my forum got hacked today

Yep Sorry guys, finally figured it out.

They decrypted my password through the Xsplit db leak and managed to login to my account.

Time to look at that 2FA plugin !...

Thanks again and apologies for the panic

This is exactly what i wanted! discord is great! thanks

I've sent some logs to security@nodebb and we'll go from there. I don't want to cause alarm because it could be somehow my password got compromised (though i have no idea how)

@charles Yes

nodebb-plugin-composer-default
nodebb-plugin-dbsearch
nodebb-plugin-emoji-extended
nodebb-plugin-markdown
nodebb-plugin-mentions
nodebb-plugin-recent-cards
nodebb-plugin-soundpack-default
nodebb-plugin-spam-be-gone
nodebb-rewards-essentials
nodebb-theme-lavender
nodebb-theme-persona
nodebb-theme-vanilla
nodebb-widget-essentials

@pichalite Yup i know, just posting the last few lines of the dev terminal after it happened.

@nhl.pl Thanks i'll do that

@pichalite Yes but completely different server

persona theme, but i think this was done via injection, they tried all kinds of things by the looks of it
"GET /topic/80/script-alert-is-this-escaped-p-s-chas-is-a-noob-window-location-http-www-youtube-com-watch-v-dqw4w9wgxcq-script

Does any developer want to analyze my nginx logs ?

EDIT
My password got compromised, nevermind.

Hello

Somehow a user posted under my account. and it was posted with the tag "cid-4-privileges-read". Because nodebb was in dev mode, the last requested links were
20/3 01:07 [1618] - warn: Route requested but not found: /groups/cid-4-privileges-read
20/3 04:18 [1618] - verbose: [translator] No resource file found for en_US/markdown, using provided fallback language file
20/3 04:21 [1618] - warn: Route requested but not found: /CHANGELOG.txt
20/3 04:21 [1618] - warn: Route requested but not found: /readme.html
20/3 04:42 [1618] - warn: Route requested but not found: /user/c???????
20/3 05:01 [1618] - warn: Route requested but not found: /category/27
20/3 06:57 [1618] - warn: Route requested but not found: /index.php?app=forums&module=extras&section=stats&do=who&t=1234
20/3 09:34 [1618] - warn: Route requested but not found: /topic/189/hacker

Is there any log files i can see how this happened? I was running the forums on latest build in dev mode, guess that isn't helpful?

Thanks

@julian said:

Wow, I've been wanting to develop a LetsEncrypt plugin for NodeBB for quite some time so if there is one now I will definitely take a look soon

Fantastic

@phl cheers for the suggestion, i changed my nodebb to run through nginx now, and got letsencrypt working that way for now

Hi there I've installed letsencrypt and got my domains authorized in the limited beta.

but I notice they only support apache and nginx.

I see an npm package for nodejs support https://www.npmjs.com/package/node-letsencrypt

Does someone need to make a nodebb plugin? how can i get this to work?

Thanks!

@julian said:

bind_address

thanks @julien works

I also tried

"host": "149.202.63.125",
"port": "80",

but no luck

Does nodebb bind to all IP address by default? this is my config.json and it listens to all my IP addresses on port 80

"url": "http://149.202.63.125:80",
"secret": "blahblahblah1",
"database": "redis",
"redis": {
    "host": "127.0.0.1",
    "port": "6379",
    "password": "",
    "database": "0"
}

}

so to get it binding only to the 149.202.63.125 address do i have to add something like this?

