**HIGH PRIORITY** Security patch released. Please Read!!

Started by Patrick, May 29, 2013, 05:53:39 PM

Print
Go Down Pages 1 2
User actions

lv-matt

#15
May 30, 2013, 10:20:50 AM
Quote from: dediserve on May 30, 2013, 04:52:03 AM
You can also search for the access / expoit string in your logs - we saw a few dozen attempts from various IPs!

I highly suggest you do this, I did. Luckily it didn't seem to effect v4.3.8.

If you had made the recommended security changes and placed the writable directory's a separate directory you would should have been protected by this exploit.
$hb_downloads_dir = "/home/hostbill/downloads";
$hb_attachments_dir = "/home/hostbill/attachments";
$hb_templates_c_dir = "/home/hostbill/templates_c";

nibb

#16
May 30, 2013, 10:24:40 AM
Quote from: lv-matt on May 30, 2013, 10:20:50 AM
I highly suggest you do this, I did. Luckily it didn't seem to effect v4.3.8.

If you had made the recommended security changes and placed the writable directory's a separate directory you would should have been protected by this exploit.
$hb_downloads_dir = "/home/hostbill/downloads";
$hb_attachments_dir = "/home/hostbill/attachments";
$hb_templates_c_dir = "/home/hostbill/templates_c";

So that could explain what I was not able to replicate this on my install, since I always used those settings. Good to know.

lv-matt

#17
May 30, 2013, 10:28:58 AM
That wouldn't stop it if they went up another directory and re-wrote the exploit a little, but it would stop them downloading the dump.

But its lucky its just script kiddies trying to get it at the moment. I have setup a replacement file on mine which gets the WHOIS for there IP and sends an email back to there ISPs abuse email letting them know about what they are doing on there internet.

Patrick

#18
May 30, 2013, 02:23:05 PM
It's weird because i myself ran it but i cannot find it in the logs
Patrick - Forum Rules
Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein
Print
Go Up Pages 1 2
User actions