vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Guest can download free with .rar file type extension (https://vborg.vbsupport.ru/showthread.php?t=224585)

giaxaydung 10-05-2009 02:15 AM
Guest can download free with .rar file type extension
 
My forum get trouble. Server allway shutdown. I find out that when I attachment some kind of file in a post, guest can download the file with .rar extension. They needn't sign in when they download file from my site. They copy attachment file link to other site and make my server overload.

FX: I have a post attached some files in .doc, .pdf, .rar, only .rar files guests can download (they can not .doc, .pdf). You even can use accelator download software (Flash get).

I store the attachments in the filesystem. Do you think this is a security hole in VBB 3.8.4.
I tried to find out at:
1. Admincp > Attachments > Attachment Permissions
2. I checked in Forum Permissions, look at the Unregistered Usergroup and set Unregistered Can Not Download Attachments. I also checked the same permission under Usergroup Manager > Unregistered Usergroup.
But the problem still remain.

What can I do to set permissions with .rar files ? Can you help me fix this problem ?

My server, CPU and MySQL always hang, die... Help me please. Thanks.

--------------- Added [DATE]1254717505[/DATE] at [TIME]1254717505[/TIME] ---------------

In View Permission I found about permission setting for Unregistered / Not Logged In. All of them set No value for Can View Attachments and Can Post Attachments.

Lynne 10-05-2009 04:10 PM
As I posted in your thread about this issue over on vb.com... I cannot download the .rar files on that page you gave as a link. I get a No Permission page. You need to make sure you clear your cache if you are testing this yourself - especially if you keep testing the same download link time after time.


All times are GMT. The time now is 08:09 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01898 seconds
  • Memory Usage 1,706KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete