Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
Care to share how this happened so other owners here can protect themselves?
|
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
Quote:
You can test on your sourceban now, just enter the admin username - don't need to enter any password. Bang you've have logged in as a website admin... That's how my site got hacked :\ ... He'd looked into my sb banlist and test each user until he found one server root admin that I've set without password to log on the website (my server roles > mod > smod >root and webADMIN is for the sourcebans login ) RIP me. But I've fixed anyway. Thanks him for that. If someone here using this and used to set admins in the server without web login password. YOU SHOULD FIX |
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
Quote:
|
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
Quote:
Some serious leak indeed... |
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
This should've been temp "fixed" in a more recent commit, the patch fix was only allowing login through steam, so the manual user login/password boxes are removed.
Edit: Here's the commit from almost 1 year ago: https://github.com/sbpp/sourcebans-p...f66c9b3618589a Adds this option: http://i.imgur.com/U4d0eC9.jpg You guys should definitely update asap, there have been some security fixes since, such as this important one. |
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
Quote:
|
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
Quote:
|
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
I just used this MySQL query to temp fix the logins for now until it's fixed.
Code:
UPDATE sb_admins SET 'password' = replace('password', '1fcc1a43dfb4a474abb925f54e65f426e932b59e', ''); http://i.imgur.com/dXaTier.png However you'll need to manually wipe new users of their passwords until it's fixed. |
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
Quote:
|
Re: [RELEASE] SourceBans++ (v1.5.4.7) [Updated: 2016-04-28]
Quote:
|
All times are GMT -4. The time now is 04:05. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.