Edit: What Connor said 
6,826 2005-08-24 22:43
Re: Group Change Security MOD (22 replies, posted in PunBB 1.2 modifications, plugins and integrations)
6,827 2005-08-24 22:40
Re: HideMe functionality for 1.2.6? (12 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Fine
*pops on IRC* 
6,828 2005-08-24 22:38
Re: HideMe functionality for 1.2.6? (12 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Gary, I'm not Connor
I'll do it for you if you want, I have plenty of free time
6,829 2005-08-24 22:35
Re: HideMe functionality for 1.2.6? (12 replies, posted in PunBB 1.2 modifications, plugins and integrations)
I'll see about updating it
6,830 2005-08-24 22:26
Re: [release] AP_Forum_cleanup (21 replies, posted in PunBB 1.2 modifications, plugins and integrations)
Not Found
The requested URL /download/plugins/AP_Forum_cleanup.zip was not found on this server.
6,831 2005-08-24 22:17
Re: Group Change Security MOD (22 replies, posted in PunBB 1.2 modifications, plugins and integrations)
## Affected files: some_script.php
## include/foo.php
Edit: And couldn't you just change the email in admin_options.php, overriding any security benefit this mod has?
6,832 2005-08-24 21:05
Re: Error: Unable to fetch user info. (25 replies, posted in PunBB 1.2 troubleshooting)
This color is better for hiding things in Oxygen
Well, if the account was missing, it was missing
And I pwn Connor
6,833 2005-08-24 19:48
Topic: admin_maintenence.php (4 replies, posted in PunBB 1.2 bug reports)
$truncate_sql = ($db_type != 'sqlite') ? 'TRUNCATE TABLE ' : 'DELETE FROM ';
$db->query($truncate_sql.$db->prefix.'search_matches') or error('Unable to empty search index match table', __FILE__, __LINE__, $db->error());
$db->query($truncate_sql.$db->prefix.'search_words') or error('Unable to empty search index words table', __FILE__, __LINE__, $db->error());Shouldn't it truncate search_cache as well?
6,834 2005-08-24 19:47
Re: Error: Unable to fetch user info. (25 replies, posted in PunBB 1.2 troubleshooting)
*bows*
6,835 2005-08-24 19:26
Re: Error: Unable to fetch user info. (25 replies, posted in PunBB 1.2 troubleshooting)
briank: so the posts aren't in the database anymore?
I think that's due to the missing user account messing up the join, create a new account with an id of 2 and they should be back
6,836 2005-08-24 19:02
Re: PunBB Source Code!? (17 replies, posted in PunBB 1.2 bug reports)
Connorhd wrote:
{ } are not needed if there is only one line in the statment after the if, else, while, for, etc (see http://uk.php.net/manual/en/language.co … ctures.php and http://uk.php.net/manual/en/control-str … syntax.php)
?> is only needed if there is html after the php (you can think about it that <?php ends the html and ?> starts the html instead of inversely if that makes sense)
What Connor said
And I thought he meant there was only a { or a }, not missing both
6,837 2005-08-24 18:11
Re: PunBB Source Code!? (17 replies, posted in PunBB 1.2 bug reports)
Now what are you talking about?
If the code was missing {}s, then there would be a parse error when you tried to view it 
and the closing tag isn't always needed (for example, config.php) and removing it can keep some errors from happening (like, excess whitespace after the end tag in config.php messing up the headers)
6,838 2005-08-24 18:09
Re: Error: Unable to fetch user info. (25 replies, posted in PunBB 1.2 troubleshooting)
Enable debug mode, paste the full error here
6,839 2005-08-24 17:21
Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)
neofutur wrote:
hacked the same way yesterday 18:06 french time.
