Re: [SLP] Re: Ultimate Bulletin Board Ready

Mon, 11 Oct 1999 05:28:01 -0700 

Will not work. The files are still +r so u can actually 
less admin.cgi 
and get the needed info :)

UBB names all files by user name... so guessing stuff like eugene.cgi
would get ur password :P

Elvin
-

On Mon, 11 Oct 1999, Eugene Teo wrote:

> Date: Mon, 11 Oct 1999 21:17:30 +0800 (SGT)
> From: Eugene Teo <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> 
> 
> if possible, make the directory +x only, change the filename of
> the configuration files and reflect the changes. hmm
> 
> --
> main(i){putchar(182623909>>(i-1)*5&31|!!(i<7)<<6)&&main(++i);}
> [EMAIL PROTECTED] - http://linux.com.sg/~amnesia/
> 
> "WinError FFF: Ran out of memory for more error messages."
> 
> 
> On Mon, 11 Oct 1999, Alf wrote:
> 
> > One thing to add...
> > all users on linux.com.sg can view the passwords of admins,etc..
> > 
> > Ur directories can be "cd"ed to and listed and files viewed.
> > 
> > 
> > 
> > Elvin
> > -
> > 
> > On Mon, 11 Oct 1999, Caleb wrote:
> > 
> > > Date: Mon, 11 Oct 1999 18:13:02 +0800
> > > From: Caleb <[EMAIL PROTECTED]>
> > > Reply-To: [EMAIL PROTECTED]
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> > > 
> > > I'm not too sure with CGI-Wrap, can somebody help with this?
> > > ----- Original Message ----- 
> > > From: Alf <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Monday, October 11, 1999 11:04 AM
> > > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> > > 
> > > 
> > > > Yo !
> > > > 
> > > > > > UBB was quite sloppily written and requires patching and constant
> > > > > > monitoring. CGI-Wrapping and 750 solves the problem usually.
> > > > > Can you advise us on the patching required and the kind of
> > > > > constant monitoring?
> > > > 1. Modify the password to be saved to be crypt(x,y)
> > > > 2. Move the Members directory out of CGI. (create an outside
> > > > directory to store the members files in)
> > > > 3. Move all controlpanel.html out of the normal CGI directory)
> > > > 4. Install CGI-wrap
> > > > 5. Remove 777 and 755s.. 700 should be enuf since it's running as
> > > > owners
> > > > 6. Monitor via grepping of admin CGIs.
> > > > 7. Backups
> > > > 8. Quite a few more i'll to remember and post here...
> > > > 
> > > > 
> > > > Elvin
> > > > -
> > > > 
> > > > 
> > > 
> > 
>

Reply via email to