Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> v2.30.01 RN Security Issues
Author Message
kingtas
New Member
New Member



Joined: Apr 13, 2009
Posts: 12

PostPosted: Thu May 21, 2009 1:20 pm Reply with quote

Hey, I have an SMF forum that was hacked. After researching it, I found this turd has been creating accounts and uploading an avatar with malicious php code that inserts intself in all php files on the site.

Is Raven nuke prone to this or would sentinal take care of it? Should I disable uploading avatars and attachments? What about remote avatars?

I already blocked his IP in Sentinal and also in htaccess.

Thanks.
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu May 21, 2009 4:40 pm Reply with quote

I would suggest disabling uploading for security reasons. I don't use them myself
Remote avatars are slightly less risk, but could expose your users to cross-site scripting issues.

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
kingtas







PostPosted: Thu May 21, 2009 5:43 pm Reply with quote

Ok, that's what I'll do. Thanks.
 
duck
Involved
Involved



Joined: Jul 03, 2006
Posts: 273

PostPosted: Thu May 21, 2009 11:39 pm Reply with quote

I tend to favour the otherway actually. I don't trust the remotes. I prefer to hostem myself where I can manipulae em and check em if need be. Some simple excersise to reduce risk is renameing the Avatar, checking img info and or setting it to approve before available.storing temporarily outside of root till done so. Those steps alone should be suficient to ward most attacks,

Sorry grammer and spelling bad but I am on medicaton at the moment and am a litle disfunctional
 
View user's profile Send private message
evaders99







PostPosted: Sat May 23, 2009 1:00 am Reply with quote

Let's just say, if they are on my server then I care - more than I care if its code infecting someone else's server Smile
 
duck







PostPosted: Sat May 23, 2009 1:11 am Reply with quote

Well when its on someone elses server it can include code to steal your login info which when you're viewing it is not good so it can still be dangerous. Course I guess your are still limiting the types of vulnerabilities that can be executed that way. Coding true images to be dangerous is very difficult stuff and not something your typical script kiddie is usually capable of.
 
sexycoder
Spammer and overall low life



Joined: Feb 02, 2009
Posts: 82

PostPosted: Tue Jun 02, 2009 10:35 pm Reply with quote

I agree with evaders99

Quote:
I would suggest disabling uploading for security reasons


This option should never be able. That happens when you dont make nice avatars availables on your own server. Wink
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> v2.30.01 RN Security Issues

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©