Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-26-2009, 09:14 AM
TimberFloorAu's Avatar
TimberFloorAu TimberFloorAu is offline
 
Join Date: May 2008
Location: Brisbane
Posts: 2,264
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Potential Security Issue

Today we have had 2 members join, whos ips match 2 of our senior moderators.

Now , our mods have denied that they have set up a new acct,.... so can someone explain.

Is their a security flaw?

Someone is obviously, going to the trouble of obtaining our users IP addresses, then signing up , using a bogus IP addy, that matches our Mods.

Sounds Bizarre but true. Currently have VBSEO online with us, assisting with Suhosin settings

Can anyone please explain how this vulnerability can happen ?
Reply With Quote
  #2  
Old 08-26-2009, 03:42 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TimberFloorAu View Post
Today we have had 2 members join, whos ips match 2 of our senior moderators.

Now , our mods have denied that they have set up a new acct,.... so can someone explain.

Is their a security flaw?

Someone is obviously, going to the trouble of obtaining our users IP addresses, then signing up , using a bogus IP addy, that matches our Mods.

Sounds Bizarre but true. Currently have VBSEO online with us, assisting with Suhosin settings

Can anyone please explain how this vulnerability can happen ?
I happened to check on a friends forum the night before last... I logged in and saw (1 Viewing) beside an admin forum... I looked @ WOL and only me and one other member w/ no guest so I clicked the sub-forum and it had the member listed as viewing their admin forums.

Oddly enough they had setup a general admin account a while back when on 3.6 to post RSS feeds and guess what? The users IP matched the admin accounts IP.

So same question here as it sounds oddly familiar to yours TimberFloorAU except they do not use vBSEO (Gamer forums no need etc).
Reply With Quote
  #3  
Old 08-26-2009, 07:47 PM
TimberFloorAu's Avatar
TimberFloorAu TimberFloorAu is offline
 
Join Date: May 2008
Location: Brisbane
Posts: 2,264
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Very weird huh Michael.

We appear to have suhosin re enabled, but our host hasnt been totally helpful, asking us to enable it within easy apache. But it is enabled, the coder over at vbseo, stated via shell access that we do seem to have a misconfigured suhosin... so perhaps that is the issue.

He however managed to fix this via a htaccess fix, but I am still concerned as to this security issue, and how it is/has been exploited.

Ste
Reply With Quote
  #4  
Old 08-26-2009, 08:31 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you think there is a security issue, you really should post about it over on vb.com since the vb.com guys don't come over here to read about things like this.
Reply With Quote
  #5  
Old 08-26-2009, 09:45 PM
TimberFloorAu's Avatar
TimberFloorAu TimberFloorAu is offline
 
Join Date: May 2008
Location: Brisbane
Posts: 2,264
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have posted this now over at vb.com

One of our admins, has spotted a peculiarity.

We have the New Member Auto Greeting
https://vborg.vbsupport.ru/showthread.php?t=214702

It appears that whoever greets the new member, that new member then posesses that "greeters" IP.

Weird huh !! Will post on the thread of the mod.

Ste
Reply With Quote
  #6  
Old 08-28-2009, 05:16 AM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TimberFloorAu View Post
I have posted this now over at vb.com

One of our admins, has spotted a peculiarity.

We have the New Member Auto Greeting
https://vborg.vbsupport.ru/showthread.php?t=214702

It appears that whoever greets the new member, that new member then posesses that "greeters" IP.

Weird huh !! Will post on the thread of the mod.

Ste
Yes this is weird... Glad to see more being found out about this Timber however the forum I found this on does not have that mod installed but it does point out the problem with having the same IP, security risk IMO.
Reply With Quote
  #7  
Old 08-28-2009, 10:11 AM
matthewhotdude matthewhotdude is offline
 
Join Date: Jul 2009
Posts: 560
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
Yes this is weird... Glad to see more being found out about this Timber however the forum I found this on does not have that mod installed but it does point out the problem with having the same IP, security risk IMO.
What I did, Because the welcome threads get people talking, and I can't find another mod like it, was to create a user called "welcome Party" that is basically a bot that never logs on.
It only replicated the I.P's in the welcome threads tho ?
Reply With Quote
  #8  
Old 08-28-2009, 11:17 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by matthewhotdude View Post
What I did, Because the welcome threads get people talking, and I can't find another mod like it, was to create a user called "welcome Party" that is basically a bot that never logs on.
It only replicated the I.P's in the welcome threads tho ?
And those forums I bet are public or viewable to guest and the rest are permission'ed for usergroups right?
Reply With Quote
  #9  
Old 08-28-2009, 11:46 PM
RLShare RLShare is offline
 
Join Date: Jun 2008
Posts: 499
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The mod creates a post based on a user registering, so it naturally attaches the IP of the User registering to the thread created. And since your username is used by the mod to create the thread, the same IP attached to the thread also gets attached to your account as one you have used. It is not really a security risk at all.

And if you do not want it attaching another IP to your account someone already posted how you can attach a specific IP to those threads instead of VB automatically attaching the users IP to your account.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:13 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07923 seconds
  • Memory Usage 2,248KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete