next »

[oldie]

The more I read on this topic elsewhere and here I do not think there is a single script that is totally secure. Now that is sad! If more energy was put into securing the Aurora's it would make me very happy!

[clickinator]

True there is not any script 100% secure even gmail gets hacked.

[maderitescripts]

there were several loopholes in seamless clickinator it had alot of bug fixes but not alot of security fixes..

[clickinator]

There are three different aurora security holes that allow full access not only to your script, but to your whole server. Hackers can simply query your script for full database access, and a simple htaccess trick combined with an admin vulnerability will give them root access.

Currently I am a bit busy patching up some friend's sites. Once this is done I will post a patch for everyone else. I've left a few tips below.

1. If you're on a shared host you have a higher chance of getting hacked. It's much easier to get root access.

2. Make sure you have the following settings on your server, otherwise it's much easier:
Safe_mode= on
safe_mode_gid = Off
open_basedir = directory[:...]
safe_mode_exec_dir = directory[:...]
expose_php = Off
register_globals = Off
display_errors = Off
log_errors = On
error_log = filename

Thought I let you know safe mode on is a security risk safe mode should be off

[ptcpay]

Thought I let you know safe mode on is a security risk safe mode should be off

No it's not. You can't lose security by using safe mode, worst case scenario is that you're using a PHP version later than 5.3.0 and safe mode is deprecated.

[oldie]

There has to be more to this than is being stated. I know for a fact John is all about security and for you to say his is worse than JT's is absurd. I will continue reading this thread just to see how far it does go.....way too much BS going on now.  I have read until I have given myself a migraine, I will not sit by and be a part of this since you pretty much stated John's security is worse than JT's. I have scripts from both this is BS at it's finest when you state such nonsense about the MRV's and that is all I will say about it for now.

[ptcpay]

There has to be more to this than is being stated. I know for a fact John is all about security and for you to say his is worse than JT's is absurd. I will continue reading this thread just to see how far it does go.....way too much BS going on now.  I have read until I have given myself a migraine, I will not sit by and be a part of this since you pretty much stated John's security is worse than JT's. I have scripts from both this is BS at it's finest when you state such nonsense about the MRV's and that is all I will say about it for now.

What are you even talking about now? We already discussed that and no more has been posted about it since your last response. We're discussing something completely different.

[oldie]

In a nutshell........I do my research and it takes time.
It took me time to go through several scripts and have someone else that is much more knowledgeable than I am come in and assist with questions I had about both the MRV and SDR's. 

In between I read your responses......so is your intent to sell your script?

[757jterrell]

In a nutshell........I do my research and it takes time.
It took me time to go through several scripts and have someone else that is much more knowledgeable than I am come in and assist with questions I had about both the MRV and SDR's. 

You don't own a recent version of our script, come one you are doing damage control for parks. You, jj and advibes are parks main cheerleaders hear, you are not fooling anyone.

[oldie]

You don't own a recent version of our script, come one you are doing damage control for parks. You, jj and advibes are parks main cheerleaders hear, you are not fooling anyone.

No JT I sure don't own the newest version the others are not online YET.  Neither do all of your other clients.  I have not even talked to John in more than a week, I do not talk to him regularly any more than I speak to you on a regular basis.  I call it as I see it and I can't help but wonder why you are falling for some of this.

BTW -  I can hear just fine when listening to something however in HERE and everywhere else I am still me and I do not fall for the garbage.....I do my research, I think a few others should too, unless you like spending money for nothing but that is up to you and them. 

I would love to find something in a positive light, and no I am not rendering damage control I am finding the truth.  Don't classify me, you should know better than that by now!  What JJ my partner and any others do is on them, NOT me.  I also see what your cheerleaders boast about with their free scripts, it funnels down eventually so I cannot take you serious calling others names when you yourself are the most guilty.  Have a great day!   

[757jterrell]

If you did your research you would then realize that we have actually done a lot on security, we actually do more than just talk about security at sdr. 

[oldie]

If you did your research you would then realize that we have actually done a lot on security, we actually do more than just talk about security at sdr. 

Ahhh but not all of your clients own the newest version, and for some of us it is ridiculous to upgrade all of the time in this instance it is better to wait until the newest is tried and true and found to be effective before spending even more.  The one's I have I found to be less than effective, remember in chat I love to dissect just as you do, especially to find files that do not exist in one instance in particular.....so I did not want to spend more to upgrade for better security.  So the SDR's sit and I buy the newer MRV's as they come out and I see something worthwhile to make me spend my money on.  

[757jterrell]

true, but that is why unlike other companies we offer our clients upgrades to the newest script for only $10, so that they can afford to upgrade and get better security and features.

[oldie]

true, but that is why unlike other companies we offer our clients upgrades to the newest script for only $10, so that they can afford to upgrade and get better security and features.

Good advertisement JT I waited to see if you would!     
Do some research like I have.  Someone has a vested interest in this in my opinion, it will scare others to buy his script.....instead of the Aurora's whether it is yours or Johns or Joe Blows Aurora version...... 

Is this really a security issue for that matter at this point in time with all of the hack jobs going on?  Giving YOU something to think about JT.  I have done my research, I hope you will do some too.  You better than some others know how I love to get to the bottom of things. 

[757jterrell]

Oldie, I have done a lot of research on the recent hacks and  most of them are on vps that do not have the proper security controls set up.  However, I did not start this thread; it was started by someone who has no interest in either maderite or sdr. Nor, have I said anything about any script other than mine.

But we would not expect anything less for a maderite cheerleader other than to try and confuse the issue of this topic.

However, all aurora owners can take these immediate steps to remove a few of the holes in their scripts, its already been done in the sdr series.

http://auroraadmintraining.info/index.php/topic,152.0.html

And they can take this step as a way to lock their settings:

http://auroraadmintraining.info/index.php/topic,153.0.html

Please enjoy your day.