Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > ibProArcade Archive
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
ibProArcade v2.7.2+ coming Details »»
ibProArcade v2.7.2+ coming
Version: , by MrZeropage MrZeropage is offline
Developer Last Online: Mar 2023 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 02-23-2012 Last Update: Never Installs: 0
 
No support by the author.

This version fixes the security-problem and will be released within the next 24 hours, after the staff here verified it is ok

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
6 благодарности(ей) от:
garyb12001, Hippy, Ranger187, RedDevil, rpgamersnet, stangger5

Comments
  #12  
Old 02-23-2012, 07:15 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MentaL View Post
injection on arcade.php. Allowed a user to gain the MD5 and salt of any user it requested. best way to check if you are infected is to search for the following in your logs

Code:
Arcade&do=stats&comment=a&s_id=
If you find injection then follow it up.
For those not as tech minded it means a hacker could crack the password for any user on your site.

It would be a good idea to change the passwords of all admin accounts on your site if you had this mod installed.
Reply With Quote
  #13  
Old 02-23-2012, 07:21 PM
viper357's Avatar
viper357 viper357 is offline
 
Join Date: Dec 2006
Location: Worthing, UK
Posts: 563
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MentaL View Post
injection on arcade.php. Allowed a user to gain the MD5 and salt of any user it requested. best way to check if you are infected is to search for the following in your logs

Code:
Arcade&do=stats&comment=a&s_id=
If you find injection then follow it up.
Sorry for the noob question but which logs must we look at and where do we find them? Thanks.
Reply With Quote
  #14  
Old 02-23-2012, 07:47 PM
MentaL's Avatar
MentaL MentaL is offline
 
Join Date: Jan 2003
Posts: 550
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by viper357 View Post
Sorry for the noob question but which logs must we look at and where do we find them? Thanks.
web server logs, cpanel users can find them in /home/username/logs
Reply With Quote
2 благодарности(ей) от:
TCattitude, viper357
  #15  
Old 02-23-2012, 07:49 PM
Schoelle Schoelle is offline
 
Join Date: Feb 2011
Location: Germany
Posts: 72
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks MentaL.
No entries in my logs.
Reply With Quote
  #16  
Old 02-24-2012, 04:06 PM
garyb12001 garyb12001 is offline
 
Join Date: Jun 2010
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Any updates as to when the new version might be released? Thanks!
Reply With Quote
  #17  
Old 02-24-2012, 10:37 PM
Mark.B Mark.B is offline
Senior Member
 
Join Date: Feb 2004
Posts: 1,354
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Once again we have no updates to a critical modification. Mr Zeropage implies that the update is with vBulletin.org staff for verification. Could we at least have an update regarding timescales? If there's an issue than fair enough, but as usual with vb these days, we are simply left in the dark.
Reply With Quote
  #18  
Old 02-25-2012, 01:02 AM
PossumX's Avatar
PossumX PossumX is offline
 
Join Date: Oct 2006
Location: NE USA
Posts: 141
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Anxiously awaiting update Customer of mine is having a coronary over this, more so, his members ...
Reply With Quote
  #19  
Old 02-25-2012, 12:47 PM
Mark.B Mark.B is offline
Senior Member
 
Join Date: Feb 2004
Posts: 1,354
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It would be nice for someone to update us on what on Earth is going on here.

I am not criticising the mod author here incidentally.

A statement has been made telling us to pull the most popular modification by many multiples. This then cripples many of our sites, or puts us at risk of being hacked.

A further statement is made stating that a patch has been made and will be released within 24 hours.

Two and a half days later - no patch, no further statement, abject silence from everyone.

If there's a delay in the patch because an issue has been found, then fine - but please tell us.

Instead, it seems everyone is content to hammer further nails into the coffin of forums, many of whom are already losing members to Facebook hand over fist.

We all gave our members an update and now WE look like we're the ones ignoring THEM, because vbulletin.org is ignoring US.

I am not complaining about the lack of a patch - I am complaining about the lack of updates.
Reply With Quote
2 благодарности(ей) от:
mrblista, Schoelle
  #20  
Old 02-25-2012, 02:54 PM
durruti durruti is offline
 
Join Date: Jan 2012
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MentaL View Post
web server logs, cpanel users can find them in /home/username/logs
Noob question, I can't really find what you're referring to but are you referring to Raw Access Logs?
Reply With Quote
  #21  
Old 02-25-2012, 04:06 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There was an SQL injection exploit identified for this mod.

After confirming it I quarantined the mod.

I have discussed the exploit with the mod author and am waiting for him to upload a fixed version.

I am keeping a close eye on this and hope to approve the update as quickly as I can once I get it.
Reply With Quote
3 благодарности(ей) от:
Mark.B, mrblista, Schoelle
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:20 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06562 seconds
  • Memory Usage 2,328KB
  • Queries Executed 27 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_code
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (13)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete