14
This is untested but I think will do what you want.
$member_handler =& xoops_gethandler('member');
$thisUser =& $member_handler->getUser($uid);
$avImg = "<img src='".XOOPS_UPLOAD_URL."/".$thisUser->getVar('user_avatar')."' alt='".$thisUser->getVar('uname')."' />");
15
Doesn't it make sense to use "Select groups with access rights" during the install to just allow "Webmaster". Then it will not be displayed for anyone else.
16
Very interesting. Thank you for that.
Now, my only question is this: Did he actually get "user information (and more) from the server it was ran on"?
Now, my only question is this: Did he actually get "user information (and more) from the server it was ran on"?
17
Quote:
Quote:
More than one way to skin a cat. Thanks.
Dave_L wrote:<Files *.php>
Deny from all
</Files>
Quote:
Bandit-X wrote:
Quote:Order Deny,Allow
Deny from all
<FilesMatch "\.(gif|jpe?g|png)$">
Allow from all
</FilesMatch>
only the .gif .jpg .jpeg and .png image files are web accessible in that directory. the rest of the files in that directory get a 404
More than one way to skin a cat. Thanks.
18
Quote:
Hmmmmm, it seems that this .htaccess works only for the cache and the templates_c directory.
I just noticed that in the uploads directory that it prevents any uploaded images from being displayed.
Does anyone know if there is another .htaccess method that will allow these images from being displayed but prevent any **.php files from being executed?
The 3 directories along with their subdirectories are:
cache
templates_c
uploads
I would also suggest that you protect these directories by placing a .htaccess file in each of these directories withDeny from all
Hmmmmm, it seems that this .htaccess works only for the cache and the templates_c directory.
I just noticed that in the uploads directory that it prevents any uploaded images from being displayed.
Does anyone know if there is another .htaccess method that will allow these images from being displayed but prevent any **.php files from being executed?
19
Quote:
Yes, I have protector installed.
jensclas wrote:
Hey Old freind - do you have protector module installed? Curious to know if this happened in spite of using protector.
Yes, I have protector installed.
20
OK. Thanks for that. What can the hacker do with "all my server information"?
Since I found these first 2 files, I have found a stack of similar files throughout my site.
It seems that EVERY directory in my XOOPS site that has permissions set to 777.
I have deleted as many as I can, but there are even some of these files that now say that I don't have permission to delete.... I have contacted my host to try to remedy that.
I suggest that you all have a look in your directories to see if you have some php files there that shouldn't be.
The 3 directories along with their subdirectories are:
cache
templates_c
uploads
I would also suggest that you protect these directories by placing a .htaccess file in each of these directories with
Since I found these first 2 files, I have found a stack of similar files throughout my site.
It seems that EVERY directory in my XOOPS site that has permissions set to 777.
I have deleted as many as I can, but there are even some of these files that now say that I don't have permission to delete.... I have contacted my host to try to remedy that.
I suggest that you all have a look in your directories to see if you have some php files there that shouldn't be.
The 3 directories along with their subdirectories are:
cache
templates_c
uploads
I would also suggest that you protect these directories by placing a .htaccess file in each of these directories with
Deny from all
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Apr 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|