XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk


« 1 ... 29303 29304 29305 (29306) 29307 29308 29309 ... 29425 »


293051
supernix
Re: Possible PHPMyAdmin risk

  • 2003/5/29 4:21

  • supernix

  • Not too shy to talk

  • Posts: 151

  • Since: 2003/3/13


Definately a good idea. Had I thought about that I would not had reason for posting this thread. I think everyone should use your suggested security measure that use the 4mps phpmyadmin 240-rc1 module.

I posted that I had removed the module but you would be suprised how many people still tried to use that URL. I am curious if anyone else ran that similar URL on their domain using the same module?


Steve,
http://www.dnspad.com/
Topic | Forum


293052
tom
Re: Possible PHPMyAdmin risk

  • 2003/5/29 3:21

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


I asked a simerlar question, about the security, but don't seem to remember getting a reply, but then I posted straight mentioned to cut the risk you could, and I would any way, protect the directory with .htaccess, then you run no risk of direct access to your database through PHPmyadmin.

The only downside to this, is you gotta log in twice, once admin, then second to phpmyadmin.

I thought it might be worth mentioning the .htaccess thing.
Topic | Forum


293053
supernix
Re: Possible PHPMyAdmin risk

  • 2003/5/29 3:08

  • supernix

  • Not too shy to talk

  • Posts: 151

  • Since: 2003/3/13


That is pretty much what I did.
I was not exactly sure if that was definately
a security breach. But it sure looked like one when I followed that url to the backend of the database.
Topic | Forum


293054
migoe
Re: "Whats new since last logon" module needed

  • 2003/5/28 22:03

  • migoe

  • Just popping in

  • Posts: 68

  • Since: 2003/4/2 9


Please, please, please give it free for download here...

migoe
Topic | Forum


293055
patagon
Re: "Whats new since last logon" module needed

  • 2003/5/28 20:39

  • patagon

  • Quite a regular

  • Posts: 235

  • Since: 2002/1/8 0


That looks really useful
Topic | Forum


293056
techgnome
Re: "Whats new since last logon" module needed

  • 2003/5/28 19:20

  • techgnome

  • Module Developer

  • Posts: 51

  • Since: 2002/8/9 5


Funny you should mention this..... I just wrote a couple of hacks to the forum mod to 1) View posts since last login, and 2) View unread posts/posts w/ no replies. As soon as I can get things cleaned up up in I will post it here for d/l.
Topic | Forum


293057
ronhab
Re: Possible PHPMyAdmin risk

  • 2003/5/28 16:20

  • ronhab

  • Friend of XOOPS

  • Posts: 160

  • Since: 2003/4/27


Maybe I am paranoid, but this is what I would do.

Backup your database & your site.

Then I suggest you create a new admin/webmaster account with
a different password and delete the old admin account.

Backup the database a second time.

Then I would also change the MySQL username and password and
alter my XOOPS install to use the new combination. (You
cold even clone the database over into one with a new name
as well). I believe the database connection information is
stored in mainfile.php, but it may be somewhere else too,
perhaps one of the developers can give more info on this.

Last, make sure your session time isn't set for very long
and make sure you choose logout each time so that the
webmaster session is terminated and not left open.

If something goes wrong, you have a backup of your site and
two of your database to revert to.

Topic | Forum


293058
Stewdio
Re: Possible PHPMyAdmin risk

  • 2003/5/28 14:27

  • Stewdio

  • Community Support Member

  • Posts: 1560

  • Since: 2003/5/7 1


It's definately not his IP. The link in the post listed as the referer goes to his IP and is routed through congentco.com, the backbone of his provider.

203.217.41.124 is routed through Australia
Tracing route to m041-124.nv.iinet.net.au [203.217.41.124]
over a maximum of 30 hops:

  1    25 ms    28 ms    29 ms  tlgw5.ym.phub.net.cable.rogers.com [24.42.186.1]

  2    27 ms    29 ms    29 ms  10.1.67.129
  3    24 ms    26 ms    29 ms  gw01-vlan966.ym.phub.net.cable.rogers.com [66.18
5.93.21]
  4    26 ms    29 ms    29 ms  gw02.ym.phub.net.cable.rogers.com [66.185.80.210
]
  5    29 ms    36 ms    29 ms  gw01.bloor.phub.net.cable.rogers.com [66.185.80.
226]
  6    26 ms    29 ms    35 ms  gw02.bloor.phub.net.cable.rogers.com [66.185.80.
246]
  7    48 ms    47 ms    47 ms  if-10-0.core1.Chicago3.teleglobe.net [216.6.16.2
9]
  8    45 ms    49 ms    50 ms  if-7-0.core2.Chicago3.Teleglobe.net [207.45.220.
46]
  9    46 ms    47 ms    47 ms  if-2-0.core3.NewYork.Teleglobe.net [64.86.83.218
]
 10    48 ms    50 ms    50 ms  if-5-0.core2.Newark.Teleglobe.net [64.86.83.166]

 11    65 ms    53 ms    59 ms  if-9-0.core1.Ashburn.Teleglobe.net [64.86.83.214
]
 12    56 ms    59 ms    59 ms  208.51.74.13
 13    57 ms    65 ms    59 ms  pos6-0-2488M.cr2.WDC2.gblx.net [64.215.195.38]
 14   120 ms   118 ms   119 ms  pos0-0-2488M.cr1.SNA1.gblx.net [64.212.107.170]

 15   282 ms   281 ms   281 ms  so1-0-0-155M.ar1.SYD1.gblx.net [203.192.136.9]
 16  1028 ms  1050 ms  1090 ms  IINET-MELB.ar1.SYD1.gblx.net [203.192.166.206]
 17  1166 ms  1216 ms  1099 ms  IINET-Mel-203.192.166.190.gblx.net [203.192.166.
190]
 18  1099 ms  1118 ms  1069 ms  m041-124.nv.iinet.net.au [203.217.41.124]

Trace complete.
Topic | Forum


293059
supernix
Re: Possible PHPMyAdmin risk

  • 2003/5/28 14:18

  • supernix

  • Not too shy to talk

  • Posts: 151

  • Since: 2003/3/13


Completely sure it was not my IP.
Topic | Forum


293060
Jan304
Re: Possible PHPMyAdmin risk

  • 2003/5/28 14:10

  • Jan304

  • Official Support Member

  • Posts: 520

  • Since: 2002/3/31


Weird, you shure isn't your own ip?

I tested on a site that has phpmyadmin installed (your link wasn't working anymore since you removed the module) and there I get a none-permission error...
Topic | Forum






[Advanced Search]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

278 user(s) are online (109 user(s) are browsing Support Forums)

Members: 0

Guests: 278

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits