IPS has released a large number of security updates for IPB3, which fix many XSS vulnerabilities and SQL injections. The unpatched forum software basically gives full server access. Database and files. And infects our computers.
https://community.invisionpower.com/blogs/entry/9735-ipboard-33x-34x-and-ipnexus-159-security-update/
https://community.invisionpower.com/blogs/entry/9729-ipboard-33x-34x-security-update/
https://community.invisionpower.com/blogs/entry/9727-ipboard-33x-34x-security-update/
https://community.invisionpower.com/blogs/entry/9726-ipboard-33x-34x-security-update/
https://community.invisionpower.com/blogs/entry/9720-ipboard-33x-34x-security-update/
There are a bunch more.
best would be to update the site to the latest version:
https://community.invisionpower.com/blogs/entry/9732-introducing-ips-community-suite-4/
If that's not possible then at least to the last 3.4 version.
Guys,
If you had downloaded this file and your OS is Windows or Linux please read these instructions: https://blog.mozilla…nd-in-the-wild/
It's recommended to change passwords in all FTP programs, and passwords for programs like PSI, MySQL etc.
We will update IPB within this week. At the moment there are no malicious scripts on the forum.
Thanks for the update.