagehosting/145f4752baaf85.jpg): failed to open stream: No such file or directory in /admincp/vbimghost.php on line 279
Thumbnail Not created for IMG_0029.jpg

Warning: getimagesize(/home/user/public_html/pgpwagvb/imagehosting/745f4735cabb21.jpg): failed to open stream: No such file or directory in /admincp/vbimghost.php on line 279
Thumbnail Not created for Untitled-2.jpg

Warning: getimagesize(/home/user/public_html/pgpwagvb/imagehosting/145f48619c4b21.jpg): failed to open stream: No such file or directory in /admincp/vbimghost.php on line 279

Distance 03-11-2007 10:06 PM
/home/user/public_html

You need to change user with your user

Or change it to your own custom path..

I have 2.0.28 installed

Distance

Ranma2k 03-12-2007 11:39 AM
Quote:
Originally Posted by Distance (Post 1201132)
/home/user/public_html


You need to change user with your user

Or change it to your own custom path..




I have 2.0.28 installed

Distance
can you send me the png file that caused the problem ..

mcqwert 03-12-2007 12:21 PM
I'd like to install this - But I don't know what GD 2.0.1 is?

Yes, I am new to this.

mcqwert 03-12-2007 01:29 PM
Nevermind, I found it:

GD Version bundled (2.0.28 compatible)


All times are GMT. The time now is 11:01 PM.
Page 15 of 37 « First 51314 15 161725 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02028 seconds
  • Memory Usage 1,848KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (14)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (40)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete