The AnimeFanlistings Network Message Board

Fanlisting Management => Fanlistings Chit-Chat => Topic started by: Mura on May 01, 2006, 09:07:47 PM

Title: PHPfanbase security fix
Post by: Mura on May 01, 2006, 09:07:47 PM

There's a new security fix available for users of PHPfanbase. See the post at TFL (http://\"http://board.thefanlistings.org/index.php?showtopic=55378&st=0\") and the announcement at CodeGrrl (http://\"http://www.codegrrl.com/forums/index.php?showtopic=12851\") for more information. :/

EDIT:
This fixes issues that had not been found (and therefore were not dealt with) in the fix that was posted late last year.

Title: PHPfanbase security fix
Post by: Syaokura on May 01, 2006, 10:13:11 PM

The join forms have been acting wonky as of late. Thanks to the security fix, they're working again.

Thanks for posting this, Mura! :/

Title: PHPfanbase security fix
Post by: Mitzrael on May 02, 2006, 12:00:16 AM

good, I updated my remaining PHPFB listings still not converted ^^;; and my hostees' too.
thanks Mura  :flower:

Title: PHPfanbase security fix
Post by: Loika on May 02, 2006, 03:27:21 AM

Thanks for the heads up! *will be doing some re-uploading soon*

Title: PHPfanbase security fix
Post by: Estefania on May 02, 2006, 05:30:31 AM

Thanks for posting this~

2 out of 25 done ^^;;

Title: PHPfanbase security fix
Post by: Ruki on May 13, 2006, 02:28:48 PM

Thanks!!

Title: PHPfanbase security fix
Post by: Neon on June 08, 2006, 07:54:22 PM

I don't know if it belongs here, but I thought I'd post this.  Several of my hostees use PHPFanbase, but even with a slight fix (that I don't know if it worked) there where problems.  If your hosted on Surpass, please be avise that they're no longing allow PHPFanbase and probably other codegrrl scripts.  As I said in Downtime & Hosting Trouble, here is what I was told because of Beautiful-beast.net suspension.

Quote

Kellie,

There were multiple installs of a codegrrl script located on this account. Due to the insecurities of this script, it is no longer allowed to be hosted on our network.

---
http://secunia.com/advisories/17542/ (http://\"http://secunia.com/advisories/17542/\")
---

Because of this script, IRC bots and php shells were uploaded to your account. I have removed as many of the files as I can, however there could be more left on the account. In order for us to unsuspend your account we need to you to agree to the following:

1) Remove all install of the codegrrl script
2) Look over folders for any suspicious files

If you agree to the above, I will unsuspend your account, and then check your account to ensure that everything is currently secure. Also, what other scripts (and versions please) do you run on your account? This will allow me to audit your account for security and secure both the server and your data remain protected.

I will be awaiting your reply.

Regards,
-Ray F.

Surpass Hosting Abuse/Security Team

I thought I'd let everyone know.

Title: PHPfanbase security fix
Post by: Loika on June 09, 2006, 03:57:51 AM

Thanks for the heads up, Neon. I guess this is a sign that I will be converting to Enth in the very near future. >_>

Title: PHPfanbase security fix
Post by: Hikoto on June 23, 2006, 10:34:45 AM

Hmm...Personally I still like the feel that Fanbase gives. (Members List/Admin CP wise) So I guess I'll just have to pray really hard for a new release! :D