I come here a bit late but send my info anyway :
I were running 1.2.6 and I now just applied all CodeXP patches ( thanks for your fast patches, CodeXPsome infos I gathered :
added data in db :
INSERT INTO `punbb_config` VALUES ('o_board_title','HACKED BY ALTAN');
INSERT INTO `punbb_config` VALUES ('o_board_desc','AÇIKLAR KAPANMADIKÇA BEN HEP BURDAYIM');
and :
INSERT INTO `punbb_users` VALUES (4,32000,'Mathusalem','7621e34ef49d97094c9d85248312414e6ca6dfc2','desktop@noos.fr',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0,NULL,NULL,NULL,1,1,0,1,1,1,1,1,1,'French','Mercury',0,NULL,1120570925,'84.96.34.102',1120570925,NULL,NULL,NULL);
INSERT INTO `punbb_users` VALUES (5,4,'coco','4d8ec4de1c6571dbfbd8a720dae4224cbc5488a1','flo-flo@yandex.ru',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0,NULL,NULL,NULL,1,1,0,1,1,1,1,1,1,'French','Mercury',0,NULL,1121349686,'83.157.145.200',1121361244,NULL,NULL,NULL);
INSERT INTO `punbb_users` VALUES (6,1,'123','8eb5e49487b969d8b89bf1c41a8cfd4bbb65b4d5','e_m_re@hotmail.com',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,0,NULL,NULL,NULL,1,1,0,1,1,1,1,1,1,'French','Mercury',0,NULL,1124812372,'81.214.28.118',1124813177,NULL,NULL,NULL);( 32000 group for me too but two other users were created after )
created in cache directory :
64 jui 22 06:20 cache_bans.php
3663 aoû 23 18:06 cache_config.php
418 aoû 23 18:05 cache_quickjump_1.php
418 aoû 23 18:05 cache_quickjump_2.php
418 aoû 23 18:05 cache_quickjump_3.php
418 aoû 23 18:05 cache_quickjump_4.php
418 aoû 23 18:05 cache_quickjump_5.php
418 aoû 23 18:05 cache_quickjump_6.php
530 jui 22 06:18 cache_ranks.php
60 jan 11 2005 .htaccess
63 jan 11 2005 index.htmlthose cache_quickjump things seem to be part of the exploit
installed plugins :
drwxr-xr-x 3 apache neonet 4096 jui 22 06:14 ./
drwxrwxr-x 12 apache neonet 4096 aoû 24 11:18 ../
-rw-r--r-- 1 apache neonet 5080 jan 26 2005 AMP_Example.php
-rw-rw-r-- 1 apache neonet 16942 fév 28 21:49 AMP_Global_topic.php
-rw-rw-r-- 1 apache neonet 4354 jui 22 06:11 AMP_Global_topic.zip
-rw-rw-r-- 1 apache neonet 6636 fév 7 2005 AP_Broadcast_Email.php
-rw-rw-r-- 1 apache neonet 2273 jui 22 06:11 AP_Broadcast_Email.zip
-rw-rw-r-- 1 apache neonet 4818 mai 12 23:57 AP_Clear_Cache.php
-rw-rw-r-- 1 apache neonet 1460 jui 22 06:11 AP_Clear_Cache.zip
-rw-rw-r-- 1 apache neonet 25359 avr 5 17:25 AP_DB_management.php
-rw-rw-r-- 1 apache neonet 8027 jui 22 06:11 AP_DB_management.zip
-rw-rw-r-- 1 apache neonet 5731 fév 22 2005 AP_Languages_and_styles.php
-rw-rw-r-- 1 apache neonet 2053 jui 22 06:11 AP_Languages_and_styles.zip
-rw-rw-r-- 1 apache neonet 5637 mai 24 16:01 AP_Merge_Forums.php
-rw-rw-r-- 1 apache neonet 1953 jui 22 06:11 AP_Merge_Forums.zip
drwxrwxr-x 3 apache neonet 4096 jan 15 2005 AP_News_Generator/
-rw-rw-r-- 1 apache neonet 7819 jan 26 2005 AP_News_Generator.php
-rw-rw-r-- 1 apache neonet 3145 jui 22 06:11 AP_News_Generator.zip
-rw-rw-r-- 1 apache neonet 12774 fév 28 21:20 AP_User_management.php
-rw-rw-r-- 1 apache neonet 4151 jui 22 06:11 AP_User_management.zip
-rw-rw-r-- 1 apache neonet 2961 fév 3 2005 AP_Version_Changer.php
-rw-rw-r-- 1 apache neonet 1546 jui 22 06:11 AP_Version_Changer.zip
-rw-r--r-- 1 apache neonet 63 jan 11 2005 index.htmlI now refuse to host phpbb forums for I saw too much of this problems, and ask my users to prefer punbb, thank you all for this forum and fast reaction, this problem and fast answers keep me preferring punbb and human understandable well written code ( thank you clean coders
Seems we need a 1.2.7 release soon nope ?
