PHPfanbase security fix

Mura · **on:** May 01, 2006, 09:07:47 PM

There's a new security fix available for users of PHPfanbase. See the post at TFL and the announcement at CodeGrrl for more information. :/

EDIT:
This fixes issues that had not been found (and therefore were not dealt with) in the fix that was posted late last year.

Syaokura · **Reply #1 on:** May 01, 2006, 10:13:11 PM

The join forms have been acting wonky as of late. Thanks to the security fix, they're working again.

Thanks for posting this, Mura! :/

Mitzrael · **Reply #2 on:** May 02, 2006, 12:00:16 AM

good, I updated my remaining PHPFB listings still not converted ^^;; and my hostees' too.
thanks Mura :flower:

Loika · ~**Loika** | 3:33AM | LiveJournal

Thanks for the heads up! *will be doing some re-uploading soon*

Estefania · **Reply #4 on:** May 02, 2006, 05:30:31 AM

Thanks for posting this~

2 out of 25 done ^^;;

Ruki · **Reply #5 on:** May 13, 2006, 02:28:48 PM

Thanks!!

Neon · **Reply #6 on:** June 08, 2006, 07:54:22 PM

I don't know if it belongs here, but I thought I'd post this. Several of my hostees use PHPFanbase, but even with a slight fix (that I don't know if it worked) there where problems. If your hosted on Surpass, please be avise that they're no longing allow PHPFanbase and probably other codegrrl scripts. As I said in Downtime & Hosting Trouble, here is what I was told because of Beautiful-beast.net suspension.

Quote

Kellie,

There were multiple installs of a codegrrl script located on this account. Due to the insecurities of this script, it is no longer allowed to be hosted on our network.

---
http://secunia.com/advisories/17542/
---

Because of this script, IRC bots and php shells were uploaded to your account. I have removed as many of the files as I can, however there could be more left on the account. In order for us to unsuspend your account we need to you to agree to the following:

1) Remove all install of the codegrrl script
2) Look over folders for any suspicious files

If you agree to the above, I will unsuspend your account, and then check your account to ensure that everything is currently secure. Also, what other scripts (and versions please) do you run on your account? This will allow me to audit your account for security and secure both the server and your data remain protected.

I will be awaiting your reply.

Regards,
-Ray F.

Surpass Hosting Abuse/Security Team

I thought I'd let everyone know.

Loika · ~**Loika** | 3:33AM | LiveJournal

Thanks for the heads up, Neon. I guess this is a sign that I will be converting to Enth in the very near future. >_>

Hikoto · **Reply #8 on:** June 23, 2006, 10:34:45 AM

Hmm...Personally I still like the feel that Fanbase gives. (Members List/Admin CP wise) So I guess I'll just have to pray really hard for a new release!