Welcome Guest Search | Active Topics | Log In | Register

Yet Another Forum.NET » YAF Forum Discussions » YAF Announcements » Downtime

Downtime Options · View
Previous Topic · Next Topic
Jaben
#1 Posted : Saturday, September 08, 2007 11:30:12 AM

Rank: YAF Head Dude



Joined: 10/10/2004
Posts: 2,761
Location: Honolulu, HI
Sorry folks... that was actually due to a bug in YAF ip banning. Nothing to do with hacking.

Also, my initial thoughts about the breakin: my machinekey (for encoding viewstate) was the same as the distributed YAF release v1.9.1 (in the .config). So they were figuring out a way to manipulate the view state and then post it.

Obviously, the key is no longer the one distributed and I strongly suggest everyone generate their OWN key for their web.config file, just in case:

http://www.developmentno...achinekey_generator.aspx
"Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
Back to top
 Report Abusive | Report SPAM | Edit by user: Saturday, September 08, 2007 11:34 AM | Reason: Not specified
rochas
#2 Posted : Saturday, September 08, 2007 12:24:46 PM
Rank: Advanced Member



Joined: 9/6/2007
Posts: 36
Location: Turkiye
Sub forums still not working. I can't browse. Only way to reach here is main page.

Sener KOC
Web Technologist
C#, Asp, MS SQL, CSS, XHTML, Java Script, Photoshop
Back to top
WWW  Report Abusive | Report SPAM
Jaben
#3 Posted : Saturday, September 08, 2007 12:29:58 PM

Rank: YAF Head Dude



Joined: 10/10/2004
Posts: 2,761
Location: Honolulu, HI
please explain... I'm not seeing the issue
"Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
Back to top
 Report Abusive | Report SPAM
rochas
#4 Posted : Saturday, September 08, 2007 12:52:16 PM
Rank: Advanced Member



Joined: 9/6/2007
Posts: 36
Location: Turkiye
When I click this link on the main page..

YAF Announcements (1 Viewing)
Announcements Associated with YAF

this error page show up.

Address : http://forum.yetanotherf...errorpath=/Default.aspx

Forum Error

There has been a serious error loading the forum. No futher information is available.

Please contact the administrator if this message persists.


Try Again
-------------
Sener KOC
Web Technologist
C#, Asp, MS SQL, CSS, XHTML, Java Script, Photoshop
Back to top
WWW  Report Abusive | Report SPAM
rochas
#5 Posted : Saturday, September 08, 2007 12:55:31 PM
Rank: Advanced Member



Joined: 9/6/2007
Posts: 36
Location: Turkiye
I have IIS7 and SQL Server 2005 standart and I'm trying to install YAF-v1.9.1 on my server.

when I try the installing every time I get this error in popup. this is diffrent problem i know.

FILE:
tables.sql

ERROR:
Invalid column name 'Type'

STATEMENT:
IF NOT EXIST(SELECT 1
FROM db.syscolumns
WHERE id= Object_id(N'yaf_EventLog')
AND name = N'Type'
BEGIN
ALTER TABLE dbo.yaf_EventLog
ADD TYPE INT NOT NULL CONSTRAINT DF_yaf_EventLog_Type
DEFAULT(0)
EXEC('update yaf_EventLog set Type=0')
END
Sener KOC
Web Technologist
C#, Asp, MS SQL, CSS, XHTML, Java Script, Photoshop
Back to top
WWW  Report Abusive | Report SPAM
filip_cmr
#6 Posted : Saturday, September 08, 2007 1:26:49 PM

Rank: YAF Lover




Joined: 2/13/2006
Posts: 44
Location: Romania
[quote=Jaben]Sorry folks... that was actually due to a bug in YAF ip banning. Nothing to do with hacking.

Also, my initial thoughts about the breakin: my machinekey (for encoding viewstate) was the same as the distributed YAF release v1.9.1 (in the .config). So they were figuring out a way to manipulate the view state and then post it.

Obviously, the key is no longer the one distributed and I strongly suggest everyone generate their OWN key for their web.config file, just in case:

http://www.developmentno...chinekey_generator.aspx[/quote]. And by the way, why do you use a custom machine key ? The only one time I need to use that was when I wrote an aplication wich run on a cluster and I need to pass authentication ticket to several distinc machines.

