|
|
Rank: YAF Head Dude
Joined: 10/10/2004
Posts: 2,737
Location: Honolulu, HI
|
YAF v1.9.1 FINAL (Dated 9/1/2007)This version is no longer available for download. "Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin 
|
|
|
Rank: YAF Forumling
Joined: 9/5/2007
Posts: 7
Location: Tübingen, Germany
|
you forgot Intelligencia.UrlRewriter.dll in the BIN distribution ...
|
|
|
Rank: YAF Head Dude
Joined: 10/10/2004
Posts: 2,737
Location: Honolulu, HI
|
Oops! I'll fix that immediately. "Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
|
|
|
Rank: YAF Head Dude
Joined: 10/10/2004
Posts: 2,737
Location: Honolulu, HI
|
Please download again as the .dll is in the distribution now. "Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
|
|
|
Rank: YAF Head Dude
Joined: 10/10/2004
Posts: 2,737
Location: Honolulu, HI
|
Distributions have been updated with new UrlRewriter.config files to fix the issue with moderated forums. "Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
|
|
|
Rank: YAF Camper
Joined: 8/8/2006
Posts: 16
|
You might want to address the fact that netdevilz.org have hacked forum.yetanotherforum.net, and are currently spamming all members... so much for "Stable and secure enough for a production environment" 
|
|
|
Rank: YAF Lover
Joined: 2/13/2006
Posts: 44
Location: Romania
|
there is a meta tag : <META HTTP-EQUIV="Refresh" CONTENT="0; url=http://netdevilz.org/yet.html">. I think there is missing a check for meta tags.
|
|
|
Rank: YAF Developer
Joined: 1/8/2007
Posts: 1,077
Location: Heart of Europe
|
Quote:so much for "Stable and secure enough for a production environment" It's too early to judge. There are few possibilities how this happen - one is bug in YAF, another is stolen/broken identity. My guess it the second. When I post FP:Ederon in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting.
|
|
|
Rank: YAF Camper
Joined: 8/8/2006
Posts: 16
|
Ederon wrote:It's too early to judge. There are few possibilities how this happen - one is bug in YAF, another is stolen/broken identity. My guess it the second. So they stole the main admin account? They must have to fit your theory, since the forums have been renamed as well...
|
|
|
Rank: YAF Head Dude
Joined: 10/10/2004
Posts: 2,737
Location: Honolulu, HI
|
I've evaluated the logs. They weren't really trying to be sneaky or anything. They didn't change my password or reset admin account. Still investigating. "Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
|
|
|
Rank: YAF Head Dude
Joined: 10/10/2004
Posts: 2,737
Location: Honolulu, HI
|
Remember folks: account passwords are hashed. I looked at their access and they only went to the admin_mail section (that's why everyone got e-mails) and modified the one forum ("lol"  . They didn't get e-mail addresses or usernames. That wasn't their goal: They were just here to demonstrate that they hacked the site. Of course, admin passwords have been changed. "Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
|
|
|
Rank: Member
Joined: 4/13/2007
Posts: 10
Location: Moldova
|
Can that happen with any other YAF.NET forum? Hooter girls dig me!
|
|
|
Rank: YAF Developer
Joined: 1/8/2007
Posts: 1,077
Location: Heart of Europe
|
Exiton wrote:Can that happen with any other YAF.NET forum? Yes, as long as you leave out of box machine key setting in web.config as it is. You should always generate your own, so hackers (or any potential attackers) does not have key to your secret chambers. When I post FP:Ederon in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting.
|
|
|
Rank: YAF Head Dude
Joined: 10/10/2004
Posts: 2,737
Location: Honolulu, HI
|
Exiton wrote:Can that happen with any other YAF.NET forum? Please download and install v1.9.1.1. It fixes a few different security issues. "Honesty may be the best policy, but it’s important to remember that apparently, by elimination, dishonesty is the second-best policy." -- George Carlin
|
|
|
Rank: Member
Joined: 4/13/2007
Posts: 10
Location: Moldova
|
Upgraded. Thank you. Hooter girls dig me!
|
|
|
| Users browsing this topic |
|
Guest
|