@PitaJ "version": "1.17.0" is in package.json file.
my forum got hacked today
-
EDIT
My password got compromised, nevermind.Hello
Somehow a user posted under my account. and it was posted with the tag "cid-4-privileges-read". Because nodebb was in dev mode, the last requested links were
20/3 01:07 [1618] - warn: Route requested but not found: /groups/cid-4-privileges-read
20/3 04:18 [1618] - verbose: [translator] No resource file found for en_US/markdown, using provided fallback language file
20/3 04:21 [1618] - warn: Route requested but not found: /CHANGELOG.txt
20/3 04:21 [1618] - warn: Route requested but not found: /readme.html
20/3 04:42 [1618] - warn: Route requested but not found: /user/c???????
20/3 05:01 [1618] - warn: Route requested but not found: /category/27
20/3 06:57 [1618] - warn: Route requested but not found: /index.php?app=forums&module=extras§ion=stats&do=who&t=1234
20/3 09:34 [1618] - warn: Route requested but not found: /topic/189/hackerIs there any log files i can see how this happened? I was running the forums on latest build in dev mode, guess that isn't helpful?
Thanks
-
@chas nope none of these logs contain any useful info.
Please note that the dev mode is not meant for a productional system.
Additionally you should be sure that your chosen password is secure. Just like the device & browser you are using to log into it. -
persona theme, but i think this was done via injection, they tried all kinds of things by the looks of it
"GET /topic/80/script-alert-is-this-escaped-p-s-chas-is-a-noob-window-location-http-www-youtube-com-watch-v-dqw4w9wgxcq-scriptDoes any developer want to analyze my nginx logs ?
-
You can contact NodeBB Team by sending an email to [email protected]
-
@pichalite Yes but completely different server
-
@chas doesn't matter if it's a different server or not... if it's the same domain then, search bots are going to crawl for the old links to see if they still work.
those "route requested but not found" warnings are from the bots checking the old url not somebody hacking your server.
-
@pichalite Yup i know, just posting the last few lines of the dev terminal after it happened.
-
I've sent some logs to [email protected] and we'll go from there. I don't want to cause alarm because it could be somehow my password got compromised (though i have no idea how)
@charles Yes
nodebb-plugin-composer-default
nodebb-plugin-dbsearch
nodebb-plugin-emoji-extended
nodebb-plugin-markdown
nodebb-plugin-mentions
nodebb-plugin-recent-cards
nodebb-plugin-soundpack-default
nodebb-plugin-spam-be-gone
nodebb-rewards-essentials
nodebb-theme-lavender
nodebb-theme-persona
nodebb-theme-vanilla
nodebb-widget-essentials
