6
:o) He Lolo,
c'est si dangereux parce-que n'importe quel neuneu sait ou commencer à attaquer: admin.php
Je mets 5 minutes à le trouver, 7h de recuperer ton mot de pass et ton adminnick avec une brutforce attaque, ensuite on te ridiculise devant ton client en te foutent ce genre d'index ( voir DIGITATTACKS sur www.zone-h.com ) :o)
Mais t'inquiete pas ... C'est pas une faille de securité , n'est pas ?
Sorry Skalpa but I tell to Lolo why the name of Admin.php is an danger. Because EVERYONE KNOW his name is ADMIN.PHP , so everyone know find him on a server. Only tape
http://www.yourdomaine.com/admin.php <= OH I find :o) so I make a brut force attak against this page and I have 50 % chances to got the pass. ... After this everybody can put an index.html and OWNZ your to digits attacks on www.zone-h.com
You know, many of our clients use yours XOOPS and it's a fine systeme ( I like it ) but many of our client DO NOT KNOW SECURE heir Website or SQL data ...
Thanks anytime for readin and help
PS : I ask my boss for details of attacks and bring your the information soon ;o)