No, lo siento pero no es eso. He probado a hacer log in y log out varias veces seguidas y no me da ningún problema.


I'm sorry but I've tried logging in and out several times and I see no problem at all.

Hola, abraxas

Acabo de probar en centralinos.cl a identificarme con el usuario prueba y funciona correctamente. Entro y me aparece sin problema el menú de usuario. He probado también a actualizar el perfil (cambiando sólo la 'información adicional') y a enviar un mensaje privado. Todo funciona correctamente (salvo que hay algunos módulos de los que hay en el menú, p.ej. noticias, que no están instalados).

Parece por tanto que es un problema de tu navegador. ¿Cuál y qué versión usas? Prueba a vaciar la cache del navegador, cerrarlo y recargar la página a ver.

Por cierto que yo he probado con Mozilla 1.6 y Mozilla 1.7.

Hi, abraxas.

I just tried user prueba and I'm able to log in with no problem. So it looks like a problem with your browser. Try emptying the caché.
By the way, I've tried it with Mozilla 1.6 and 1.7.

Speed's fine for me, and I'm on a 56k dial-up (I've got some DNS caching, though, which helps a bit). The page loads nicely, even reasonably fast.

About the Thank-you page I imagine there could be a lot of opinions. I don't really mind about it, but I understand some people would argue that such a page shouldn't appear. It's a question of different perspectives.

There were, about a month ago or so, a lot of eXoops defacements. Looking a bit into it, it was seen that the problem was in the gallery module; the problem was also found on certain versions of Gallery and sites were also being hacked through it.

That time the systems hacked into were Linux and FreeBSD (iirc).


It basicly works by combination:
First you find a simple exploit on a web application (i.e. Gallery) and use it to gain write and execute priviledges on a site.
Then you dump some local OS exploit (i.e. Linux's kernel do_brk overflow) and try it hoping the system's not patched or updated.

Oh, and by the way... there's also a small annoying detail: if you're on a shared host (as many of us are), you may have good security yourself, but if they gain access to the system from someone else's web application, you're busted too... because, they run these stupid competitions or whatever and they count how many sites they deface, so when they get access to a system, they tend to deface all the sites on that server.


The thing is all this is readily found on the net (looking at the right places) and can be put to practice with just some basic knowledge. So almost any bored kid can come by this and try it 'just for fun'.


I guess the conclusion is: be aware, try and do secure your application and pest your hosting service as much as necessary to make them take patches seriously.