Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
izone
Involved
Involved


Joined: Sep 07, 2004
Posts: 354
Location: Sweden

PostPosted: Sun Jun 19, 2005 4:20 pm Reply with quote

Hi

I am using attachment mod in my phpnuke forums and everythigs works fine. The only strange thing that dosn't works fine is when somebody attach a file with extension .rar and other wants to get this file it give you a file named "module.php" or sometimes as "module.html" insted of FILENAME.rar !!!

Does anyone please know what is wrong!!!

I am using ver. 2.3.11 now and I had the same problem with older ver.

Best Regards
 
View user's profile Send private message
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Sun Jun 19, 2005 4:48 pm Reply with quote

The module is specifically designed to prevent people from attaching .php .html and other executable (by your server) files as a security measure to ensure that code cannont be arbitrarily executed by your website.

This is a critical security feature!

Without it, a hacker could use the attach mod feature to have your website do something like wipe out all of your files, or worse, give him super user permissions where he could do even more damage.

There are a list of permissioned file types and a control panel to manage what types of files are restricted/approved in your forums admin screen.

Users should always ZIP or RAR files for security reasons.

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
izone
PostPosted: Sun Jun 19, 2005 4:58 pm Reply with quote

64bitguy, thanks


But in the panel the RAR file is approved allready. zip too.

When you click on the attached file and it is a .rar file it gives you a module.php file. Do you know why?
 
64bitguy
PostPosted: Sun Jun 19, 2005 6:14 pm Reply with quote

Can you point me to where you are seeing this.

Feel free to PM it to me if you want.

Thanks
 
izone
PostPosted: Sun Jun 19, 2005 6:29 pm Reply with quote

64bitguy,

I sent you a pm now.

Thanks for helping.
 
64bitguy
PostPosted: Sun Jun 19, 2005 6:36 pm Reply with quote

Hi

I checked all of the attachments in that thread. I didn't have any problems with any of them.

What exactly is it doing when you click on the attachment?
 
CurtisH
Life Cycles Becoming CPU Cycles


Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI

PostPosted: Sun Jun 19, 2005 7:41 pm Reply with quote

I think this issue happens when people use older versions of IE

I had reports of this before as well and was able to duplicate the issue when using an older version of IE

_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe 
View user's profile Send private message Visit poster's website Yahoo Messenger
izone
PostPosted: Mon Jun 20, 2005 3:24 am Reply with quote

64bitguy,

Yes. When I click on a attached RAR-file. And I've asked around others if they have this problem and some have and other don't. Just like you and me. Strange, isn't it?

CurtisHancock,

Thank but my ver. of IE is 6.0. and I have latest windows update. I thougt that maybe at my work it happen because of we have router and firewall. But the same thing happen at home too.

Ok it maybe is one of those mysteries of my life Smile

Thank you both for helping so quick and so well.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©