[Vaupell]

Quote:

Originally Posted by jimjam

We just had our databased Nuked by a hacker,

I saw that a new user had uploaded a file called aaaaaaaa, or somthing like that. (don;t know the extension) I noticed it on a "Recent Uploads" mod on the VBadvanced front page. When I had a look in the downloads section the aaaaaaa file was not there, shortly after the site fell over.

Subsequent investigations found these files in the DownloadsII folder. see attached

We do not allow these files to be uploaded, any idea how they got there, I do not want to re-activate the downloads mod just in case. Thanks

Tx for shareing.

I have uploads disabled, but added the magaupload box for members
so they can share through them without limits.

only admiin and supmod can upload actual files.
rest is just shares.


And ive diabled the upload botton so now only share links availible.
Only specified group can share
Find :

Code:

<font size="-3" {$errors['upload']}>{$vbphrase['ecdownloads_upload_a_file']}</font><br />
       <input name="upload" type="file" size="20" />

Replace with

Code:

<!-- Original upload box code start -->
<font size="-3" {$errors['upload']}>{$vbphrase['ecdownloads_upload_a_file']}</font><br />
       <input name="upload" type="file" size="20" /> 
<!--original upload box code end -->

<!-- New remove upload box code start -->
<if condition="is_member_of($bbuserinfo, GROUPID)"><font size="-3" {$errors['upload']}>{$vbphrase['ecdownloads_upload_a_file']}</font><br />
       <input name="upload" type="file" size="20" /> <else></if> 
<!-- new remove upload box code end -->

Change the GROUPID name to which usergroup u want to give acces,, perhaps trustet members.. syntax : '"is_member_of($bbuerinfo, group,group,group)"

See image, left a member login on the right a moderator..

Attachment 93635

hope it helps.