subject:"Re\: \[PHP\] Looking for security annoucements"

Re: [PHP] Looking for security annoucements

2001-11-09 Thread Jimmy


1.4.0 was hacked, but just for fun on tuesday, on wednesday I upgraded to
1.4.2 and it was hacked by another hacker in the night!!!

I looked at the 1.4.2 for my customization, and this morning at the 1.4.4
and saw that even basic security holes are not fixed. The project team is
working on the 2.0 so I think the release is not serious.

I spent all the day to recover the defaced topics and texts, now I gonna
backup and think to another solution...

Thanks for the reply anyway,

Jimmy

-Message d'origine-

De : Mark Roedel [mailto:[EMAIL PROTECTED]]

Envoyé : vendredi 9 novembre 2001 15:22

À : Jimmy; [EMAIL PROTECTED]

Objet : RE: [PHP] Looking for security annoucements



> -Original Message-

> From: Jimmy [mailto:[EMAIL PROTECTED]]

> Sent: Friday, November 09, 2001 2:41 AM

> To: [EMAIL PROTECTED]

> Subject: Re: [PHP] Looking for security annoucements

>

>

> I'm running phpBB not phpNuke and I'm subcribed to Buftraq,

> hope the others are more helpful for me...

What version of phpBB? I know there were a number of security fixes in

the last few releases (current looks to be 1.4.4)...



---

Mark Roedel | "Blessed is he who has learned to laugh

Systems Programmer | at himself, for he shall never cease

LeTourneau University | to be entertained."

Longview, Texas, USA | -- John Powell




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Looking for security annoucements

2001-11-09 Thread Mark Roedel


> -Original Message-
> From: Jimmy [mailto:[EMAIL PROTECTED]] 
> Sent: Friday, November 09, 2001 2:41 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] Looking for security annoucements
> 
> 
> I'm running phpBB not phpNuke and I'm subcribed to Buftraq, 
> hope the others are more helpful for me...

What version of phpBB?  I know there were a number of security fixes in
the last few releases (current looks to be 1.4.4)...


---
Mark Roedel |  "Blessed is he who has learned to laugh
Systems Programmer  |   at himself, for he shall never cease
LeTourneau University   |   to be entertained."
Longview, Texas, USA|   -- John Powell 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Looking for security annoucements

2001-11-09 Thread Jimmy


I'm running phpBB not phpNuke and I'm subcribed to Buftraq, hope the otehrs
are more helpful for me...

Jimmy




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Looking for security annoucements

2001-11-08 Thread Brian Clark


@ 2:14:00 AM on 11/9/01, Brian Clark wrote:

>> I'm running a PHP/mySQL site which has been hacked twice this week
>> :-(((

>> I'm not so bad at security but I don't know any active resource to
>> be aware of hole in PHP and/or MySQL, which forum/newsgroup/list
>> wouldbe advice?

> Would you happen to be running PHP-Nuke?

Gotta go - Nevertheless, these are must reads:





You also might want to subscribe to Bugtraq:



There was a PHP-Nuke advisory dated Nov 8 on Bugtraq: "Copying and
Deleting Files Using PHP-Nuke"

And if you do run PHP-Nuke:




(Not sure what happened to that site, but they used to have `Topics'
with security announcements. Looks like a ghost town..)

--
 -Brian Clark | PGP is spoken here: 0xE4D0C7C8
  Please, DO NOT carbon copy me on list replies.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Looking for security annoucements

2001-11-08 Thread Jochen Kächelin


Am Freitag, 9. November 2001 08:14 schrieb Brian Clark:
> Hi Jimmy,
>
> @ 2:08:09 AM on 11/9/01, Jimmy wrote:
> > I'm running a PHP/mySQL site which has been hacked twice this week
> >
> > :-(((
> >
> > I'm not so bad at security but I don't know any active resource to
> > be aware of hole in PHP and/or MySQL, which forum/newsgroup/list
> > wouldbe advice?
>
> Would you happen to be running PHP-Nuke?

Perhaps this would help a bit:

http://softwaredev.earthweb.com/script/article/0,,12063_918141,00.html

-- 
WA-P: Programmierung - Beratung - Hosting
Stuttgarter Strasse 3 - D-73033 Göppingen
http://internet.wa-p.de - [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Looking for security annoucements

2001-11-08 Thread Brian Clark


Hi Jimmy,

@ 2:08:09 AM on 11/9/01, Jimmy wrote:

> I'm running a PHP/mySQL site which has been hacked twice this week
> :-(((

> I'm not so bad at security but I don't know any active resource to
> be aware of hole in PHP and/or MySQL, which forum/newsgroup/list
> wouldbe advice?

Would you happen to be running PHP-Nuke?

--
 -Brian Clark | PGP is spoken here: 0xE4D0C7C8
  Please, DO NOT carbon copy me on list replies.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Looking for security annoucements

RE: [PHP] Looking for security annoucements

Re: [PHP] Looking for security annoucements

Re: [PHP] Looking for security annoucements

Re: [PHP] Looking for security annoucements

Re: [PHP] Looking for security annoucements

6 matches

Site Navigation

Mail list logo

Footer information