eMoneySpace
Welcome, Guest. Please login or register.
Did you miss your activation email?
News: Earn your money online safely here at eMoneySpace. Feb 05, 2023 11:43 am




Aurora hack vulnberabilities.
Print
Author Topic: Aurora hack vulnberabilities.  (Read 18933 times)
Advibes
Reputation: (0)
*

Offline

Posts: 217
Referrals: 0

If it ain't broke don't fix it

View Profile WWW
Reply #60: Aug 19, 2010 12:41 pm

You did not do enough research, and the recent hacks give me a break we have checked on every aspect possible don't worry they are not out after your script or any other, they are vindictive fools trying to cause problems for others and having some fun.   

Do you have a vendetta or something because some prefer the other script? Tell me what you have done to improve security on the Basic since I ordered the 2 of them when you first posted them and they are just sitting there and maybe I will throw a design on at least one of them and run it since a friend of mine showed me first thing how he could add credits to it without my knowledge. We all have our ways of checking things but I cant afford that type of error to be online, it would be me paying the members not you. I am sorry that you seem to think it is ok to sell something like that to the public. 

I am not a cheerleader I like what I like just like Oldie does (AJ) the MRV3 are not that way and never have been. I call that a security issue. When we feel secure we would be happy to put one online or the SDR1.1 we have that I ordered from you and paid for. 

Have a nice day from a NON Cheerleader for any company, just an informed consumer that likes what he likes.     
Logged

All of our scripts come from: http://www.maderitescripts.com  Come and visit: http://advibes.info  http://tinkerbellptc.info  http://cashventureptc.info  Hosted at: http://www.maderitehosting.com not one missing site to date!
757jterrell
Reputation: (+29)
*

Offline

Gender: Male
Posts: 967
Referrals: 0


Get a site from the OWNERS of the script!!!

View Profile WWW
Reply #61: Aug 19, 2010 12:45 pm

I am not a cheerleader

If that is what you want us to believe I guess if you say so

And discussing the steps we have taken would kinda of defeat the whole purpose now wouldnt it.  And let me see you got a script from us when we first came out, things have changed  a lot in our scripts since then.
« Last Edit: Aug 19, 2010 12:48 pm by 757jterrell » Logged

Advibes
Reputation: (0)
*

Offline

Posts: 217
Referrals: 0

If it ain't broke don't fix it

View Profile WWW
Reply #62: Aug 19, 2010 12:51 pm

If that is what you want us to believe I guess if you say so

And discussing the steps we have taken would kinda of defeat the whole purpose now wouldnt it.  And let me see you got a script from us when we first came out, things have changed  a lot in our scripts since then.

Too many $10 upgrades to put one online after reading backwards to still be informed.  It is cheaper to buy another from scratch and start over again. 
Logged

All of our scripts come from: http://www.maderitescripts.com  Come and visit: http://advibes.info  http://tinkerbellptc.info  http://cashventureptc.info  Hosted at: http://www.maderitehosting.com not one missing site to date!
Duality
Reputation: (+1)
*

Offline

Gender: Male
Posts: 390
Referrals: 0

Currently booked with boredom.

View Profile
Reply #63: Aug 19, 2010 02:57 pm

There are three different aurora security holes that allow full access not only to your script, but to your whole server. Hackers can simply query your script for full database access, and a simple htaccess trick combined with an admin vulnerability will give them root access.

Currently I am a bit busy patching up some friend's sites. Once this is done I will post a patch for everyone else. I've left a few tips below.

1. If you're on a shared host you have a higher chance of getting hacked. It's much easier to get root access.

2. Make sure you have the following settings on your server, otherwise it's much easier:
Safe_mode= on
safe_mode_gid = Off
open_basedir = directory[:...]
safe_mode_exec_dir = directory[:...]
expose_php = Off
register_globals = Off
display_errors = Off
log_errors = On
error_log = filename

If you own your own VPS or dedicated, set this through PHP settings and not .htaccess. If you're on a shared host, .htaccess is your only chance.

3. Protect all your important directories with a password. Block all IP addresses from your MySQL and cPanel except yours.


Doing the above should keep you somewhat protected as long as you're running the latest patched PHP 5 version. To be honest, aurora has the worst security I've ever seen in all my life. It takes 3 minutes to insert malware into its most important files.

This is what this topic was suppose to be about, not a mr vs. sdr battle. But since this topic has gotten out of hand, shouldn't this be locked before things get any further?
Logged

Traditional based tactics on scammers do not work. Instead of attacking when they pop out of the bushes, do the right thing. Remind them just how petty they really are. A scammer that's attacked comes back, while a scammer that's belittled stays far far away.

