XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. General XOOPS.org forums / 
  3. XOOPS.org Members Lounge 
  4.  / Aston Themes Hacked ?
Register
21
jdseymour
Re: Aston Themes Hacked ?

Just before the latest security updates, my protector logged around 20 xmlrpc attempts. So apparently the hole is well known.
22
JMorris
Re: Aston Themes Hacked ?

  • 2005/7/12 0:16

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


Quote:
This is some scary stuff


To an extent, I agree. However, if the proper security measures are taken, and site Admins update their sites regularly, incedents like this can be avoided, for the most part. After all, nothing is 100% secure.

What was the issue of sending the XOOPS membership security announcements through email? It would seem like you could just copy the news article into the email. You have to choose whether to "opt-in" to occassional emailings, so nobody can cry spam.

Just curious.

JMorris
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.
23
JimLunsford
Re: Aston Themes Hacked ?

Why isn't protector or something like it in the core?
24
Mithrandir
Re: Aston Themes Hacked ?

Quote:
What was the issue of sending the XOOPS membership security announcements through email

Except for the fact that sending 20000 emails is a bit beyond what the XOOPS core mailing can handle?
It is purely a practical problem, not because we don't want to.

Quote:
Why isn't protector or something like it in the core?

We have taken the bits and pieces, we feel are necessary to ensure adequate protection. However, we don't feel that all input should be checked as if it was insecure. We don't feel that we should add 4-6 queries per page load. Basically we feel that the Protector approach is paranoid. Not in a purely negative way (paranoia is accepted, when it comes to security) but it simply adds too much processing and it is not necessary, if the code is secure enough.

We will rather secure the code than add processing to secure and insecure code alike. And we can do that because we have the community that informs us and helps us fix security problems.
"When you can flatten entire cities at a whim, a tendency towards quiet reflection and seeing-things-from-the-other-fellow's-point-of-view is seldom necessary."

Cusix Software
25
zeroram
Re: Aston Themes Hacked ?

  • 2005/7/12 7:27

  • zeroram

  • Friend of XOOPS

  • Posts: 326

  • Since: 2004/6/30


Hacked or Not, the guys who did this, are not that clever either...

they actually linked the image from their own website...

http://www.southeastweb.com/fc/


if aston see this post and want to complain.. just do a tracer t to that domain and see who is hosting their site..
26
JMorris
Re: Aston Themes Hacked ?

  • 2005/7/12 10:50

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


Quote:
Except for the fact that sending 20000 emails is a bit beyond what the XOOPS core mailing can handle?
It is purely a practical problem, not because we don't want to.


Good point. Thanks for the clarification.
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.
27
phppp
Re: Aston Themes Hacked ?

  • 2005/7/12 11:21

  • phppp

  • XOOPS Contributor

  • Posts: 2857

  • Since: 2004/1/25


Quote:

zeroram wrote:
Hacked or Not, the guys who did this, are not that clever either...

they actually linked the image from their own website...

http://www.southeastweb.com/fc/


if aston see this post and want to complain.. just do a tracer t to that domain and see who is hosting their site..



Sorry, as I said above, astonthemes is "closed" not "hacked".

Paul, the aston theme creator, just came back online making some update.
28
davidl2
Re: Aston Themes Hacked ?

  • 2005/7/12 12:10

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Quote:

JimLunsford wrote:
"That post was written by someone else then Aston himself, my guess is that it has something to do with that."

That post was from either phppp or davidl2 so it has nothing to do with it.


Sorry... what was I supposed to have posted?
29
JimLunsford
Re: Aston Themes Hacked ?

It was the last news post on the aston themes site. It was phpp not you.
30
Jan304
Re: Aston Themes Hacked ?

  • 2005/7/12 16:22

  • Jan304

  • Official Support Member

  • Posts: 520

  • Since: 2002/3/31


Quote:

Mithrandir wrote:
Except for the fact that sending 20000 emails is a bit beyond what the XOOPS core mailing can handle?

It is purely a practical problem, not because we don't want to.


It is true that the XOOPS mailingsystem is unable to handle such a great a amount of e-mails (something that _should_ be fixed, invisionboard is able to do something like that, using the bcc field) but other e-mail management software is able to manage such amount of e-mails (qmail?).

As I remember last e-mail to all members, it was done through a seperated e-mail system, were the members were added to, can't this be done again?
Oracle: I'd ask you to sit down, but, you're not going to anyway. And don't worry about the vase.
Neo: What vase?
[Neo turns to look for a vase, and as he does, he knocks over a vase of flowers, which shatters on the floor.]
Oracle: That vase.
Neo:...
« 1 2 (3) 4 5 »

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

201 user(s) are online (121 user(s) are browsing Support Forums)

Members: 0

Guests: 201

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits