vpsBoard downtime announcement

Discussion in 'Announcements & Contests' started by MannDude, Nov 9, 2014.

  1. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,034
    2,628
    Mar 8, 2013
    MannDude
    There was a nasty IPB 0-day released to the wild, as such vpsBoard was taken offline as a precautionary measure. While there is no patch available yet deleting ipsconnect.php should have fixed the issue.

    I want to thank @Francisco for alerting me of this as it came to his attention very shortly after it was released. IPBoard wasn't even aware the exploit was out there until I had ticketed them to request why they haven't warned their members on their community forums yet.

    Anyhow, we're back. :)
     
  2. D. Strout

    D. Strout Resident IPv6 Proponent

    1,180
    363
    Apr 17, 2013
    What does (did) ipsconnect.php do?
     
  3. raindog308

    raindog308 vpsBoard Premium Member Moderator

    877
    674
    May 16, 2013
    ipsconnect allows multiple sites to share one login.  I think you can even federate to other boards.

    Invision kind of fumbled this response though.  They say:

    "It has been brought to our attention that certain PHP configurations allow for a potential SQL injection vulnerability. Although this exploit requires some knowledge of your configuration and for certain files to be web-readable, we felt it important to release an update."

    However, I ran the exploit against my IPB and it injected SQL just fine - no "knowledge" was needed other than the URL.
     
    HalfEatenPie and vRozenSch00n like this.
  4. k0nsl

    k0nsl Bad Goy

    444
    191
    Dec 15, 2013
    Didn't IP.Board also delete your topic? Perhaps out of concern for hatching an idea as to what/how to fix the issue, though..so in that respect I could understand them. A little.
     
    Geek and drmike like this.
  5. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,709
    May 13, 2013
    Yeah they did that.

    Boo MFers.  Waaa don't show the masses our exploited asses.
     
  6. MartinD

    MartinD Retired Staff Retired Staff Verified Provider

    1,410
    1,278
    May 15, 2013
    That's a good thing - at least until they work out what's wrong and an appropriate, official fix.
     
    Francisco likes this.