1. What happen?
- Posted by Greg Haberek Jul 02, 2008
- 697 views
- Last edited Jul 03, 2008
Jeremy, did you break this forum now, too?
-Greg
2. Re: What happen?
- Posted by Jeremy Cowgar Jul 02, 2008
- 688 views
- Last edited Jul 03, 2008
Jeremy, did you break this forum now, too?
The weird messages? They were XSS hack attempts that failed. Yay!
Jeremy
3. Re: What happen?
- Posted by Gary Shingles Jul 02, 2008
- 694 views
- Last edited Jul 03, 2008
Jeremy, did you break this forum now, too?
The weird messages? They were XSS hack attempts that failed. Yay!
Jeremy
Hi Jeremy
I actually saw the directory listing about half an hour ago. You should check the logs to see if anything sensitive was accessed (ie around the p's).
Cheers Gary
PS Well done with the forums.
4. Re: What happen?
- Posted by Jeremy Cowgar Jul 02, 2008
- 680 views
- Last edited Jul 03, 2008
I actually saw the directory listing about half an hour ago. You should check the logs to see if anything sensitive was accessed (ie around the p's).
Ok. Yes. There is nothing sensitive in there. It's all publically accessable. I took the forum offline in for a very short period of time due to a possible security problem. Someone being able to inject an HTML altert box into a message. The problem was taken care of and the forum was back online pretty quick. I took it off before we had a problem, just since we have been experiencing so much hacker activity here in the last few days
PS Well done with the forums.
Thanks!
Jeremy
5. Re: What happen?
- Posted by Gary Shingles Jul 03, 2008
- 686 views
Ok. Yes. There is nothing sensitive in there. It's all publically accessable. I took the forum offline in for a very short period of time due to a possible security problem. Someone being able to inject an HTML altert box into a message. The problem was taken care of and the forum was back online pretty quick. I took it off before we had a problem, just since we have been experiencing so much hacker activity here in the last few days
Yeah secure CGI is a real mine-field, rather you than me It's a pity we have to worry about such things.
Great Anti-spam questions BTW, let a script figure those out!
Um, as far as the Author Name, how about setting and getting it as a cookie for now?
Gary
6. Re: What happen?
- Posted by Marco Achury Jul 03, 2008
- 696 views
Last times I only check the RSS titles, I was surprised abouth euForum without activity!
The temporal forum looks good, and the antispam question is very nice.
Some time ago I made a comment to Rob about the posibility of unautorized execution of a contributed file. But I never supossed there was a real danger...
Marco A. Achury P