Help me help EMS. Send North Owl a pm, suggesting that scammers don't get banned, but get a special neon pink scammer badge!
Advibes
Reputation: (0)
*

Offline

Posts: 217
Referrals: 0

If it ain't broke don't fix it

View Profile WWW
Reply #64: Aug 19, 2010 03:04 pm

And one of the people above stated it was not correct information so maybe it should be closed until someone has their facts straight if the OP wants it closed that is.   
Logged

All of our scripts come from: http://www.maderitescripts.com  Come and visit: http://advibes.info  http://tinkerbellptc.info  http://cashventureptc.info  Hosted at: http://www.maderitehosting.com not one missing site to date!
maderitescripts

Reputation: (+22)
*

Offline

Posts: 1589
Referrals: 4


NO Lounging

View Profile
Reply #65: Aug 19, 2010 04:14 pm

i dont have cheerleaders jt i have clients and likes of one script is in the eyes of the client for you to sit and say forever that your scruipt and ours are the same now you say theyre not which is it come on dont change your mind with the wind as far as config.php settings that was known before you were even in ptc same with the settings even though theres nothing that they could get ou tof your settingts file except maybe your cron password and your paypal email which they can get off the prurchase page ref link anyways ......,

im tired of all this hooplah about security when even as you stated the sites that have been hacked were on vps and werent secured on the hosting side of things even the top notch scripts like vbiullentin ipb and others if server security is lax then they can be hacked ..

i think ptcpays whole thread is just a plug to sell his script and cause a pandemonium so people will not use aurora.

i also think he would love to see us arguing to cause even more problems

does aurora have security issues yes but no more than any other web script out there and if hamza ptcpay thinks his wonderful gen4 is so unhackable then he is dumber than he appears as any script madeis hackable sooner or later  there are two constants on the web a perfect php doesnt exist and a unhackable website doesnt exist either ... and dont even try to say thats a lie because as tite as google and microsoft are both have been hacked numerus times ...

my suggestion jt dont fall for this bs from ptcpay..
Logged



    War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself.  (John Stuart Mill)
batman
Reputation: (+4)
*

Offline

Gender: Male
Posts: 613
Referrals: 1


View Profile WWW
Reply #66: Aug 19, 2010 08:39 pm

Hackers will always hack bux sites.

Believe me, all sites are vulnerable to something. Every single one.
Logged


Beware Of PTCs!!!
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #67: Aug 19, 2010 08:43 pm

I'm sorry, but what language did you just use? I couldn't even read it without getting a very bad headache.

The parts I did understand were just excuses for not improving anything and saying, "Everyone else is also vulnerable, so I don't have to fix it either."
Logged
batman
Reputation: (+4)
*

Offline

Gender: Male
Posts: 613
Referrals: 1


View Profile WWW
Reply #68: Aug 19, 2010 08:48 pm

talking to me?
Logged


Beware Of PTCs!!!
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #69: Aug 19, 2010 08:57 pm

talking to me?

Nope.
Logged
maderitescripts

Reputation: (+22)
*

Offline

Posts: 1589
Referrals: 4


NO Lounging

View Profile
Reply #70: Aug 19, 2010 09:02 pm

no one said we werent fixing it we actually fixed 17 issues in mrv5 deluxe that is coming out .

What i did say was you were capitolizing on a few insecure vps hackings to promote your supposedly unhackable script!!!!
and that there is no such thing as a unhackable script...

By the way just out of curiosity what was your friends name that helped u do some coding a long time agos name i sure remember it but would just like you to tell everyone t...

asalama lakim hamza
« Last Edit: Aug 19, 2010 09:08 pm by maderitescripts » Logged



    War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself.  (John Stuart Mill)
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #71: Aug 19, 2010 09:07 pm

I wasn't capitalizing. I gave people server settings to help them make their servers more secure, which you didn't. GeN4 isn't unhackable, every script is hackable, but it's more unhackable than aurora for sure.

Let me guess, by mentioning a friend you are trying to create a negative environment to support your point? You have no defense, so you think by somehow either attacking me or posting some 'evidence' you'll make it better for yourself? Fail.
Logged
oldie
Reputation: (+6)
*

Offline

Gender: Female
Posts: 1290
Referrals: 3

TROLLS BE GONE!

View Profile
Reply #72: Aug 19, 2010 09:09 pm

Ummm Epic Fail PTCPAY remember there are others of us that are also interested and reading besides researching as we like to be informed and secure. 
Logged

Someone is always out there watching you........
maderitescripts

Reputation: (+22)
*

Offline

Posts: 1589
Referrals: 4


NO Lounging

View Profile
Reply #73: Aug 19, 2010 09:10 pm

the only attacking i have seen going on here is yours you are not in contact with me and you cannot see half the encrypted code in mrv5 so why do you assume it is the same as others you speak of it being hackable but have yet to name where or how to me or any of us even if it were just in private message show me 2 hacks besides ones in owners section and i will back off you stated there were extra data tamper stuff ok then show us or me that will be proof enough to me that you arent capitolizing on the current paranoia ..
Logged



    War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself.  (John Stuart Mill)
ptcpay
Reputation: (+7)
*

Offline

Posts: 1780
Referrals: 2


View Profile
Reply #74: Aug 19, 2010 09:12 pm

@Oldie
I have no idea what you even say and will skip all your posts.

@maderites
Is that a way of saying prove me right or are you asking me to show you the vulnerabilities nicely?
Logged
Print
 
Jump to:  
Copyright © 2008-2023 eMoneySpace. All rights reserved.