What about using http://punbb.org/forums/extern.php?acti … amp;fid=48 RSS Feed so any punbb admin sees new release immediatelyin a punbb ?
Another important ( but probably much more difficult to code one ;( would be to have online punbb upgrade like webmin does it ( searching for last version, downloading, verifying md5sum/gpg key if necessary, installing new version )
Last thing, on http://punbb.org/downloads.php I couldn't find md5sums for zip/gz files nor gnup sign ;(
Would you add them so anyone can verify md5 or pgp sign ?Hopes my thoughts can help.
If you ever need hosting, mirror, rss feed bouncer . . . just ask me
Quickjump is a regular cache thing
And none of that really helps in finding where the hack originated, since I'm guessing he just used the DB plugin once he was admin to do that.
If you want to email me and/or Rickard some way to download and check your forum source, like Rod did, feel free. I can check and see if there are any missing patches or whatever
6,840 2005-08-24 17:16
Re: Captcha? (15 replies, posted in PunBB 1.2 discussion)
Because it requires GD
6,841 2005-08-24 01:15
Re: Subscribe to topic without email (6 replies, posted in PunBB 1.2 troubleshooting)
PunBB doesn't have PMs by default
It's a mod you can install though
6,842 2005-08-24 00:13
Re: Prevent "non-english" AdSense ads (18 replies, posted in General discussion)
I get it as well
6,843 2005-08-23 21:30
Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)
hcgtv: No, they're added, but with a group id of 32000 I believe
6,844 2005-08-23 20:47
Re: Same user appears 3 times in the online list (44 replies, posted in PunBB 1.2 bug reports)
How about something like this?
6,845 2005-08-23 18:51
Re: Small mistake in register.php (3 replies, posted in PunBB 1.2 bug reports)
Exactly
6,846 2005-08-23 18:45
Topic: Small mistake in register.php (3 replies, posted in PunBB 1.2 bug reports)
if ($email_setting < 0 && $email_setting > 2) $email_setting = 1;should be
if ($email_setting < 0 || $email_setting > 2) $email_setting = 1;6,847 2005-08-23 18:40
Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)
CodeXP: Do you have access logs from it that I could take a look at?
6,848 2005-08-23 18:27
Re: Hacked by Altan (101 replies, posted in PunBB 1.2 discussion)
Rod wrote:
I have few mods installed ... the only thing abou security is I wanted to use my header.inc from nucleus to punBB ... but it's not with this an user can register directly in ADMIN mode ... I don't know, the mods I have are
- bbcodeAs you can see ... nothing.
When Rickard will read this post, I can able to send him (or Smartys ? The Anti Hacker
Anti hacker? how kind
Yeah, feel free to send me a copy (my email address). Also, like Frank said, if you have an access.log file, send it to me (feel free to save me some time and only include stuff for his IP)
6,849 2005-08-23 11:57
Re: Cannot register new user. Error: Unable to fetch user info. (10 replies, posted in PunBB 1.2 troubleshooting)
Mmm, could be this (from the 4.1.12 changelog)
Previously in MySQL 4.1, an Illegal mix of collations error occurred when mixing strings from same character set when one had a non-binary collation and the other a binary collation. Now the binary collation takes precedence, so that both strings are treated as having the binary collation. This restores compatibility with MySQL 4.0 behavior.
6,850 2005-08-22 23:12
Re: Multiple domains... (4 replies, posted in PunBB 1.2 troubleshooting)
Well, it would require modifying the code
One way to do it would be to modify admin_options.php so base_url is a textarea, and then modify the confirm_referrer function to loop through every URL in the box