[UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

[hfhs72]

Isn't Mamboboard a better option for you? That is supposed to be (I never used it) the Mambo offshoot of Simpleboard. Simpleboard development has been stopped, so sooner or later you will run into troubles.

Yes, you are correct. I downloaded the latest version of MamboBoard (14RC2) and installed it as a component. Here are the instructions so you do not loose your data.

This is for Mambo 4.5.4 however, it should work for 4.5.2 and 4.5.3h as well.

Backup your Mambo files and your Mambo Database
Install MamboBoard as a component.
Do not upgrade the database after the installation. (Note: MB uses the same Simpleboard mos_sb_* tables)
Go into the MamboBoard Configuration and make your changes.
Add a Component Menu Item.
Check your board to make sure it is running correctly. (all folders and messages should be intack)

DO NOT USE THE MAMBO COMPONENT UNINSTALL to uninstall simpleboard

FTP or use CPanel file manager and delete folders:
/administrator/components/com_simpleboard
and
/components/com_simpleboard

Finished.

This will eliminate the SimpleBoard vulnurability from your server.

Note: Simpleboard will still show up under the Mambo Admin Components List. I'm not sure how to get rid of that.

[pmarfell]

Ok.
I have installed the latest JoomlaBoard to replace SimpleBoard. I did it by installing JoomlaBoard and then deleteing the component and administrator files for SimpleBoard. I assume it is suggested to do it this way so that the database tables are not removed and all the old postings are still visible. It has worked but I still have a SimpleBoard entry in the Components menu option of the back-end. Can this be removed easily or is it not worth the bother? Is it a simple matter of removing the entry in jos_components table?

[Tonie]

Basically, yes. You can remove the line from that table. It will be gone from the administrator backend.

[andresumana]

one of my server has been haked in the last month, so i take all the precautions and apply all the patches and the new versions of the components. when i installed the last version of joomla the patch askme to turn on register globlas off so i didit in every server i had
but for one of my servers is necesary the forum and the pony gallery to work but is imposible whit this configuration. the joomblaboard simply dont work, no show of errors, the ponygallery either
when i put the register global "on" every thing works ok

what to do with the message of Joomla! RG_EMULATION setting is `ON` instead of `OFF` in file globals.php  that the version 1.0.11 is showing me?

now what should i do?? my server is on risk?

[Tonie]

Get ready to do some reading. Some code changes to Joomlaboard are mentioned in the thread.

[Hellbound]

I have a website hacked by the same guy today,
but it is not using simpleboard,
what should be change? I can't find where he did a offending code to fix it and I don't know which log on server I must look,

I appreciate your help to get this website back online.

thanks