Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Ultramode.txt writable to hackers
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
j_felosi
Regular
Regular



Joined: Oct 17, 2005
Posts: 51
PostPosted: Tue May 16, 2006 1:28 pm Reply with quote
Lately I been seeing a lot of defacements come throug zone-h where hackers are writing to ulramode.txt I have seen big nuke sites such as phpnukefiles and a few other. This presents a SERIOUS security risk as isomeone could make a shell of it I have deleted my ultramode and advised everyone else to do so as well. I have seen over 200 defacements from this in the past 3 days. This is not a false alert
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Tue May 16, 2006 2:48 pm Reply with quote
You are treating the symptom, not the cause. If they are able to write to that file, they could write to several others also. You need to figure out what's allowing them to write to it. Also try 664 instead of 666 and see if that works as a stop gap.
 
View user's profile Send private message
oneunit
Regular
Regular



Joined: Feb 18, 2008
Posts: 94
PostPosted: Wed Feb 27, 2008 10:37 pm Reply with quote
when they ask on prefrences activate Ultramode...


what is it.

and should i activate it?
 
View user's profile Send private message
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Thu Feb 28, 2008 7:07 am Reply with quote
Personally? I wish we would remove that feature altogether. I leave mine off as well as I have stripped the link from the footer.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Thu Feb 28, 2008 10:38 am Reply with quote
I agree and we will Smile - maybe even for 2.20.01. It is very antiquated now and of no use. Montego, I will submit a Mantis issue on it although it seems we may have one in the archives. In any event we'll take care of it.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©