• Announcements

    • MannDude

      Current state of vpsBoard   02/04/2017

      Dear vpsBoard members and guests:

      Over the last year or two vpsBoard activity and traffic has dwindled. I have had a change of career and interests, and as such am no longer an active member of the web hosting industry.

      Due to time constraints and new interests I no longer wish to continue to maintain vpsBoard. The web site will remain only as an archive to preserve and showcase some of the great material, guides, and industry news that has been generated by members, some of which I remain in contact to this very day and now regard as personal friends.

      I want to thank all of our members who helped make vpsBoard the fastest growing industry forum. In it's prime it was an active and ripe source of activity, news, guides and just general off-topic banter and fun.

      I wish all members and guests the very best, whether it be with your business or your personal projects.

      -MannDude
MannDude

vpsBoard downtime announcement

7 posts in this topic

There was a nasty IPB 0-day released to the wild, as such vpsBoard was taken offline as a precautionary measure. While there is no patch available yet deleting ipsconnect.php should have fixed the issue.

 

I want to thank @Francisco for alerting me of this as it came to his attention very shortly after it was released. IPBoard wasn't even aware the exploit was out there until I had ticketed them to request why they haven't warned their members on their community forums yet.

 

Anyhow, we're back. :)

7 people like this

Share this post


Link to post
Share on other sites

There was a nasty IPB 0-day released to the wild, as such vpsBoard was taken offline as a precautionary measure. While there is no patch available yet deleting ipsconnect.php should have fixed the issue.

 

I want to thank @Francisco for alerting me of this as it came to his attention very shortly after it was released. IPBoard wasn't even aware the exploit was out there until I had ticketed them to request why they haven't warned their members on their community forums yet.

 

Anyhow, we're back. :)

 

What does (did) ipsconnect.php do?

Share this post


Link to post
Share on other sites

ipsconnect allows multiple sites to share one login.  I think you can even federate to other boards.

 

Invision kind of fumbled this response though.  They say:

 

"It has been brought to our attention that certain PHP configurations allow for a potential SQL injection vulnerability. Although this exploit requires some knowledge of your configuration and for certain files to be web-readable, we felt it important to release an update."

 

However, I ran the exploit against my IPB and it injected SQL just fine - no "knowledge" was needed other than the URL.

2 people like this

Share this post


Link to post
Share on other sites

Didn't IP.Board also delete your topic? Perhaps out of concern for hatching an idea as to what/how to fix the issue, though..so in that respect I could understand them. A little.

2 people like this

Share this post


Link to post
Share on other sites

Didn't IP.Board also delete your topic? Perhaps out of concern for hatching an idea as to what/how to fix the issue, though..so in that respect I could understand them. A little.

 

Yeah they did that.

 

Boo MFers.  Waaa don't show the masses our exploited asses.

Share this post


Link to post
Share on other sites

Yeah they did that.

 

Boo MFers.  Waaa don't show the masses our exploited asses.

 

That's a good thing - at least until they work out what's wrong and an appropriate, official fix.

1 person likes this

Share this post


Link to post
Share on other sites