XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk


« 1 ... 29300 29301 29302 (29303) 29304 29305 29306 ... 29422 »


293021
techgnome
Re: "Whats new since last logon" module needed

  • 2003/5/28 19:20

  • techgnome

  • Module Developer

  • Posts: 51

  • Since: 2002/8/9 5


Funny you should mention this..... I just wrote a couple of hacks to the forum mod to 1) View posts since last login, and 2) View unread posts/posts w/ no replies. As soon as I can get things cleaned up up in I will post it here for d/l.
Topic | Forum


293022
ronhab
Re: Possible PHPMyAdmin risk

  • 2003/5/28 16:20

  • ronhab

  • Friend of XOOPS

  • Posts: 160

  • Since: 2003/4/27


Maybe I am paranoid, but this is what I would do.

Backup your database & your site.

Then I suggest you create a new admin/webmaster account with
a different password and delete the old admin account.

Backup the database a second time.

Then I would also change the MySQL username and password and
alter my XOOPS install to use the new combination. (You
cold even clone the database over into one with a new name
as well). I believe the database connection information is
stored in mainfile.php, but it may be somewhere else too,
perhaps one of the developers can give more info on this.

Last, make sure your session time isn't set for very long
and make sure you choose logout each time so that the
webmaster session is terminated and not left open.

If something goes wrong, you have a backup of your site and
two of your database to revert to.

Topic | Forum


293023
Stewdio
Re: Possible PHPMyAdmin risk

  • 2003/5/28 14:27

  • Stewdio

  • Community Support Member

  • Posts: 1560

  • Since: 2003/5/7 1


It's definately not his IP. The link in the post listed as the referer goes to his IP and is routed through congentco.com, the backbone of his provider.

203.217.41.124 is routed through Australia
Tracing route to m041-124.nv.iinet.net.au [203.217.41.124]
over a maximum of 30 hops:

  1    25 ms    28 ms    29 ms  tlgw5.ym.phub.net.cable.rogers.com [24.42.186.1]

  2    27 ms    29 ms    29 ms  10.1.67.129
  3    24 ms    26 ms    29 ms  gw01-vlan966.ym.phub.net.cable.rogers.com [66.18
5.93.21]
  4    26 ms    29 ms    29 ms  gw02.ym.phub.net.cable.rogers.com [66.185.80.210
]
  5    29 ms    36 ms    29 ms  gw01.bloor.phub.net.cable.rogers.com [66.185.80.
226]
  6    26 ms    29 ms    35 ms  gw02.bloor.phub.net.cable.rogers.com [66.185.80.
246]
  7    48 ms    47 ms    47 ms  if-10-0.core1.Chicago3.teleglobe.net [216.6.16.2
9]
  8    45 ms    49 ms    50 ms  if-7-0.core2.Chicago3.Teleglobe.net [207.45.220.
46]
  9    46 ms    47 ms    47 ms  if-2-0.core3.NewYork.Teleglobe.net [64.86.83.218
]
 10    48 ms    50 ms    50 ms  if-5-0.core2.Newark.Teleglobe.net [64.86.83.166]

 11    65 ms    53 ms    59 ms  if-9-0.core1.Ashburn.Teleglobe.net [64.86.83.214
]
 12    56 ms    59 ms    59 ms  208.51.74.13
 13    57 ms    65 ms    59 ms  pos6-0-2488M.cr2.WDC2.gblx.net [64.215.195.38]
 14   120 ms   118 ms   119 ms  pos0-0-2488M.cr1.SNA1.gblx.net [64.212.107.170]

 15   282 ms   281 ms   281 ms  so1-0-0-155M.ar1.SYD1.gblx.net [203.192.136.9]
 16  1028 ms  1050 ms  1090 ms  IINET-MELB.ar1.SYD1.gblx.net [203.192.166.206]
 17  1166 ms  1216 ms  1099 ms  IINET-Mel-203.192.166.190.gblx.net [203.192.166.
190]
 18  1099 ms  1118 ms  1069 ms  m041-124.nv.iinet.net.au [203.217.41.124]

Trace complete.
Topic | Forum


293024
supernix
Re: Possible PHPMyAdmin risk

  • 2003/5/28 14:18

  • supernix

  • Not too shy to talk

  • Posts: 151

  • Since: 2003/3/13


Completely sure it was not my IP.
Topic | Forum


293025
Jan304
Re: Possible PHPMyAdmin risk

  • 2003/5/28 14:10

  • Jan304

  • Official Support Member

  • Posts: 520

  • Since: 2002/3/31


Weird, you shure isn't your own ip?

