haha. UBB Rules then.
On Mon, 11 Oct 1999, you wrote:
> Will not work. The files are still +r so u can actually
> less admin.cgi
> and get the needed info :)
>
> UBB names all files by user name... so guessing stuff like eugene.cgi
> would get ur password :P
>
> Elvin
> -
>
> On Mon, 11 Oct 1999, Eugene Teo wrote:
>
> > Date: Mon, 11 Oct 1999 21:17:30 +0800 (SGT)
> > From: Eugene Teo <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> >
> >
> > if possible, make the directory +x only, change the filename of
> > the configuration files and reflect the changes. hmm
> >
> > --
> > main(i){putchar(182623909>>(i-1)*5&31|!!(i<7)<<6)&&main(++i);}
> > [EMAIL PROTECTED] - http://linux.com.sg/~amnesia/
> >
> > "WinError FFF: Ran out of memory for more error messages."
> >
> >
> > On Mon, 11 Oct 1999, Alf wrote:
> >
> > > One thing to add...
> > > all users on linux.com.sg can view the passwords of admins,etc..
> > >
> > > Ur directories can be "cd"ed to and listed and files viewed.
> > >
> > >
> > >
> > > Elvin
> > > -
> > >
> > > On Mon, 11 Oct 1999, Caleb wrote:
> > >
> > > > Date: Mon, 11 Oct 1999 18:13:02 +0800
> > > > From: Caleb <[EMAIL PROTECTED]>
> > > > Reply-To: [EMAIL PROTECTED]
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> > > >
> > > > I'm not too sure with CGI-Wrap, can somebody help with this?
> > > > ----- Original Message -----
> > > > From: Alf <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Monday, October 11, 1999 11:04 AM
> > > > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> > > >
> > > >
> > > > > Yo !
> > > > >
> > > > > > > UBB was quite sloppily written and requires patching and constant
> > > > > > > monitoring. CGI-Wrapping and 750 solves the problem usually.
> > > > > > Can you advise us on the patching required and the kind of
> > > > > > constant monitoring?
> > > > > 1. Modify the password to be saved to be crypt(x,y)
> > > > > 2. Move the Members directory out of CGI. (create an outside
> > > > > directory to store the members files in)
> > > > > 3. Move all controlpanel.html out of the normal CGI directory)
> > > > > 4. Install CGI-wrap
> > > > > 5. Remove 777 and 755s.. 700 should be enuf since it's running as
> > > > > owners
> > > > > 6. Monitor via grepping of admin CGIs.
> > > > > 7. Backups
> > > > > 8. Quite a few more i'll to remember and post here...
> > > > >
> > > > >
> > > > > Elvin
> > > > > -
> > > > >
> > > > >
> > > >
> > >
> >
--
--
main(i){putchar(182623909>>(i-1)*5&31|!!(i<7)<<6)&&main(++i);}
[EMAIL PROTECTED] - http://linux.com.sg/~amnesia/
"WinError FFF: Ran out of memory for more error messages."
