Recent posts
#11
SMF 2.1.x Support / Re: The email notification for...
Last post by CRM 114 - Today at 07:57:29 AMThere is a bug in 2.1.6 with sending mails/mail queue.
Look here:
https://www.simplemachines.org/community/index.php?topic=592099.0
https://www.simplemachines.org/community/index.php?topic=592094.0
Look here:
https://www.simplemachines.org/community/index.php?topic=592099.0
https://www.simplemachines.org/community/index.php?topic=592094.0
#12
News and Updates / Re: SMF 2.1.6 released
Last post by Sesquipedalian - Today at 07:50:45 AMQuote from: User2 on Today at 07:28:19 AMAfter the update
Email notifications have stopped coming, but notifications are coming in alerts.
In my settings, it is specified that notifications come by email and it is specified that notifications do not come in alerts.
Quote from: Sesquipedalian on June 26, 2025, 11:38:28 AMFinally, as always, please do not use this topic for support requests. You will receive a much quicker and better response by posting in the 2.1.x Support Board.
#13
Modifications and Packages / Re: Topic First Image Rotator
Last post by hack3 - Today at 07:48:53 AMPerfect in SMF 2.1.6
#14
News and Updates / Re: SMF 2.1.6 released
Last post by User2 - Today at 07:28:19 AMAfter the update
Email notifications have stopped coming, but notifications are coming in alerts.
In my settings, it is specified that notifications come by email and it is specified that notifications do not come in alerts.
Email notifications have stopped coming, but notifications are coming in alerts.
In my settings, it is specified that notifications come by email and it is specified that notifications do not come in alerts.
#15
SMF 2.1.x Support / The email notification for a p...
Last post by jsx - Today at 07:11:39 AMHi. After receiving a private message, the email notification about it arrives several hours later. The forum is running on SMF 2.1.6 after being upgraded from 2.1.4
#16
Modifications and Packages / Re: SMFPacks.com Shoutbox
Last post by Wav¥ - Today at 05:49:08 AMis support for this mod dead?
#17
Bug Reports / Re: Fatal Error: Call to unde...
Last post by shawnb61 - Today at 01:59:00 AMIt's #2.
The unicode tables are now updated straight from the source. Part of the weekly maintenance task.
But the unicode folks made a huge change in direction in a recent revision (#33) of unicode 6 - while the smf code is operating under the prior rules.
So... A fix is coming.
Until then, the temp fix shared above works perfectly.
The unicode tables are now updated straight from the source. Part of the weekly maintenance task.
But the unicode folks made a huge change in direction in a recent revision (#33) of unicode 6 - while the smf code is operating under the prior rules.
So... A fix is coming.
Until then, the temp fix shared above works perfectly.
#18
Bug Reports / Re: Fatal Error: Call to unde...
Last post by MegaBrutal - Today at 01:30:00 AMHappened to me too, but only today, after several days of the upgrade, so I'm not sure if 2.1.6 has anything to do with it. According to error log, it started just around the time I went to sleep. I noticed some files have changed in the SMF installation directory!
Is it a ******ing cyber attack?
Interesting errors right at the time when the files changed:
Similar unlink() errors follow for different files:
Note the same filenames those are changed at 1:16, just with random temporary extension (Sources/Unicode/Idna.php <-> /tmp/Idna.QHUy9K).
My theories:
Code Select
# ls -lt Sources/Unicode
total 1132
-rw-r--r-- 1 www-data www-data 250748 Jul 13 01:16 Idna.php
-rw-r--r-- 1 www-data www-data 39292 Jul 13 01:16 QuickCheck.php
-rw-r--r-- 1 www-data www-data 95317 Jul 13 01:16 RegularExpressions.php
-rw-r--r-- 1 www-data www-data 107149 Jul 13 01:16 CaseFold.php
-rw-r--r-- 1 www-data www-data 106819 Jul 13 01:16 CaseUpper.php
-rw-r--r-- 1 www-data www-data 105111 Jul 13 01:16 CaseLower.php
-rw-r--r-- 1 www-data www-data 23574 Jul 13 01:16 CombiningClasses.php
-rw-r--r-- 1 www-data www-data 38384 Jul 13 01:16 Composition.php
-rw-r--r-- 1 www-data www-data 140938 Jul 13 01:16 DecompositionCompatibility.php
-rw-r--r-- 1 www-data www-data 83748 Jul 13 01:16 DecompositionCanonical.php
-rw-r--r-- 1 www-data www-data 412 Jul 13 01:16 Metadata.php
-rw-r--r-- 1 www-data www-data 7741 Apr 27 2023 CaseTitle.php
-rw-r--r-- 1 www-data www-data 92225 Apr 27 2023 DefaultIgnorables.php
-rw-r--r-- 1 www-data www-data 217 Apr 27 2023 index.php
Is it a ******ing cyber attack?
Interesting errors right at the time when the files changed:
Code Select
Hiba
A hiba típusa
Cron
Hibaüzenet
2: unlink(/tmp/Metadata.R04GQs): No such file or directory
Fájl
/var/www/asperger/Sources/Subs-Admin.php
Sor
1928
A hibát okozó oldal címe
https://asperger.hu/index.phphttps://asperger.hu/cron.php
Backtrace információ
#0: smf_error_handler_cron()
Híva innen: ismeretlen, -1. sor
#1: unlink()
Híva innen: /var/www/asperger/Sources/Subs-Admin.php, 1928. sor
#2: safe_file_write()
Híva innen: /var/www/asperger/Sources/tasks/UpdateUnicode.php, 583. sor
#3: execute()
Híva innen: /var/www/asperger/cron.php, 250. sor
#4: perform_task()
Híva innen: /var/www/asperger/cron.php, 132. sor
Similar unlink() errors follow for different files:
Code Select
2: unlink(/tmp/DecompositionCanonical.UnB9S2): No such file or directory
2: unlink(/tmp/DecompositionCompatibility.fxUqfu): No such file or directory
2: unlink(/tmp/Composition.D2HWqG): No such file or directory
2: unlink(/tmp/CombiningClasses.jljLU2): No such file or directory
2: unlink(/tmp/CaseUpper.eoGGUZ): No such file or directory
2: unlink(/tmp/CaseFold.HWV3s1): No such file or directory
2: unlink(/tmp/RegularExpressions.UlkIRX): No such file or directory
2: unlink(/tmp/QuickCheck.bkevcW): No such file or directory
2: unlink(/tmp/Idna.QHUy9K): No such file or directory
Note the same filenames those are changed at 1:16, just with random temporary extension (Sources/Unicode/Idna.php <-> /tmp/Idna.QHUy9K).
My theories:
- (Pessimistic:) This is a ******ing vulnerability that has been exploited and we have no idea of its scope, e.g. what did it do beyond corrupting files and whether data has been stolen.
- (Optimistic:) Cron tried to upgrade the Unicode library and it has failed for some reason.
#19
Server Performance and Configuration / Re: Did something change with ...
Last post by shawnb61 - Yesterday at 10:30:37 PMI'm not familiar with fail2ban.
I have definitely seen different behavior lately.
- Lots more "likes" attacks, & very aggressive, over days.
- Highly, highly distributed (better disguised); before you could find some narrow IP ranges (first 2 nodes) that had thousands of hits, but not really anymore; most only have a couple hundred; this makes it harder to find the most problematic ASN. (You can address this by focusing your analysis on likes link activity. Face it, nobody should be doing 300 of these... I do this analysis in Excel, using my web access logs as input.)
- I am now seeing them from within the USA, including Comcast, TMobile, etc.
I'm blocking ASNs where I don't have users.
Where I *do* have users, I'm experimenting with some rewrite rules in .htaccess to give a 403 to only those "view likes" links, to only those ASNs. This means some real users will get erroneous 'banned' messages if they try to see who liked a post. I'm hoping this is temporary until this massive wave of "likes" attacks dies down.
I have definitely seen different behavior lately.
- Lots more "likes" attacks, & very aggressive, over days.
- Highly, highly distributed (better disguised); before you could find some narrow IP ranges (first 2 nodes) that had thousands of hits, but not really anymore; most only have a couple hundred; this makes it harder to find the most problematic ASN. (You can address this by focusing your analysis on likes link activity. Face it, nobody should be doing 300 of these... I do this analysis in Excel, using my web access logs as input.)
- I am now seeing them from within the USA, including Comcast, TMobile, etc.
I'm blocking ASNs where I don't have users.
Where I *do* have users, I'm experimenting with some rewrite rules in .htaccess to give a 403 to only those "view likes" links, to only those ASNs. This means some real users will get erroneous 'banned' messages if they try to see who liked a post. I'm hoping this is temporary until this massive wave of "likes" attacks dies down.
#20
SMF 2.1.x Support / Re: Display issue after 2.1.5 ...
Last post by secretprojects - Yesterday at 09:26:30 PM Using a search of Sources folder using
AvatarsDisplayIntegration.php
Code Select
grep -R -n buffer_remove_this * it seems to relate to AvatarsDisplayIntegration.php
Code Select
AvatarsDisplayIntegration.php:222: '~<a href="#" data-adi="buffer_remove_this"></a>~', // 4
AvatarsDisplayIntegration.php:226: '~data-adi="buffer_remove_this">~', // 8
AvatarsDisplayIntegration.php:669: $context['members'][$id]['color'].= '; display:none;">'.$context['members'][$id]['avatar']['image'].$context['members'][$id]['link_color'].'data-adi="buffer_remove_this';
AvatarsDisplayIntegration.php:742: $message['member']['href'] = '#" data-adi="buffer_remove_this';