I receive every day this kind of messages whne people post to forums.
They usually use Safari 4.0.3 or Firfox 3.6 and Mac OS X 10.6.2 or Mac OS X 10.5.8
Simple question: How I can fix that????????
See below many messages I receive each day. I want a CLEAR ANSWER
on this subject. THANKS.
EXAMPLES :
Total impact: 32
Affected tags: xss, csrf
Variable: REQUEST.topic_text | Value: <p>Hi Everyone! All of you have probably had the need to sync your Mac with the other devices - such as computers, mobile phones,online accounts, etc. From now on you can easily sync your Mac with <a href=\"http://mac.eltima.com/sync-mac.html\" title=\"Sync Mac OS X\"><strong>SyncMate</strong></a>.</p>
<p>SyncMate enables all users to sync data between Mac OS X computer and a list of devices, such as Windows Mobile devices, Nokia S40 phones and other Macs and Windows computers, PlayStation Portable and USB drives. SyncMate also supports Google account synchronization. With SyncMate you can back up data to Online Storage Account.</p>
<p>SyncMate is offered in two Editions: Free and Expert and allows syncing contacts,calendar, iTunes &amp; Video, iPhoto, Bookmarks, Notes, Stickies, mail, Folders and much more between your Mac and supported devices.</p>
<p> </p>
<p><a href=\"http://mac.eltima.com/download/syncmate.dmg\" title=\"Download SyncMate\"><strong>Download SyncMate Free Edition</strong></a></p>
<p><a href=\"http://mac.eltima.com/sync-mac.html\" title=\"Mac OS X sync software\"><strong>Read more about SyncMate</strong></a></p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
Impact: 16 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects possible event handlers | Tags: xss, csrf | ID: 32
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Variable: POST.topic_text | Value: <p>Hi Everyone! All of you have probably had the need to sync your Mac with the other devices - such as computers, mobile phones,online accounts, etc. From now on you can easily sync your Mac with <a href=\"http://mac.eltima.com/sync-mac.html\" title=\"Sync Mac OS X\"><strong>SyncMate</strong></a>.</p>
<p>SyncMate enables all users to sync data between Mac OS X computer and a list of devices, such as Windows Mobile devices, Nokia S40 phones and other Macs and Windows computers, PlayStation Portable and USB drives. SyncMate also supports Google account synchronization. With SyncMate you can back up data to Online Storage Account.</p>
<p>SyncMate is offered in two Editions: Free and Expert and allows syncing contacts,calendar, iTunes &amp; Video, iPhoto, Bookmarks, Notes, Stickies, mail, Folders and much more between your Mac and supported devices.</p>
<p> </p>
<p><a href=\"http://mac.eltima.com/download/syncmate.dmg\" title=\"Download SyncMate\"><strong>Download SyncMate Free Edition</strong></a></p>
<p><a href=\"http://mac.eltima.com/sync-mac.html\" title=\"Mac OS X sync software\"><strong>Read more about SyncMate</strong></a></p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
Impact: 16 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects possible event handlers | Tags: xss, csrf | ID: 32
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
REMOTE_ADDR: 89.162.209.186
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /Library/WebServer/Documents/maczoom/modules/boonex/forum/index.php
QUERY_STRING:
REQUEST_URI: /forum/
QUERY_STRING:
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php
Total impact: 40
Affected tags: xss, csrf, sqli, id, lfi
Variable: REQUEST.post_text | Value: <p>From LaCie<br /> <br /><strong>LaCie Coat Laptop 10.2\"</strong> - $14.99</p>
<p>Not so much a NEW sleeve as an old model re-labeled as fitting the iPad</p>
<p>Available in black, red, orange, blue and pink.</p>
<p>More info: http://www.lacie.com/us/products/product.htm?pid=11413<br /><br /><strong>LaCie ForMoa 10.2\"</strong> - $24.99</p>
<p>Not so much a NEW sleeve as an old model re-labeled as fitting the iPad</p>
<p>Available in black, red, orange, blue and pink.</p>
<p>More info: Currently, MacZoom is now NOT letting me post URLs. These forums have potential - but they aren\'t really ready for much use.</p>
Impact: 20 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Variable: POST.post_text | Value: <p>From LaCie<br /> <br /><strong>LaCie Coat Laptop 10.2\"</strong> - $14.99</p>
<p>Not so much a NEW sleeve as an old model re-labeled as fitting the iPad</p>
<p>Available in black, red, orange, blue and pink.</p>
<p>More info: http://www.lacie.com/us/products/product.htm?pid=11413<br /><br /><strong>LaCie ForMoa 10.2\"</strong> - $24.99</p>
<p>Not so much a NEW sleeve as an old model re-labeled as fitting the iPad</p>
<p>Available in black, red, orange, blue and pink.</p>
