Re: my site was hacked (v 2.2.5)

2013-05-03 Thread Eduardo Barbosa Moreira 
Hi, you can use the Sucuri service for security, take a look at: 

http://affl.sucuri.net/?affl=4820351442b1b642a1dac562e065ab7e

Quinta-feira, 2 de Maio de 2013 11:16:42 UTC-3, siiva escreveu:
>
> HI, Yesterday my site was "defaced" by a hacker. The front page was 
> completely replaced with the hackers page. I'm using Amazon's EC2, and in 
> my haste to get the site back up, I killed the bad server and relaunched a 
> new one. This resulted in me losing the hacked server so I'm unable to 
> investigate. 
>
> I have SSH enabled only for my IP address. Afaik this recent security 
> update would prevent someone from doing SQL injection but because the 
> entire site was defaced, I don't think this is a SQL related hack. 
>
> I will upgrade immediately, but just wondering if you had any thoughts on 
> how it might have happened?
>
> Thanks
>

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Bug in CakeSession class

2013-03-13 Thread Eduardo Barbosa Moreira 
There is an inconsistent logic In the method start() in CakeSession class 
(lib/Model/DataSource/CakeSession.php):

at line 

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Cakephp white scren when index action called

2013-03-13 Thread Eduardo Barbosa Moreira 


I'm deploying a CakePhp project that works fine in localhost but at 
production i have white screen when i call any index action of any 
controller. Debug level is 3, no cake php error log, no httpd error log, no 
php error log... nothing to debug with logs.

Permissions are ok, cache folders are empty, mod_rewrite ok , white spaces 
deleted at the end of files...

I can call a login action but the login fails... i was debugging with 
print_r and echo, then i discovered that CakePhp could not initialize the 
session, the session_id is aways null... the method setFlash is not 
working... no flash messages of login fails.

Can anyone help me?

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Bug in CakeSession class

2013-03-13 Thread Eduardo Barbosa Moreira 
There is an inconsistent logic in method start() in CakeSession class 
(lib/Model/DataSource/CakeSession.php):

at line 192 

if (!$id && self::started())

the value of self::started() is never "true" because it was tested at line 183:


if (self::started()) {
return true;
}



How can i report this bug?

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.