Thread: Major Additions - VB image Hosting
View Single Post
  #569  
Old 03-02-2007, 02:53 AM
Merriweather Merriweather is offline
 
Join Date: Nov 2006
Posts: 389
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Been Told View Post
But I'm unsure about installing this - maybe the developer can make a statement in regards to what oatsy said? That'd make my decision easier.
The developer has not posted since early December 2006 and has ignored a PM I sent for support on this mod. My guess is that it is no longer supported.

Without knowing what file the hackers used and how the files got there, I think it's unfair to assume it was the cause of this mod, though I also respect the need for clarification on the mod's security.

I have tested my personal installation of this mod and am not able to upload a .php, .html or .htaccess file.

My guess is that the hackers hit oatsey some other way, and that the folder holding oatsey's hosted images has been CHMODED to 777 (all permissions to all groups) which in itself is a security risk. You're better off using 755. On a shared server, nothing should ever be world-writable with mode 666 or 777. Doing so can potentially allows other users of the server to change your files. A hacker may have uploaded a bona-fide image file through the mod and then hacked the file through the server, which is not a problem with the mod itself.

Of course, I have no proof of this, but in my experience, you cannot use this mod to upload anything other than images.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01096 seconds
  • Memory Usage 1,763KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete