eMoneySpace
Welcome, Guest. Please login or register.
Did you miss your activation email?
News: Earn your money online safely here at eMoneySpace. Jun 28, 2022 03:16 AM




Aurora hack vulnberabilities.
Print
Author Topic: Aurora hack vulnberabilities.  (Read 18310 times)
757jterrell
Reputation: (+29)
*

Offline

Gender: Male
Posts: 967
Referrals: 0


Get a site from the OWNERS of the script!!!

View Profile WWW
Reply #15: Aug 15, 2010 05:37 PM

If you have a hole, the only way to fix it is to patch it.

Which is what ptcpay is trying to do right  now, give the guy a chance to do what he is doing.
Logged

ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #16: Aug 15, 2010 05:42 PM

SDR is a better script than MRV. It has 6 less security holes actually. jterrell already has 3 major holes patched, all that is left are a couple of obscure ones on his script. If you use MRV, sorry but I can't help you, too much work to do.
Logged
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #17: Aug 15, 2010 05:43 PM

These sites that are being hit lately are they SDR Scripts or MRV's?  Or even Steven?  
Logged

Someone is always out there watching you........
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #18: Aug 15, 2010 05:53 PM

These sites that are being hit lately are they SDR Scripts or MRV's?  Or even Steven?  

All the sites can be hacked because the base of them is old and has the vulnerabilities. MRV has its own vulnerabilities made from even more insure coding built on insecure code. Scary really.
Logged
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #19: Aug 15, 2010 05:58 PM

Thanks for the info...I was aware of some back doors so to speak so I am only running the MRV's 3, 4 and 5 currently.  Makes me want to change to another script altogether that is secure.  Sad
Logged

Someone is always out there watching you........
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #20: Aug 15, 2010 06:00 PM

All the sites can be hacked because the base of them is old and has the vulnerabilities. MRV has its own vulnerabilities made from even more insecure coding built on insecure code. Scary really.
Logged
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #21: Aug 15, 2010 06:14 PM

Yea I read it the first time, I doubt in my lifetime there will be a totally secure site of any kind available to the public unless it goes back to old pricing to do the job correctly like hundreds of dollars. 

Too bad the base sites were not fixed before being built on in some cases.  So far so good no one has changed anything by way of credits or anything else for that matter on any of mine, I guess someone will now though or hack away.....hope I can get into my cpanel to do full backups later tonight, I have not touched it since the move to another server the other day again in recent weeks...I hope this one fixes the problems.  Wink   
Logged

Someone is always out there watching you........
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #22: Aug 15, 2010 06:19 PM

Sorry, I didn't mean to quote myself. I looked 3 times wondering how it happened xD. I'm sure jterell will provide nice patches.
Logged
maderitescripts

Reputation: (+22)
*

Offline

Posts: 1589
Referrals: 4


NO Lounging

View Profile
Reply #23: Aug 15, 2010 06:35 PM

well ptcpay nice promoting your script  and trying to make aurora look bad yet again but lets be honest gen4 is also succeptable to xss attack as well as aurora and if most would search through the forum they would find the coding i posted to help against xss attack given to me by uber which was also included in mrv5 default installs also mrv5 has a secondary admin acess password so just setting someone to permission 7 wont let them into admin either about all they can do is see the admin page but when click to do something takes them right back to the splash page.
I do agree on one thing you said people using cheap shared hosting and vps without any idea what theyre doing leave themselves wide open for xss and drop shells but also people running gen 4 on same run the same chance sorry not knockin ya but it is the truth..

Now with the new maderitegpt coming out well that may be an entire different story than aurora ......
Logged



    War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself.  (John Stuart Mill)
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #24: Aug 15, 2010 06:38 PM

Find me one GeN4 licensed site that got completely hacked like what is happening to aurora sites and you win. You can't, because it's impossible. It's not susceptible to XSS and whoever told you that lied.
Logged
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #25: Aug 15, 2010 06:41 PM

Well as I stated the only sites we have online are the MRV's that is our preference! I will stand on that and the years of experience that backs them as opposed to the other for now although I do have some of those too we do prefer what we prefer to use. Now play nice!  There are glitches in all scripts!!!   
Logged

Someone is always out there watching you........
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #26: Aug 15, 2010 06:42 PM

I am playing nice Smiley. I stated facts of course. The admins need to know what's up with their scripts.
Logged
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #27: Aug 15, 2010 06:45 PM

And we thank you for that, it just seems odd coming from you!  Not meant in an snotty way! 
If there are issues I have received notices many times directly from John in the past and the
fix or he does them asap.  Which is why I am where I am on my feelings and the scripts, he
does stand behind what he sells.   Wink
Logged

Someone is always out there watching you........
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #28: Aug 15, 2010 06:48 PM

Maybe so but this isn't only him. All the aurora scripts have it, his have some extra tamper data stuff.
Logged
maderitescripts

Reputation: (+22)
*

Offline

Posts: 1589
Referrals: 4


NO Lounging

View Profile
Reply #29: Aug 15, 2010 07:18 PM

Maybe so but this isn't only him. All the aurora scripts have it, his have some extra tamper data stuff.

you are correct on that as well but osme think just cause they do compare php they can find all the fixes i did but thats not always true lol but i do actually take securitry to heart i may miss a few things but eventually they are pointed out and fixed..

Its also part of the reason e went to have all final product coded by one person to ensure quality product .

and also hamza i will get with you tonight or tomorrow and personally show u a loop in gen4 that i personally found but in all actuality its not as much the script as it is the hosting server the script is on .....
i will give you that the script is tight but nothing in this world is perfect a perfect script doesnt exist never has never will. too many variables going on....
Logged



    War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself.  (John Stuart Mill)
Print
 
Jump to:  
Copyright © 2008-2022 eMoneySpace. All rights reserved.