Results 1 to 3 of 3

Thread: "Security hole" fixed - Veganforum is again McAfee-approved!

  1. #1
    Ex-admin Korn's Avatar
    Join Date
    Apr 2004
    Location
    Europe
    Posts
    4,826

    Default "Security hole" fixed - Veganforum is again McAfee-approved!

    I found yet another security hole on our site, a 'leftover' from the hacker attack our and loads of other forums/sites were exposed to almost a year ago. It was a quote serious attack, including the creation of several new, fake admin accounts, hijacking of our announcement feature etc. But after this last change, even McAfee has approved our forum (as you can see if you use a McAfee-plugin with your browser).

    The whole I found was a so called symlink situation, where external users at least in theory could get access to some of the files on our site which was not in the public area. I write 'in theory', because all they could see, as far as I could tell, was either a white/blank page or an error message telling them to contact the admins and let them know how they got this message.

    At any rate this is good news.

    To admins of other forums: When updating the site, I set Transmit, which I use for that kind of work, to merge new files into existing folders, meaning that the old folders weren't overwritten. The main reason for this was to keep compatibility with old medications (like e.g. the custom skins we have used) intact. With a different setting - one which would overwrite a folder with a new folder, this problem would have been fixed a long time ago, because the folder which contained an alias (symbolic link) to the non-public area would have been removed. Unfortunately, none of the many experts in this area warned be about this possible problem, and if I would have had good knowledge about hacking, servers etc, I should of course have known this anyway...
    I will not eat anything that walks, swims, flies, runs, skips, hops or crawls.

  2. #2
    Bad Buddhist Clueless Git's Avatar
    Join Date
    Sep 2010
    Location
    Milton Keynes
    Posts
    1,089

    Default Re: "Security hole" fixed - Veganforum is again McAfee-approved!

    Fried rice with no egg and a portion of Szechuan tofu please!

    By which I mean I wanted to contribute something to this topic but that's the only Chinese I speak.

    By which I mean I didn't understand hardly word of that but it looks like clever stuff to me.
    All done in the best possible taste ...

  3. #3

    Join Date
    Oct 2010
    Location
    Petaling Jaya, Malaysia
    Posts
    772

    Default Re: "Security hole" fixed - Veganforum is again McAfee-approved!

    Quote Korn View Post
    But after this last change, even McAfee has approved our forum (as you can see if you use a McAfee-plugin with your browser).
    That definitely is good news. Now my company internet access no longer prohibits me to open the forum

    Best regards,
    Andy

Similar Threads

  1. "Pizza" cake, I need an alternative idea for white chocolate "cheese"...
    By caseyiddings in forum Desserts, sweets and cakes
    Replies: 3
    Last Post: Apr 14th, 2014, 01:12 AM
  2. Replies: 0
    Last Post: Oct 21st, 2012, 08:15 AM
  3. Replies: 0
    Last Post: Mar 25th, 2011, 11:59 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •