I emailed you and everyone else in early 2006 informing you that it was absolutely critical to upgrade to 3.3.21+ or you would be hacked. You refused to upgrade, so of course you got hacked. Probably many times, only noticed now.
I know you don't care much about your site, since you didn't think it worth putting a few hours a year into it, but on a shared web host you have a responsibility to the others hosted on the same server -- who will have their email blocked because of spam from your hacker, for example.
I actually do care about my site I have designed my templates to what i wanted them to be and new features became far more advanced then what I needed, I was happy with my directory until this incident.
I did miss the warning email, and do not think that passing judgment is the right reaction.
Is there any way I can correct the security hole without upgrading?
Just as you need to know traffic rules to drive, you need to know decent security practices to use software. The most fundamental security practice which applies to all software is that you keep it reasonably up to date.
Template updates are fairly simple since 4.1.0, but nothing can change the past.
Comments on security issue
Forum Regular
Usergroup: Customer
Joined: Feb 19, 2003
Total Topics: 23
Total Comments: 106
Hi Everyone,
was away from version 3.12 (did not want to edit templates...)
well my host shit down the directory claiming that:
hacker was able to carry a network attack through wsnlinks scripts.
any idea what could be the hole?
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
I emailed you and everyone else in early 2006 informing you that it was absolutely critical to upgrade to 3.3.21+ or you would be hacked. You refused to upgrade, so of course you got hacked. Probably many times, only noticed now.
I know you don't care much about your site, since you didn't think it worth putting a few hours a year into it, but on a shared web host you have a responsibility to the others hosted on the same server -- who will have their email blocked because of spam from your hacker, for example.
Forum Regular
Usergroup: Customer
Joined: Feb 19, 2003
Total Topics: 23
Total Comments: 106
Nice to hear from you Paul.
I actually do care about my site I have designed my templates to what i wanted them to be and new features became far more advanced then what I needed, I was happy with my directory until this incident.
I did miss the warning email, and do not think that passing judgment is the right reaction.
Is there any way I can correct the security hole without upgrading?
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
No. I don't even keep copies that old.
Just as you need to know traffic rules to drive, you need to know decent security practices to use software. The most fundamental security practice which applies to all software is that you keep it reasonably up to date.
Template updates are fairly simple since 4.1.0, but nothing can change the past.
Forum Regular
Usergroup: Customer
Joined: Feb 19, 2003
Total Topics: 23
Total Comments: 106
got it pgrading... tnx