close

Privacy guaranteed - Your email is not shared with anyone.

It's a shame....

Discussion in 'Announcements & Support' started by robomanusa, Apr 22, 2004.

  1. robomanusa

    robomanusa

    Messages:
    278
    Likes Received:
    0
    Joined:
    Mar 26, 2004
    Location:
    S.W. OHIO
    It's a shame the hacker had to target all the visitors/members of glocktalk. This is a fantastic site where a wealth of information can be shared and the members are all great folks willing to share that information.

    Hopefully with the latest release of Vbulletin that particular security hole has been fixed so that it cannot be used again....One thing to keep in mind though, the template files only need to be writeable by the webserver daemon if your wishing to alter the templates via the admin area.

    Eric has the ability since it's his own server to cut the permissions back on all files to only be readable and not world writeable that would have prevented this from happening. Hoepfully this has been a lesson learned and will never happen to this wonderful community again.

    Remember the permissions, and get them cut back to only whats absolutely needed, and nothing more!
     
  2. Patricia

    Patricia Wild at heart CLM Millennium Member

    Messages:
    3,399
    Likes Received:
    0
    Joined:
    Apr 5, 1999
    Location:
    Flagstaff, AZ
    I don't really think GT was specifically targeted. It is sad and pathetic that people out there get their jollies from doing stuff like this.

    Eric is extremely security orientated and I know he will make every possible effort to make sure this does not happen again.
     

  3. robomanusa

    robomanusa

    Messages:
    278
    Likes Received:
    0
    Joined:
    Mar 26, 2004
    Location:
    S.W. OHIO
    Yes, it is pretty pathetic, I went through this same thing about a year ago on my server with and older version of yabbse. And after fixing the problems created by the hole and searching thru the yabbse code come to find out there was no error checking or ereg's anywhere in there scripts, which would allow for some nasty URL Injection, thank god they got some new authors writing there scripts for them now.