Alf wrote:
> This is the reason why I didn't wanna volunteer to install UBB for you
> guys. The responsilibity of having it secure..
Whatever reasons that you may have, you should have
voiced them out. I have said this again and again and I
will repeat it now,
You are all individuals, not followers. If you notice a
problem, please tell us, better still please solve it.
Keeping quiet is not going to solve the problem.
> This is only 2 of the secuity loopholes in UBB. They are not really
> loopholes but POSSIBLE loop holes.. I've yet to hunt them all out and
> would feedback when I've more..
That will be great. Please do keep us updated.
> UBB was quite sloppily written and requires patching and constant
> monitoring. CGI-Wrapping and 750 solves the problem usually.
Can you advise us on the patching required and the kind of
constant monitoring?
>
>
> Elvin
> -
> On Mon, 11 Oct 1999, Caleb wrote:
>
> > Date: Mon, 11 Oct 1999 08:10:28 +0800
> > From: Caleb <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> >
> > Hi Eugene & All,
> >
> > Urm not very sure about this, I was following the instructions from UBB at
> > http://www.ultimatebb.com/home/firsttimeinstall.shtml
> >
> > They said to "Set your CGI Directory to 755. Within the CGI directory, set
> > all
> > files to 755, except for the variable files (mods.file, Styles.file,
> > UltBB.setup and forums.cgi), which should be set to mode 777."
> >
> > I'll see what i can dig up in the meantime..
> >
> > Caleb
> >
> > ----- Original Message -----
> > From: Eugene Teo <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: Caleb <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Monday, October 11, 1999 12:47 AM
> > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> >
> >
> > >
> > > Hmm is there a need to make the UBB configuration files chmod 777??
> > > and our webserver is running as nobody. hmmmm.
> > >
> > > --
> > > main(i){putchar(182623909>>(i-1)*5&31|!!(i<7)<<6)&&main(++i);}
> > > [EMAIL PROTECTED] - http://linux.com.sg/~amnesia/
> > >
> > > "WinError FFF: Ran out of memory for more error messages."
> > >
> > >
> > > On Mon, 11 Oct 1999, Eugene Teo wrote:
> > >
> > > >
> > > > Oh yes, please do make sure that UBB doesn't pose a security risk. Thank
> > > > you. I will update you and the list if there is something that i
> > > > discovered doesn't seem right. Join you in 3-4 weeks time.
> > > >
> > > > --
> > > > main(i){putchar(182623909>>(i-1)*5&31|!!(i<7)<<6)&&main(++i);}
> > > > [EMAIL PROTECTED] - http://linux.com.sg/~amnesia/
> > > >
> > > > "WinError FFF: Ran out of memory for more error messages."
> > > >
> > > >
> > > > On Mon, 11 Oct 1999, Ng Kai Hoe Raymond wrote:
> > > >
> > > > > Caleb wrote:
> > > > >
> > > > > > Hi Raymond, Ok the board's up. Here are the details: Board
> > Location -
> > > > > > http://www.linux.com.sg/cgi-bin/ubb/Ultimate.cgiAdministrator's
> > Area -
> > > > > > http://www.linux.com.sg/ubb/cp.html Username :
> > > > >
> > > > > Caleb and guys,
> > > > >
> > > > > All thanks to Caleb that we have the forum working.
> > > > > Please advice us whether we need to pay anyone money.
> > > > >
> > > > > The next step is to plan the kind of forums and users
> > > > > policies that go with it. Let me make a few recommendations,
> > > > > you can choose to fire it down, and please do feel free
> > > > > to add on to my list.
> > > > >
> > > > > 1) Forget about the registrations, I do not want others to have
> > > > > a barrier to entry to our forum. If they choose to post as
> > > > > anonymous, let them do so. Caleb, is there any way to do it?
> > > > >
> > > > > 2) I suggest that we set some automatic mechanism to post
> > > > > mails to lug-list and slugnet to be automatically posted to
> > > > > one of the forum (or 2). That forum will act as an archive for
> > > > > all the mails to slugnet and lug-list. It will also act as a showcase
> > > > > for people who are not on those lists. Who wants to practise
> > > > > their scripting and sendmail capabilities? give you a hint, use
> > > > > .forward and pipe (yes, that is the word) the mail to a script
> > > > > which will post to the forum. When that script is up, the system
> > > > > does its own posting.
> > > > >
> > > > > 3) We will create 3 folders first. 1 for general discussion, technical
> > > > > support, 1 for archiving slugnet's emails, 1 for archiving lug-list's
> > > > > emails. Any additional folders (eg FreeSWAN, Security) can be
> > > > > created on demand and need.
> > > > >
> > > > > That is all for now. Anyway, thanks Caleb, that is good work which
> > > > > you have done there.
> > > > >
> > > > > Can someone write the Singapore Linux Portal's pages into a
> > > > > CDROM? I guess I will be buying a CDR soon.
> > > > >
> > > > > --
> > > > > -------------------------------------------------------------
> > > > > Ng Kai Hoe Raymond Pager : 92279944 ICQ UIN : 4878260
> > > > > Manager, Research and Development, Telford Solutions
> > > > > Editor, Singapore Linux Portal http://linux.com.sg
> > > > > Email : [EMAIL PROTECTED] / [EMAIL PROTECTED]
> > > > > PGP Public Key : http://linux.com.sg/~ngkaihoe/ngkaihoe.txt
> > > > >
> > > > > 'This has given me the greatest trouble and still does: to realize
> > > > > that what things are called is incomparably more important than what
> > > > > they are.'
> > > > > - Friedrich Wilhelm Nietzsche, "The Gay Science"
> > > > >
> > > > >
> > > > >
> > > >
> > >
> > >
> >
--
Ng Kai Hoe Raymond
Email : [EMAIL PROTECTED] / [EMAIL PROTECTED]
Manager, R&D, Research and Development, Telford Solutions
Editor, Singapore Linux Portal, http://linux.com.sg
