Re: AW: AW: ANN: GLX2 3.05

2012-06-19 Thread Bernard Devlin
I never use FTP to communicate with a server. I will either use webdav (over https) or scp or a ssh tunnel (I seem to remember FTP cannot be tunnelled over ssh, but it seems ridiculous that it cannot). Even on windows, putty can do secure file transmission. If we IT professionals don't insist on

Re: AW: AW: ANN: GLX2 3.05

2012-06-18 Thread Bob Sneidar
Oh good to know! Thanks. Bob On Jun 15, 2012, at 4:44 PM, Andre Garzia wrote: > you can always take back your votes after the feature is implemented. At > any moment you can reorganize them. > > > On Fri, Jun 15, 2012 at 5:18 PM, Bob Sneidar wrote: > >> So, if a feature request or bug fix

Re: AW: AW: ANN: GLX2 3.05

2012-06-15 Thread Andre Garzia
you can always take back your votes after the feature is implemented. At any moment you can reorganize them. On Fri, Jun 15, 2012 at 5:18 PM, Bob Sneidar wrote: > So, if a feature request or bug fix is implemented, do I get my votes back? > > Bob > > > On Jun 15, 2012, at 1:02 PM, stephen barnc

Re: AW: AW: ANN: GLX2 3.05

2012-06-15 Thread Bob Sneidar
So, if a feature request or bug fix is implemented, do I get my votes back? Bob On Jun 15, 2012, at 1:02 PM, stephen barncard wrote: >> 154 votes and counting... > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url t

Re: AW: AW: ANN: GLX2 3.05

2012-06-15 Thread stephen barncard
I agree with Richard. For On-Rev and Livecode to be considered a truly professional service, secure connections are a must-have. After several hacking incidents at *Dreamhost* I switched over to SFTP, updated Wordpress and Gallery2, and changed my control panel and SFTP password and I've had no mo

Re: AW: AW: ANN: GLX2 3.05

2012-06-15 Thread Richard Gaskin
Andre Garzia wrote: This usually happens once one of two things happens: 1 - you have a compromissed FTP account. Maybe one collaborator lost your FTP account or an infected machine is harvesting them from your HD (more common on windows). Something caused the FTP account to be compromissed,

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread Mark Wieder
Andre- Looking over my logs last week I discovered that it came in via ftp. I have always had anonymous ftp disabled, so it's not that. Three separate attacks from different ip addresses on different days, each one the same code injection of a javascript iframe block within a container of

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread J. Landman Gay
Thanks Andre, that helps. I think I'm safe. I'll keep the filetype function around for the future though. That's a nice thing to know about. On 6/14/12 10:46 PM, Andre Garzia wrote: Jacque, This usually happens once one of two things happens: 1 - you have a compromissed FTP account. Maybe

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread Andre Garzia
Jacque, This usually happens once one of two things happens: 1 - you have a compromissed FTP account. Maybe one collaborator lost your FTP account or an infected machine is harvesting them from your HD (more common on windows). Something caused the FTP account to be compromissed, after that the h

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread J. Landman Gay
On 6/14/12 8:58 PM, stephen barncard wrote: these guys would pack a string of URLEncoded PHP code with no white space into a global, then decode and call it. It was usually placed at the bottom of one's document. It's still not clear to me how they did this. The security snafu was a year ago a

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread stephen barncard
these guys would pack a string of URLEncoded PHP code with no white space into a global, then decode and call it. It was usually placed at the bottom of one's document. sqb On Thu, Jun 14, 2012 at 6:39 PM, Andre Garzia wrote: > On Thu, Jun 14, 2012 at 10:20 PM, Mark Wieder >wrote: > > > ??? Wh

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread Andre Garzia
On Thu, Jun 14, 2012 at 10:20 PM, Mark Wieder wrote: > ??? What possible good would changing the filetype be? Fortunately all > my .irev files are in cgi-bin lockers or otherwise inocuous, but I > can't imagine why someone would program a bot to change a non-php file > to a php type. Just in case

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread Mark Wieder
Jacque- Thursday, June 14, 2012, 1:53:51 PM, you wrote: > How does this stuff happen? Does a site require php or wordpress or > something for the hack to work? I thought an irev page was immune. Well, I remember there *was* a security breach at on-rev a while back. I didn't think much of it at t

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread Mark Wieder
stephen- Thursday, June 14, 2012, 12:28:27 PM, you wrote: > I use that google thing too and still found code that wasn't mine and an > .irev file whose name was changed to a .php type. ??? What possible good would changing the filetype be? Fortunately all my .irev files are in cgi-bin lockers or

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread stephen barncard
which of course necessitates this link be repeated: LITTLE BOBBY TABLES On Thu, Jun 14, 2012 at 2:09 PM, Bob Sneidar wrote: > I think it is immune, until someone gets in the front door. Then all bets > are off. I had an ex-employee who was able to hack into the databas

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread Bob Sneidar
I think it is immune, until someone gets in the front door. Then all bets are off. I had an ex-employee who was able to hack into the database of most PHP enabled sites, because people who set them up do not know how to harden them. He demonstrated this on more than one occasion. Others have rep

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread J. Landman Gay
On 6/14/12 2:28 PM, stephen barncard wrote: I use that google thing too and still found code that wasn't mine and an .irev file whose name was changed to a .php type. I resorted to sorting files by date and scanning each one. I hate this crap. How does this stuff happen? Does a site require p

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread stephen barncard
I use that google thing too and still found code that wasn't mine and an .irev file whose name was changed to a .php type. I resorted to sorting files by date and scanning each one. I hate this crap. On Thu, Jun 14, 2012 at 8:34 AM, Mark Wieder wrote: > Tiemo- > > Thursday, June 14, 2012, 2:41:

Re: AW: AW: ANN: GLX2 3.05

2012-06-14 Thread Mark Wieder
Tiemo- Thursday, June 14, 2012, 2:41:04 AM, you wrote: > Same with me Well, the site *has* been cleaned and locked down, and I've requested Google to review it again (thanks Mike). I looked at Google's report this morning and it says "Google has not detected any malware on this site." -- -Mark

AW: AW: ANN: GLX2 3.05

2012-06-14 Thread Tiemo Hollmann TB
Same with me > -Ursprüngliche Nachricht- > Von: use-livecode-boun...@lists.runrev.com [mailto:use-livecode- > boun...@lists.runrev.com] Im Auftrag von Mike Bonner > Gesendet: Mittwoch, 13. Juni 2012 00:04 > An: How to use LiveCode > Betreff: Re: AW: ANN: GLX2 3.05 > > I still get it too,