Then is even simple. The macjinekey is usedto encript the authentication tichet they don't need to manipulate the view state. They can produce a authentication cookie on theyr machine on whatever user they want and then serve to your site. (I think ....)
http://support.microsoft.com/kb/910443
Back to top
WWW  Report Abusive | Report SPAM
rochas
#7 Posted : Saturday, September 08, 2007 3:01:42 PM
Rank: Advanced Member



Joined: 9/6/2007
Posts: 36
Location: Turkiye
I cant install this forum. this time I try it on another server. give me this eror when install Sad

Cannot add rows to sysdepends for the current object because it depends on the missing object 'yaf_forum_delete'. The object will still be created.
Cannot add rows to sysdepends for the current object because it depends on the missing object 'yaf_topic_delete'. The object will still be created.
Cannot add rows to sysdepends for the current object because it depends on the missing object 'yaf_user_upgrade'. The object will still be created.
Cannot add rows to sysdepends for the current object because it depends on the missing object 'yaf_topic_delete'. The object will still be created.
Cannot add rows to sysdepends for the current object because it depends on the missing object 'yaf_topic_updatelastpost'. The object will still be created.
Cannot add rows to sysdepends for the current object because it depends on the missing object 'yaf_topic_updatelastpost'. The object will still be created.
Msg 207, Level 16, State 1, Procedure yaf_nntptopic_savemessage, Line 37
Invalid column name 'VIEWS'.
Msg 207, Level 16, State 1, Procedure yaf_post_list, Line 0
Invalid column name 'VIEWS'.
Msg 207, Level 16, State 1, Procedure yaf_replace_words_delete, Line 7
Invalid column name 'ID'.
Msg 207, Level 16, State 1, Procedure yaf_replace_words_edit, Line 8
Invalid column name 'ID'.
Msg 207, Level 16, State 1, Procedure yaf_replace_words_save, Line 23
Invalid column name 'ID'.
Msg 207, Level 16, State 1, Procedure yaf_topic_active, Line 20
Invalid column name 'VIEWS'.
Msg 207, Level 16, State 1, Procedure yaf_topic_move, Line 23
Invalid column name 'VIEWS'.
Msg 207, Level 16, State 1, Procedure yaf_topic_save, Line 24
Invalid column name 'VIEWS'.
Cannot add rows to sysdepends for the current object because it depends on the missing object 'yaf_user_save'. The object will still be created.
Msg 207, Level 16, State 1, Procedure yaf_user_removepointsbytopicid, Line 13
Invalid column name 'userid'.
Msg 207, Level 16, State 1, Procedure yaf_watchtopic_list, Line 11
Invalid column name 'VIEWS'.
Sener KOC
Web Technologist
C#, Asp, MS SQL, CSS, XHTML, Java Script, Photoshop
Back to top
WWW  Report Abusive | Report SPAM
rochas
#8 Posted : Saturday, September 08, 2007 3:22:57 PM
Rank: Advanced Member



Joined: 9/6/2007
Posts: 36
Location: Turkiye
I solve the problem. its coused by case sensitivity. there is no "VIEWS" column, it must be "Views". and "userid" must be "UserID" in "procedures.sql" file. (But install still not working on my computer. it was diffrent problem.)

anyway tahnk you so much. I think its gonna be best forum in the world!

ohh by the way. Your Turkish languge file have missing words and spelling mistakes. When I finish the web site I will send you.

Cheers!
Sener KOC
Web Technologist
C#, Asp, MS SQL, CSS, XHTML, Java Script, Photoshop
Back to top
WWW  Report Abusive | Report SPAM
skier
#9 Posted : Thursday, October 18, 2007 7:11:40 PM
Rank: Member


Joined: 10/16/2007
Posts: 15
Location: turkey
turkish language file is very interesting.
Open turkish.xml and find this column

<Resources language="English" code="en">

and change

<Resources language="Turkish" code="tr">

Confused
Back to top
WWW  Report Abusive | Report SPAM
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

YAFPro Theme Created by Jaben Cargman (Tiny Gecko)
Powered by YAF 1.9.3 RC1 | YAF © 2003-2008, Yet Another Forum.NET
This page was generated in 0.106 seconds.

SourceForge.net Logo Powered by ASP.NET v2.0 411ASP.NET