Support Forums - All Posts - XOOPS Web Application System

Forum Index

Board index » All Posts

Bottom

« 1 ... 27239 27240 27241 (27242) 27243 27244 27245 ... 29422 »

272411

Re: ShortURLs hack

2004/2/14 14:02
reynaldo
Not too shy to talk
Posts: 106
Since: 2004/2/13

tms_hide:

You are right!
I forgot to include the RewriteEngine on line

I uploaded a corrected version to my server.

Topic | Forum

272412

Re: EMERGENCY: security hole of Agenda-X

2004/2/14 13:56
sum
Just popping in
Posts: 10
Since: 2002/11/12

Yesterday, it was posted in the forum that the site of SourceForge.JP had been cracked.
http://sourceforge.jp/forum/forum.php?forum_id=4153
(Japanese)
There was no report to XOOPS japan team before this notice.
And it was making abruptly public for the user.

When this notice was received and the investigation began,
the security hole remained in the corrected one the other (Reported to the vender),
and there must be a possibility that contents have already been falsified by using this hole (1.2.1 former).
Therefore, the post to the XOOPS community had been performed
before information finished being settled.

Being possible to say now,

1. Isolate a pertinent module from web browsers more temporarily than accessible places.
2. Confirm whether there are signs that the cracking was tried to the access log.
3. If signs are discovered, you must confirm whether contents are falsified at once.
(In this case, you must examine the interruption of temporary service.)
4. If it can be confirmed not to be falsified, the service is restarted with a pertinent module isolated.
5. Please wait for the continued information.

Topic | Forum

272413

Re: EMERGENCY: security hole of Agenda-X

2004/2/14 13:49
wjue
Quite a regular
Posts: 315
Since: 2002/8/3 7

Non, Monsieur !

I just have some non related problems with my registrar.

And all my sites will be back online next week.

wjue

Quote:

DonXoop wrote:
This explains why the author's own site has been down for a few days.

Topic | Forum

272414

Re: EMERGENCY: security hole of Agenda-X

2004/2/14 13:43
wjue
Quite a regular
Posts: 315
Since: 2002/8/3 7

I agree, scarring people in this manner is not a professional practice.

The security problem mentionned here occur only if your PHP have register_global set to ON and "remote include" also set to on, "remote include" often causing security risk is well known. The latest version (1.2.2) I released is sufficiently safe. Users of 1.2.1 version can also adopte Onokazu's simple patch.

wjue

Quote:

Jan304 wrote:
I'm suprised of this post by GIJOE. I always tought he was posting on a professional way, but this... Scaring people like hell and advicing to remove in place of fixing it. I hope not for own profit...

Check the post by onokazu:
http://www.xoopscube.jp/modules/news/article.php?storyid=195

You might check the Agenda-X 2.0 beta 2 version, I don't think this version has any security flaw.
http://sourceforge.net/project/showfiles.php?group_id=83736&package_id=99635&release_id=215592

And again, if you goto the post by Onokazu there is a fix listed.

Topic | Forum

272415

Re: ShortURLs hack

2004/2/14 13:34
tms_hide
Just popping in
Posts: 1
Since: 2004/2/14

>>catalin
I was in just same situation.
But, when I turned on "RewriteEngine" and altered .htancess
,I could resolove NOT FOUND error.
This .htancess script is I altered..


# -FrontPage-

[b][color=FF0000]RewriteEngine on [/color][/b]



IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*



RewriteRule ^topic([0-9]+).html$ loadpage.php [L]



RewriteRule ^article([0-9]+).html$ loadpage.php [L]



RewriteRule ^articles.html$ loadpage.php [L]



RewriteRule ^user([0-9]+).html$ loadpage.php [L]



RewriteRule ^submit.html$ loadpage.php [L]



RewriteRule ^archive.html$ loadpage.php [L]



RewriteRule ^sections.html$ loadpage.php [L]



RewriteRule ^partners.html$ loadpage.php [L]



RewriteRule ^$ loadpage.php [L]

Topic | Forum

272416

Re: Background image

2004/2/14 13:25
philou
Quite a regular
Posts: 384
Since: 2002/5/6 8

you had an other solution....
a little bit complex...

To display different background images to fit visitor's resolution screen
It is simply solved with a javascript resolution test to build the BODY tag on demand
The var use limit this script to be used with internet explorer only
It needs to adapt theme.html in its BODY part :


<SCRIPT LANGUAGE=javascript>

if (screen.height<=600) 

 {

  document.write('< BODY background="imgages/fdacc800.jpg" leftmargin=0topmargin=0bgproperties=fixed>');

 };

if ((screen.height>600)&&(screen.height<=768))

 {

  document.write('< BODY background="imgages/fdacc1024.jpg" leftmargin=0topmargin=0bgproperties=fixed>');

 };

if (screen.height>768) 

 {

  document.write('< BODY background="images/fdacc1280.jpg" leftmargin=0topmargin=0bgproperties=fixed>');

 };

</SCRIPT>

Note : delete space before BODY

Topic | Forum

272417

Re: ShortURLs hack

2004/2/14 13:10
reynaldo
Not too shy to talk
Posts: 106
Since: 2004/2/13

Quote:

shivaji wrote:
Hi:

Thanks a lot, I came to know about this thread from sunrapper! I am still running my site on 2.05 :(. I will keep you posted soon i upgrade my site to 2.06.

Shivaji, I didn't say it requires 2.06 to work, I said I tested it on 2.06, and I don't think 2.05 would be too different to 2.06, so maybe you can test it without upgrading.

Topic | Forum

272418

Re: ShortURLs hack

2004/2/14 13:08
reynaldo
Not too shy to talk
Posts: 106
Since: 2004/2/13

Quote:

carnuke wrote:
Hi reynaldo

I noticed that this is your first post, so welcome to the forums This is an awsome first post!

Thanks!

Quote:

I just want to say thatnk-you for sharing this important addition to the XOOPS system.

I just found XOOPS four days ago and I really like the way it works, lightning fast and it is so intuitive. I'm not using it as much as I would like because I would need a multisites CMS

Quote:

I have not yet installed or tried this hack, but it looks very useable. Ultimately it would be required module wide, or at least the major modules as you have already done. I would personally like to see it working for WFsectins as most of my site is built around this. Maybe you can do this in time?

I'll try as soon as I have a few minutes available

Quote:

Thanks again Richard

You're welcome!

Topic | Forum

272419

Re: ShortURLs hack

2004/2/14 13:04
reynaldo
Not too shy to talk
Posts: 106
Since: 2004/2/13

Catalin:

Just to be clear, for this hack to work, it requires Apache to be compiled with the RewriteEngine module.

If this is not your case, check to make sure you uploaded/appended the .htaccess file I included.

I can help you to get the hack working, just let me know the next time you try

Topic | Forum

272420

Re: Yahoo_taste theme?

2004/2/14 13:01
philou
Quite a regular
Posts: 384
Since: 2002/5/6 8

hi ...

I'm the webmaster of xoops-themes.org.. and yes it's a french web site but I have put an exclusive forum for english language

Post any inquery and I'll be happy to give answers....

Topic | Forum

Top

« 1 ... 27239 27240 27241 (27242) 27243 27244 27245 ... 29422 »

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: ShortURLs hack

Re: EMERGENCY: security hole of Agenda-X

Re: EMERGENCY: security hole of Agenda-X

Re: EMERGENCY: security hole of Agenda-X

Re: ShortURLs hack

Re: Background image

Re: ShortURLs hack

Re: ShortURLs hack

Re: ShortURLs hack

Re: Yahoo_taste theme?

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}