 |
| | LinkBack | Thread Tools | Display Modes |
07-31-2008, 06:41 PM
| |||
| |||
| All the functions work but the remote shell exploit is still there, this is the most dangerous of all of the exploits. I am happy to help test solutions to it and post the results but right now the site is wide open. If you run this script against a "patched" system, you gain shell access Last edited by chuckroast; 07-31-2008 at 07:11 PM. Reason: removed link to exploits as per forum policy |
|
07-31-2008, 06:48 PM
| ||||
| ||||
| We have a beta version ready to go out in the next half hour. Watch the downloads section. Hopefully it will fix all issues and not add any more. I also have hired a third-party developer to go through the code and find any missed security vulnerabilities and patch them. His findings will be reported to me in 2 more days and I will follow up with another patch if necissary. Tonight we will be getting out an emergency version to hopefully combat these new issues. Please let us know if the new version seems to work for you. It will be posted in the Current Version forum in no time. |
|
07-31-2008, 07:20 PM
| |||
| |||
| Make sure you rename your htaccess.default files to .htaccess, this will help tighten up the security as well. |
|
07-31-2008, 07:43 PM
| ||||
| ||||
| New Version Out Pligg Beta 9.9.5 |
|
07-31-2008, 08:01 PM
| ||||
| ||||
| Quote:
So what files can I dissect from t his version to make my site more secure yet still 100% functional? Can i just use a file comparison tool or will i break my site? |
|
07-31-2008, 08:20 PM
| |||
| |||
| Glad to hear that the problem has been identified. Glad to hear that Pligg people are working on it. But.... What does one do after a site is hacked? How do we "un-hack" the site? |
|
07-31-2008, 08:23 PM
| |||
| |||
| Quote:
I see this security hole just the day when I'm testing Pligg to use it on my (maybe one day "big") website  Administrators, can you rename/add this topic to [security fix done] or something else ? I think it can reassure new users that come here (like me )Thanks, |
|
07-31-2008, 08:32 PM
| |||
| |||
| My sites have way too much custom code to copy over a patch. Can we get a list of code changes that need to be made from 9.9 to 9.9.5? |
|
07-31-2008, 08:35 PM
| ||||
| ||||
| Check the SVN for a changelog. The more recent changes are for security issues. There was one large change that covered a lot of files, that is probably the one. http://www.pliggsvn.com |
|
07-31-2008, 09:24 PM
| |||
| |||
| Thanks for the 0.9.9.5 update Yankidank, but I am in the same situation as swese44. is there any guide on how to upgrade without replacing existing files? Watch Tv Episode Online - Watch your favorites Tv Shows. |
|
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Where to download version 9.9.0? | unv1 | Questions and Comments | 6 | 05-03-2009 08:03 PM |
| Moving servers and version 9.8 -> 9.9.0 | johnsteel | Questions and Comments | 5 | 05-16-2008 04:21 PM |
| Does your Category load via version 9.9.0? | Loz07 | Questions and Comments | 1 | 05-04-2008 10:30 PM |
| [SOLVED]  character issue - 9.9.0 | animas | Questions and Comments | 2 | 01-30-2008 01:00 AM |
| [SOLVED] Version number doesn't update after upgrade | AshMCairo | Questions and Comments | 8 | 12-13-2007 12:02 PM |
Linear Mode