I tested on a site that has phpmyadmin installed (your link wasn't working anymore since you removed the module) and there I get a none-permission error...
Topic | Forum


293026
Stewdio
Re: Possible PHPMyAdmin risk

  • 2003/5/28 14:09

  • Stewdio

  • Community Support Member

  • Posts: 1560

  • Since: 2003/5/7 1


*punt to the top*

I've never used the module, or any module that access's the DB in this manner so I can't offer any feedback, but I'm curious if anyone else has noticed this.

Looks pretty scary to me, glad you dropped the mod right away.
Topic | Forum


293027
supernix
Possible PHPMyAdmin risk

  • 2003/5/28 9:41

  • supernix

  • Not too shy to talk

  • Posts: 151

  • Since: 2003/3/13


This morning going over the logs I found this
Host: 203.217.41.124 Url: /modules/phpmyadmin/admin/sql.php?lang=en-iso-8859-1&server=1&db=supernix_xoops&table=xoops_config&goto=tbl_properties.php&back=tbl_properties.php&sql_query=SELECT+%2A+FROM+%60xoops_config%60&pos=0&PHPSESSID=aed13a2e3e593f9d7c893a483bf3481e Http Code : 200
Date: May 28 03:15:17 Http Version: HTTP/1.1 Size in Bytes: 244435
Referer:http://www.dnspad.com/modules/phpmyadmin/admin/sql.php?lang=en-iso-8859-1&server=1&db=supernix_xoops&table=xoops_config&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=SELECT+%2A+FROM+%60xoops_config%60&pos=0&PHPSESSID=aed13a2e3e593f9d7c893a483bf3481e Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; YComp 5.0.0.0; .NET CLR 1.0.3705)

and when I went to that URL it showed the PHPMyadmin and the table with options to manipulate the tables and such.


And shortly before that I found this :
Host: 210.50.219.22 Url: /modules/phpmyadmin/admin/index.php Http Code : 200
Date: May 28 03:13:41 Http Version: HTTP/1.1 Size in Bytes: 642
Referer: - Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

So I dont know if it is a problem with XOOPS or the PHPMyadmin module or Xoops

I have taken the PHPMyadmin module completely off the server to avoid any further cause for concern. But it sorta looks like to me that someone found a way to use the PHPMyadmin module to get access to the database.

Steve,
http://www.dnspad.com/
Topic | Forum


293028
blueangel
Re: MassMail to members [fixed]

  • 2003/5/28 6:56

  • blueangel

  • Module Developer

  • Posts: 132

  • Since: 2002/2/20


so I think that there are more problems related to the Mail User function..

malexandria I think that our problem is related also to the fact that we cannot edit the group of registered user and we cannot modify users

actually I have still no ideas on what happen
Topic | Forum


293029
Semzer
Banner click go's back to strange login screen

  • 2003/5/27 20:55

  • Semzer

  • Just popping in

  • Posts: 1

  • Since: 2003/5/27


Can someone help me out...??

I have created a new banner account in my XOOPS admin and i created 5 banners (http://banner_url) to start the bannering, But everytime i click one of the banners it just:

- opens a new window (good)
- shows the click_out URL (good)
- never shows the real website (?? oo Oooww)
- but changes back to an login screen of my own website. (oeps)

can someone please help me to correct this problem.

Best Regards,
Semzer.
Topic | Forum


293030
malexandria
Re: MassMail to members [fixed]

Quote:
I had the same problem, I get a blank page when a try to send an email to registered users; but by me it works with the group of administrators. Herko, have you the same behaviour?


that's what happens to me. I'm able to send to groups that have really small numbers, like my webmaster and writers group, but I can't send to the registered users group.
Topic | Forum






[Advanced Search]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

176 user(s) are online (117 user(s) are browsing Support Forums)

Members: 0

Guests: 176

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits