eMoneySpace
Welcome, Guest. Please login or register.
Did you miss your activation email?
News: Welcome to eMoneySpace! Jan 28, 2023 02:50 pm




Aurora hack vulnberabilities.
Print
Author Topic: Aurora hack vulnberabilities.  (Read 18918 times)
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #45: Aug 18, 2010 03:21 pm

The more I read on this topic elsewhere and here I do not think there is a single script that is totally secure. Now that is sad! If more energy was put into securing the Aurora's it would make me very happy!
Logged

Someone is always out there watching you........
clickinator
Reputation: (+8)
*

Offline

Posts: 1377
Referrals: 0


View Profile WWW
Reply #46: Aug 18, 2010 03:38 pm

True there is not any script 100% secure even gmail gets hacked.

Logged

maderitescripts

Reputation: (+22)
*

Offline

Posts: 1589
Referrals: 4


NO Lounging

View Profile
Reply #47: Aug 18, 2010 07:33 pm

there were several loopholes in seamless clickinator it had alot of bug fixes but not alot of security fixes..
Logged



    War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself.  (John Stuart Mill)
clickinator
Reputation: (+8)
*

Offline

Posts: 1377
Referrals: 0


View Profile WWW
Reply #48: Aug 19, 2010 12:31 am

There are three different aurora security holes that allow full access not only to your script, but to your whole server. Hackers can simply query your script for full database access, and a simple htaccess trick combined with an admin vulnerability will give them root access.

Currently I am a bit busy patching up some friend's sites. Once this is done I will post a patch for everyone else. I've left a few tips below.

1. If you're on a shared host you have a higher chance of getting hacked. It's much easier to get root access.

2. Make sure you have the following settings on your server, otherwise it's much easier:
Safe_mode= on
safe_mode_gid = Off
open_basedir = directory[:...]
safe_mode_exec_dir = directory[:...]
expose_php = Off
register_globals = Off
display_errors = Off
log_errors = On
error_log = filename



Thought I let you know safe mode on is a security risk safe mode should be off
Logged

ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #49: Aug 19, 2010 07:03 am

Thought I let you know safe mode on is a security risk safe mode should be off

No it's not. You can't lose security by using safe mode, worst case scenario is that you're using a PHP version later than 5.3.0 and safe mode is deprecated.
Logged
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #50: Aug 19, 2010 07:43 am

There has to be more to this than is being stated. I know for a fact John is all about security and for you to say his is worse than JT's is absurd. I will continue reading this thread just to see how far it does go.....way too much BS going on now.  I have read until I have given myself a migraine, I will not sit by and be a part of this since you pretty much stated John's security is worse than JT's. I have scripts from both this is BS at it's finest when you state such nonsense about the MRV's and that is all I will say about it for now.
Logged

Someone is always out there watching you........
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #51: Aug 19, 2010 08:08 am

There has to be more to this than is being stated. I know for a fact John is all about security and for you to say his is worse than JT's is absurd. I will continue reading this thread just to see how far it does go.....way too much BS going on now.  I have read until I have given myself a migraine, I will not sit by and be a part of this since you pretty much stated John's security is worse than JT's. I have scripts from both this is BS at it's finest when you state such nonsense about the MRV's and that is all I will say about it for now.

What are you even talking about now? We already discussed that and no more has been posted about it since your last response. We're discussing something completely different.
Logged
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #52: Aug 19, 2010 08:13 am

In a nutshell........I do my research and it takes time.
It took me time to go through several scripts and have someone else that is much more knowledgeable than I am come in and assist with questions I had about both the MRV and SDR's. 

In between I read your responses......so is your intent to sell your script?

Logged

Someone is always out there watching you........
757jterrell
Reputation: (+29)
*

Offline

Gender: Male
Posts: 967
Referrals: 0


Get a site from the OWNERS of the script!!!

View Profile WWW
Reply #53: Aug 19, 2010 09:13 am

In a nutshell........I do my research and it takes time.
It took me time to go through several scripts and have someone else that is much more knowledgeable than I am come in and assist with questions I had about both the MRV and SDR's. 

You don't own a recent version of our script, come one you are doing damage control for parks. You, jj and advibes are parks main cheerleaders hear, you are not fooling anyone.
« Last Edit: Aug 19, 2010 09:15 am by 757jterrell » Logged

oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #54: Aug 19, 2010 09:38 am

You don't own a recent version of our script, come one you are doing damage control for parks. You, jj and advibes are parks main cheerleaders hear, you are not fooling anyone.

No JT I sure don't own the newest version the others are not online YET.  Neither do all of your other clients.  I have not even talked to John in more than a week, I do not talk to him regularly any more than I speak to you on a regular basis.  I call it as I see it and I can't help but wonder why you are falling for some of this.

BTW -  I can hear just fine when listening to something however in HERE and everywhere else I am still me and I do not fall for the garbage.....I do my research, I think a few others should too, unless you like spending money for nothing but that is up to you and them. 

I would love to find something in a positive light, and no I am not rendering damage control I am finding the truth.  Don't classify me, you should know better than that by now!  What JJ my partner and any others do is on them, NOT me.  I also see what your cheerleaders boast about with their free scripts, it funnels down eventually so I cannot take you serious calling others names when you yourself are the most guilty.  Have a great day!   
Logged

Someone is always out there watching you........
757jterrell
Reputation: (+29)
*

Offline

Gender: Male
Posts: 967
Referrals: 0


Get a site from the OWNERS of the script!!!

View Profile WWW
Reply #55: Aug 19, 2010 09:43 am

If you did your research you would then realize that we have actually done a lot on security, we actually do more than just talk about security at sdr. 
Logged

oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #56: Aug 19, 2010 09:51 am

If you did your research you would then realize that we have actually done a lot on security, we actually do more than just talk about security at sdr. 

Ahhh but not all of your clients own the newest version, and for some of us it is ridiculous to upgrade all of the time in this instance it is better to wait until the newest is tried and true and found to be effective before spending even more.  The one's I have I found to be less than effective, remember in chat I love to dissect just as you do, especially to find files that do not exist in one instance in particular.....so I did not want to spend more to upgrade for better security.  So the SDR's sit and I buy the newer MRV's as they come out and I see something worthwhile to make me spend my money on. Roll Eyes 
Logged

Someone is always out there watching you........
757jterrell
Reputation: (+29)
*

Offline

Gender: Male
Posts: 967
Referrals: 0


Get a site from the OWNERS of the script!!!

View Profile WWW
Reply #57: Aug 19, 2010 09:56 am

true, but that is why unlike other companies we offer our clients upgrades to the newest script for only $10, so that they can afford to upgrade and get better security and features.
Logged

oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #58: Aug 19, 2010 10:03 am

true, but that is why unlike other companies we offer our clients upgrades to the newest script for only $10, so that they can afford to upgrade and get better security and features.

Good advertisement JT I waited to see if you would!  big grin   
Do some research like I have.  Someone has a vested interest in this in my opinion, it will scare others to buy his script.....instead of the Aurora's whether it is yours or Johns or Joe Blows Aurora version...... 

Is this really a security issue for that matter at this point in time with all of the hack jobs going on?  Giving YOU something to think about JT.  I have done my research, I hope you will do some too.  You better than some others know how I love to get to the bottom of things. 
Logged

Someone is always out there watching you........
757jterrell
Reputation: (+29)
*

Offline

Gender: Male
Posts: 967
Referrals: 0


Get a site from the OWNERS of the script!!!

View Profile WWW
Reply #59: Aug 19, 2010 12:21 pm

Oldie, I have done a lot of research on the recent hacks and  most of them are on vps that do not have the proper security controls set up.  However, I did not start this thread; it was started by someone who has no interest in either maderite or sdr. Nor, have I said anything about any script other than mine.

But we would not expect anything less for a maderite cheerleader other than to try and confuse the issue of this topic.

However, all aurora owners can take these immediate steps to remove a few of the holes in their scripts, its already been done in the sdr series.

http://auroraadmintraining.info/index.php/topic,152.0.html

And they can take this step as a way to lock their settings:

http://auroraadmintraining.info/index.php/topic,153.0.html

Please enjoy your day.
« Last Edit: Aug 19, 2010 12:39 pm by 757jterrell » Logged

Print
 
Jump to:  
Copyright © 2008-2023 eMoneySpace. All rights reserved.