Register or have you forgotten your password?
Get the most out of Surmunity, read our tips here! Need an interesting blog to read? You've got to read the Surpass Blog!
| Welcome! Please register to access all of our features.
| PHP, MySQL General PHP questions. Or go to our PHPsuexec Forum >> |
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread |
November 21st, 2005, 5:09 AM
|
#1 (permalink) |
|
Registered User
Seasoned Poster
Joined in Oct 2004
Lives in Australia
Hosted on Deso & pass45
67 posts
Gave thanks: 0
Thanked 0 times
|
Anyone use any scripts from codegrrl.com? [security exploits]
I'm not sure if this is the right place but I figured the php/mysql section would be ok since the scrips are php/mysql. Any ways codegrrl.com have released info that some of thier most popular scripts have an exploit using the protection.php page and so they are encouring people to download the new file.
FA-PHPHosting, PHPClique, PHPCalendar, PHPCurrently, PHPFanBase and PHPQuotes are the vunerable scripts and you can download the fixed protection.php page here and there's a thread for it on the codegrrl forums here. I know some people on here have fanlistings using phpfanbase so I thought to spread the word 
__________________
Deso http://midnite-stars.net Pass45 http://sweet-innocence.net SH105 http://bruckner-media.com |
|
    
|
|
November 21st, 2005, 9:00 AM
|
#2 (permalink) |
|
Senior Member
Super #1
Joined in Jan 2005
1,546 posts
Gave thanks: 70
Thanked 33 times
|
I don't use their scripts, personally, but I see that they have discovered other security issues and have taken down all their scripts for the time being.
*sigh* Hackers suck. |
|
|
|
|
November 22nd, 2005, 4:18 AM
|
#3 (permalink) |
|
Registered User
Fresh Surpasser
Joined in Jun 2004
Lives in Australia
Hosted on Flash
25 posts
Gave thanks: 1
Thanked 0 times
|
I was about to bring up the same thing, actually. I've heard that many hosts are removing those particular scripts from their servers and banning them from use, and I wonder if Surpass would be considering the same? I don't use FanBase or any of the other CodeGrrl scripts, but I do know of a lot of people who do who may run into trouble in the future should this happen. It's a pretty big concern now as a lot of people have been hacked and there are even more out there who are probably not aware of the security issues and may become targeted by hackers in the future - thus why, apparently, web hosts are taking the initiative now to remove all CodeGrrl scripts from their servers.
Does Surpass know anything of this issue? Has anything been set into place?
__________________
Kell PASS15 - Surpass Reseller |
|
|
|
|
November 22nd, 2005, 4:21 AM
|
#4 (permalink) |
|
Marketing Maven
Surpass Staff
Joined in May 2003
Lives in Orlando
24,749 posts
Gave thanks: 946
Thanked 806 times
|
It seems that the news about these scripts is getting out pretty quickly, it's a much better response than other issues I've witnessed. We do not plan on doing any banning at this time.
__________________
|
|
|
|
|
November 22nd, 2005, 5:23 AM
|
#7 (permalink) |
|
Registered User
Seasoned Poster
Joined in Oct 2004
Lives in Australia
Hosted on Deso & pass45
67 posts
Gave thanks: 0
Thanked 0 times
|
I hope you guys dont make us remove them..I seriously live by fanbase and do not look forward to manging 200+ people in a fanlisting plus however mnay from the other's by hand.
__________________
Deso http://midnite-stars.net Pass45 http://sweet-innocence.net SH105 http://bruckner-media.com |
|
|
|
|
November 22nd, 2005, 5:30 AM
|
#8 (permalink) |
|
Marketing Maven
Surpass Staff
Joined in May 2003
Lives in Orlando
24,749 posts
Gave thanks: 946
Thanked 806 times
|
Everything made with PHP can end up with that fate. PHP is a wonderful language but you have to truly understand it and be on top of things. I am sure they will find resolutions to these newly surfaced problems.
__________________
|
|
|
|
