Thread: Major Additions - ibProArcade - professional Arcade System
View Single Post
  #2170  
Old 10-03-2006, 06:50 PM
MrZeropage's Avatar
MrZeropage MrZeropage is offline
 
Join Date: Nov 2003
Location: Munich, Germany
Posts: 3,012
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Shoutcast is a service installed on your server, if you do not secure this or set it up correctly, it could put a hole in your server...

ibProArcade is being used by >1500 users and online for about one year now in this codebase, so I think if there would be such a problem with it, it would be discovered more early and again I can state that ibProArcade has no code that writes new accounts in the userDB



You have vBulletin 3.6.1 (or 3.6.2) installed to make sure this is no older vBulletin-Exploit ? You have setup everything correct so that spambots ect. don't have a chance ?
Scott (vBulletin-Support) also told
Quote:
Originally Posted by Scott
You can stop people from doing this by using the username regular expression filter in 3.6.0 to stop them registering.
The Logs you quoted from your Server also give good details:
Quote:
Originally Posted by ServerLog
63.166.111.6 - - [04/Sep/2006:19:51:58 -0400] "POST //register.php HTTP/1.1" 404 12542 "-" "-"
63.166.111.6 - - [04/Sep/2006:19:51:58 -0400] "POST /forums//register.php HTTP/1.1" 200 21176 "-" "-"
There is some data directly being sent to your register.php which is part of your vBulletin.
Maybe you have some Modification/Hack that is using a PlugIn in register.php then you should check this...



btw I am not offended by your posting, but I want to avoid that anybody looking here and reading this could ever think "Huh, better don't touch ibProArcade, it seems to be unsecure" which it definatly is not
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01106 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete