News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Simple Machines Forums attacks

Started by Norv, February 19, 2011, 04:33:48 PM

Previous topic - Next topic

eattheword

I just installed Arrantor's login detector. The installation seemed to go smoothly with no reported errors, but when I checked the log immediately afterwards I saw these entries:


http://www.myforumname/forum/index.php?action=packages;sa=install2;package=login_detector.zip

512: package_flush_cache(): some files are still not writable
File: /hsphere/local/home/username/myforumname/forum/Sources/Subs-Package.php
Line: 1905

http://www.myforumname/forum/index.php?action=packages;sa=install2;package=login_detector.zip

2: fopen(/hsphere/local/home/username/myforumname/forum/Sources/LogInOut.php): failed to open stream: Permission denied
File: /hsphere/local/home/username/myforumname/forum/Sources/Subs-Package.php
Line: 1901

http://www.myforumname/forum/index.php?action=packages;sa=install;package=login_detector.zip;sesc

2: fclose(): supplied argument is not a valid stream resource
File: /hsphere/local/home/username/myforumname/forum/Sources/Subs-Package.php
Line: 1908

http://www.myforumname/forum/index.php?action=packages;sa=install;package=login_detector.zip;sesc

2: fopen(/hsphere/local/home/username/myforumname/forum/Sources/LogInOut.php): failed to open stream: Permission denied
File: /hsphere/local/home/username/myforumname/forum/Sources/Subs-Package.php
Line: 1901


Not knowing much about how the error logs work, is there anything here that I need to take action on?

I'm running SMF 1.1.11


Illori

please do not post support requests in any thread in this board. please post the request in the proper support board. although i dont know if arantor is providing support for that mod.

Arantor

Firstly, it's not a mod published officially, so there's no support thread for it. It is, however, an SMF bug combined with insufficient permissions.

eattheword

Not sure whether I can post a follow up question here then...  :-\

Should I PM Arrantor?

As far as permissions go, the Sources directory is 777 and the files are 755.

Illori

as i said before please open up a support thread in the proper board this is not the place for this discussion.

kat

Actually, for the reasons that Arantor's pointed-out, it was me that directed eattheword to this topic.

Under the circumstances, it seemed the best place.

Dream Portal

Forum Firewall seems to help best. In My opinion.

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

live627

Elaborate... how is forum firewall out of date, exactly?

Kindred

no, the comment on the attacks is a month out of date (and was made to hit a post count)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

live627

See, that wasn't so hard, was it? To post a bit more details in the first place.

butchs

Ah come on, maybe he was simply posting an opinion.  Only when I created Forum Firewall did my bot bandwidth problem disappear.  I decided to share it with the SMF community.  I tested it for months before doing so.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

live627

Maybe. But as has been said a few replies up the person behind that duplicate team account made eleven posts and vanished. Sensible, yes. Such is what happens when one posts to get rid of the profile limitations.

Sarah Jo


sharks

I have to say this is piss poor effort to just warn users and in this process force all of us to upgrade to 2.0 RC5. I am using 1.1.13 on all my forums and i definitely do NOT want to upgrade as i have too many custom paid mods and manual edits. Most of these mods are not available for RC5, along with all the custom themes and manual edits which i have no idea how to work out on 2.0 RC5. Why not make the process easier for all of us still on the 1.1.x line by providing a fix in 1.1.14? That would definitely help to make me believe again in SMF. I am currently at the tipping point of moving to IPB, permanently.
The fix would provide a hard-coded method of blocking the most obvious pathways used by spammers. Spam affects all forums, not just SMF, so i believe it should be a default protection provided in the basic install package when setting up a brand new forum. Since it appears not to affect RC5, then we should not leave all the thousands of SMF 1.1.x users hanging in distress and uncertainty.

BTW, when i saw the new look on this site's homepage, i thought for half a second "could it be...." and then i went back to my normal self, seeing that 2.0 final was not released. I then read the spam article to feel even more disappointed. Thanks SMF for ruining my day, twice!

Matthew K.

Dev Blog Post
Quote from: sharks on May 09, 2011, 07:41:41 PM
I have to say this is piss poor effort to just warn users and in this process force all of us to upgrade to 2.0 RC5. I am using 1.1.13 on all my forums and i definitely do NOT want to upgrade as i have too many custom paid mods and manual edits. Most of these mods are not available for RC5, along with all the custom themes and manual edits which i have no idea how to work out on 2.0 RC5. Why not make the process easier for all of us still on the 1.1.x line by providing a fix in 1.1.14? That would definitely help to make me believe again in SMF. I am currently at the tipping point of moving to IPB, permanently.
The fix would provide a hard-coded method of blocking the most obvious pathways used by spammers. Spam affects all forums, not just SMF, so i believe it should be a default protection provided in the basic install package when setting up a brand new forum. Since it appears not to affect RC5, then we should not leave all the thousands of SMF 1.1.x users hanging in distress and uncertainty.

BTW, when i saw the new look on this site's homepage, i thought for half a second "could it be...." and then i went back to my normal self, seeing that 2.0 final was not released. I then read the spam article to feel even more disappointed. Thanks SMF for ruining my day, twice!

Illori

Quote from: sharks on May 09, 2011, 07:41:41 PM
I have to say this is piss poor effort to just warn users and in this process force all of us to upgrade to 2.0 RC5. I am using 1.1.13 on all my forums and i definitely do NOT want to upgrade as i have too many custom paid mods and manual edits.

if you took the time to read, you would see that the same patch that is in RC5 for this attack is in 1.1.13 upgrade, so you dont need to upgrade to RC5 at all to get this patch.

Crip

SMF must be on steroid's today .. loading pages is super Quick ATM! ;D
I have become comfortably numb!


I remember my mother's prayers and they have always followed me.
   - Abraham Lincoln -



TOTM Winner. | Demo Site1on1 Theme Support

flapjack

Quote from: Illori on May 09, 2011, 09:13:32 PM
Quote from: sharks on May 09, 2011, 07:41:41 PM
I have to say this is piss poor effort to just warn users and in this process force all of us to upgrade to 2.0 RC5. I am using 1.1.13 on all my forums and i definitely do NOT want to upgrade as i have too many custom paid mods and manual edits.

if you took the time to read, you would see that the same patch that is in RC5 for this attack is in 1.1.13 upgrade, so you dont need to upgrade to RC5 at all to get this patch.
don't feed the troll

live627


Advertisement: