|
Page 2 of 2
|
AvrilBoi
Joined: August 2006
Posts: 45
Location:
|
Re: Hacked
Sorry for this question, but why did you choose to host this site on aruba? It is known that there are better hosting providers... "^_^
|
Share |
#16 Sat 19 Aug, 2006 19:15 |
|
Sponsors
|
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.
|
|
Bicet
Joined: August 2006
Posts: 78
Location: Venice
|
Re: Hacked
Cause it's not so bad until they close the site
|
Share |
#17 Sat 19 Aug, 2006 19:16 |
|
ThE KuKa
Joined: August 2006
Posts: 489
Location: Sabadell
|
Respuesta: Hacked
This not a BUG is a General Support or OFF Topic.
|
Share |
#18 Sat 19 Aug, 2006 20:03 |
|
AvrilBoi
Joined: August 2006
Posts: 45
Location:
|
Re: Hacked
Cause it's not so bad until they close the site
Yeah, but why do you wanna risk to get the site closed one day?
|
Share |
#19 Sat 19 Aug, 2006 20:11 |
|
casimedicos
Joined: August 2006
Posts: 241
Location: Galicia (Spain)
|
Re: Hacked
this is a problem, a lot of users can not modify regsiter globals off
ummmm
|
Share |
#20 Sat 19 Aug, 2006 20:19 |
|
ThE KuKa
Joined: August 2006
Posts: 489
Location: Sabadell
|
Respuesta: Hacked
Use mod_rewrite in your hosting?
|
Share |
#21 Sat 19 Aug, 2006 20:47 |
|
ganesh
Joined: August 2006
Posts: 221
Location: Somewhere... over the Rainbow...
|
Re: Hacked
Here you can't.
In Aruba's Knowledge Base there's an article in which is explained what you can and what you can't put in your .htacces...
|
Share |
#22 Sun 20 Aug, 2006 15:22 |
|
Mighty Gorgon
Luca Libralato
Joined: August 2006
Posts: 7191
Location: Borgo San Michele
|
Re: Hacked
At the moment we have found a fix for the security hole in HACKS LIST.
Since I'm not sure that it is the only problem, I'm testing an emulation of REGISTER_GLOBALS = OFF.
I'm testing this new function here... if it works, this will be added as a new patch.
The function can be found here for all that could be interested in.
http://it.php.net/manual/en/faq.mis...registerglobals
<?php
// Emulate register_globals off
function unregister_GLOBALS()
{
if (!ini_get('register_globals')) {
return;
}
// Might want to change this perhaps to a nicer error
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
die('GLOBALS overwrite attempt detected');
}
// Variables that shouldn't be unset
$noUnset = array('GLOBALS', '_GET',
'_POST', '_COOKIE',
'_REQUEST', '_SERVER',
'_ENV', '_FILES');
$input = array_merge($_GET, $_POST,
$_COOKIE, $_SERVER,
$_ENV, $_FILES,
isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ($input as $k => $v) {
if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) {
unset($GLOBALS[$k]);
}
}
}
unregister_GLOBALS();
?>
____________ Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
|
Share |
#23 Sun 27 Aug, 2006 03:50 |
|
moreteavicar
Joined: August 2006
Posts: 608
Location: Classified
|
Re: Hacked
Here you can't.
In Aruba's Knowledge Base there's an article in which is explained what you can and what you can't put in your .htacces...
Where is this? A link please? Can't find anything about Aruba Knowledge Base under google!
|
Share |
#24 Fri 08 Sep, 2006 22:42 |
|
casimedicos
Joined: August 2006
Posts: 241
Location: Galicia (Spain)
|
Re: Hacked
At the moment we have found a fix for the security hole in HACKS LIST.
Since I'm not sure that it is the only problem, I'm testing an emulation of REGISTER_GLOBALS = OFF.
I'm testing this new function here... if it works, this will be added as a new patch.
The function can be found here for all that could be interested in.
http://it.php.net/manual/en/faq.mis...registerglobals
<?php
// Emulate register_globals off
function unregister_GLOBALS()
{
if (!ini_get('register_globals')) {
return;
}
// Might want to change this perhaps to a nicer error
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
die('GLOBALS overwrite attempt detected');
}
// Variables that shouldn't be unset
$noUnset = array('GLOBALS', '_GET',
'_POST', '_COOKIE',
'_REQUEST', '_SERVER',
'_ENV', '_FILES');
$input = array_merge($_GET, $_POST,
$_COOKIE, $_SERVER,
$_ENV, $_FILES,
isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ($input as $k => $v) {
if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) {
unset($GLOBALS[$k]);
}
}
}
unregister_GLOBALS();
?>
thanks
ill test it
|
Share |
#25 Sat 09 Sep, 2006 14:04 |
|
Mighty Gorgon
Luca Libralato
Joined: August 2006
Posts: 7191
Location: Borgo San Michele
|
Re: Hacked
Anyway this script is not needed if you're running CTracker, and I've discovered that a similar script has been added to phpBB to... but can't remember in which version...
I'll check and I'll be more precise in the future.
____________ Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
|
Share |
#27 Thu 14 Sep, 2006 10:19 |
|
|
Page 2 of 2
|
Was this topic useful?
Was this topic useful?
Link this topic |
URL |
|
BBCode |
|
HTML |
|
You cannot post new topics You cannot reply to topics You cannot edit your posts You cannot delete your posts You cannot vote in polls You cannot attach files You can download files You cannot post calendar events
|
|
|
|