"socket.io": {
	"address": "149.202.63.125"
}
"port": "80",

but it doesnt work

this is exactly what i've been looking for! love it thanks, Recent replies & this = perfect

is it not best to make this a plugin instead to modify the theme? then if persona updates we wont miss out on the changes

ok got it working again i re-took ownership of the entire directory again... maybe a i did a sudo git pull by mistake or something silly

opps xd

uhh i just scrolled up more in the logs is it something to do with that permission denied message? i don't know how i would have caused this

9/9 11:27 [5046] - info: [plugins] Plugins OK
9/9 11:27 [5046] - verbose: [meta/css] Minifying LESS/CSS
9/9 11:27 [5046] - error: Could not initialise sound files:EACCES, unlink '/home/chas/nodebb/public/sounds/notification.mp3'
9/9 11:27 [5046] - verbose: [meta/templates] Compiling templates
9/9 11:27 [5046] - error: Error: EACCES, permission denied '/home/chas/nodebb/public/templates/403.tpl'
at Object.fs.unlinkSync (fs.js:765:18)
at rimrafSync (/home/chas/nodebb/node_modules/rimraf/rimraf.js:295:17)
at /home/chas/nodebb/node_modules/rimraf/rimraf.js:330:5
at Array.forEach (native)
at rmkidsSync (/home/chas/nodebb/node_modules/rimraf/rimraf.js:329:26)
at rmdirSync (/home/chas/nodebb/node_modules/rimraf/rimraf.js:322:7)
at Function.rimrafSync [as sync] (/home/chas/nodebb/node_modules/rimraf/rimraf.js:293:9)
at /home/chas/nodebb/src/meta/templates.js:50:10
at /home/chas/nodebb/src/plugins.js:174:5
at /home/chas/nodebb/node_modules/async/lib/async.js:52:16
9/9 11:27 [5046] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised.
9/9 11:27 [5046] - info: [app] Database connection closed.

net.js:1233
throw new Error('Not running');
^
Error: Not running
at Server.close (net.js:1233:11)
at shutdown (/home/chas/nodebb/app.js:400:36)
at process.<anonymous> (/home/chas/nodebb/app.js:177:3)
at process.EventEmitter.emit (events.js:95:17)
at process._fatalException (node.js:272:26)
[cluster] Child Process (5046) has exited (code: 7, signal: null)
[cluster] Spinning up another process...

i dont know what the cause is, but its when i start using sudo commands to fix errors with npm or the upgrade. It just works after i run Sudo. i had the same problem on my old machine aswell. I must be doing something wrong! because it used to work.

heres what i get now with a normal ./nodebb dev, if i run with sudo it works fine.

9/9 11:27 [5056] - info: Initializing NodeBB v0.8.1
9/9 11:27 [5056] - verbose: * using configuration stored in: /home/chas/nodebb/config.json
9/9 11:27 [5056] - verbose: * using redis store at 127.0.0.1:6379
9/9 11:27 [5056] - verbose: * using themes stored in: /home/chas/nodebb/node_modules
^Cchas@vps192892:~/nodebb$ 9/9 11:27 [5056] - verbose: Checking dependencies for outdated modules
9/9 11:27 [5056] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised.
9/9 11:27 [5056] - info: [app] Database connection closed.
9/9 11:27 [5056] - error: Error: Not running
at Server.close (net.js:1233:11)
at process.shutdown (/home/chas/nodebb/app.js:400:36)
at process.EventEmitter.emit (events.js:92:17)
at Signal.wrap.onsignal (node.js:757:46)
Error: Not running
at Server.close (net.js:1233:11)
at process.shutdown (/home/chas/nodebb/app.js:400:36)
at process.EventEmitter.emit (events.js:92:17)
at Signal.wrap.onsignal (node.js:757:46)
9/9 11:27 [5056] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised.
9/9 11:27 [5056] - info: [app] Database connection closed.

net.js:1233
throw new Error('Not running');
^
Error: Not running
at Server.close (net.js:1233:11)
at shutdown (/home/chas/nodebb/app.js:400:36)
at process.<anonymous> (/home/chas/nodebb/app.js:177:3)
at process.EventEmitter.emit (events.js:95:17)
at process._fatalException (node.js:272:26)

I always mess up the upgrades, when npm update errors, i always give up and do sudo npm update, and then i probably do sudo nodebb upgrade...

and now im in the same mess as before where ./nodebb dev fails but sudo ./nodebb dev works fine.

does anyone know how i can get back to using nodebb without sudo?

Yeh its fixed in latest

Ahh someone beat me to it! glad to see it being looked into thanks @julian