<p>More info: Currently, MacZoom is now NOT letting me post URLs. These forums have potential - but they aren\'t really ready for much use.</p>
Impact: 20 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
REMOTE_ADDR: 12.27.247.60
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /Library/WebServer/Documents/maczoom/modules/boonex/forum/index.php
QUERY_STRING: orca_integration=groups
REQUEST_URI: /forum/groups/
QUERY_STRING: orca_integration=groups
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php
Total impact: 40
Affected tags: xss, csrf, sqli, id, lfi
Variable: REQUEST.post_text | Value: <p>From LaCie<br /> <br /><strong>LaCie Coat Laptop 10.2\"</strong> - $14.99</p>
<p>Not so much a NEW sleeve as an old model re-labeled as fitting the iPad</p>
<p>Available in black, red, orange, blue and pink.</p>
<p>More info: http://www.lacie.com/us/products/product.htm?pid=11413<br /><br /><strong>LaCie ForMoa 10.2\"</strong> - $24.99</p>
<p>Not so much a NEW sleeve as an old model re-labeled as fitting the iPad</p>
<p>Available in black, red, orange, blue and pink.</p>
<p>More info: Currently, MacZoom is now NOT letting me post URLs. These forums have potential - but they aren\'t really ready for much use.</p>
Impact: 20 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Variable: POST.post_text | Value: <p>From LaCie<br /> <br /><strong>LaCie Coat Laptop 10.2\"</strong> - $14.99</p>
<p>Not so much a NEW sleeve as an old model re-labeled as fitting the iPad</p>
<p>Available in black, red, orange, blue and pink.</p>
<p>More info: http://www.lacie.com/us/products/product.htm?pid=11413<br /><br /><strong>LaCie ForMoa 10.2\"</strong> - $24.99</p>
<p>Not so much a NEW sleeve as an old model re-labeled as fitting the iPad</p>
<p>Available in black, red, orange, blue and pink.</p>
<p>More info: Currently, MacZoom is now NOT letting me post URLs. These forums have potential - but they aren\'t really ready for much use.</p>
Impact: 20 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
REMOTE_ADDR: 12.27.247.60
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /Library/WebServer/Documents/maczoom/modules/boonex/forum/index.php
QUERY_STRING: orca_integration=groups
REQUEST_URI: /forum/groups/
QUERY_STRING: orca_integration=groups
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php
Total impact: 40
Affected tags: xss, csrf, sqli, id, lfi
Variable: REQUEST.post_text | Value: From LaCie
<p> </p>
LaCie Coat Laptop 10.2\" - $14.99</br>
Not so much a NEW sleeve as an old model ew-labeled as fitting the iPad</br>
Available in black, red, orange, blue and pink</br>
More info at: http://www.lacie.com/us/products/product.htm?pid=11413
Impact: 20 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Variable: POST.post_text | Value: From LaCie
<p> </p>
LaCie Coat Laptop 10.2\" - $14.99</br>
Not so much a NEW sleeve as an old model ew-labeled as fitting the iPad</br>
Available in black, red, orange, blue and pink</br>
More info at: http://www.lacie.com/us/products/product.htm?pid=11413
Impact: 20 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
REMOTE_ADDR: 64.130.156.217
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /Library/WebServer/Documents/maczoom/modules/boonex/forum/index.php
QUERY_STRING: orca_integration=groups
REQUEST_URI: /forum/groups/
QUERY_STRING: orca_integration=groups
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php
Total impact: 38
Affected tags: xss, csrf, sqli, id, lfi
Variable: REQUEST.topic_text | Value: <p>
<div class=\"forum_post_text\">From LaCie</div>
<div class=\"forum_post_text\"></div>
<div class=\"forum_post_text\"><strong>LaCie Coat Laptop 10.2\"</strong> - $14.99
<br /> Not so much a NEW sleeve as an old model re-labeled as fitting the iPad<br /> Available in black, red, orange, blue and pink.<br /> More info:http://www.lacie.com/us/products/product.htm?pid=11413</div>
<div class=\"forum_post_text\">
<p> </p>
</div>
</p>
Impact: 19 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Variable: POST.topic_text | Value: <p>
<div class=\"forum_post_text\">From LaCie</div>
<div class=\"forum_post_text\"></div>
<div class=\"forum_post_text\"><strong>LaCie Coat Laptop 10.2\"</strong> - $14.99
<br /> Not so much a NEW sleeve as an old model re-labeled as fitting the iPad<br /> Available in black, red, orange, blue and pink.<br /> More info:http://www.lacie.com/us/products/product.htm?pid=11413</div>
<div class=\"forum_post_text\">
<p> </p>
</div>
</p>
Impact: 19 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
REMOTE_ADDR: 64.130.156.217
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /Library/WebServer/Documents/maczoom/modules/boonex/forum/index.php
QUERY_STRING: orca_integration=groups
REQUEST_URI: /forum/groups/
QUERY_STRING: orca_integration=groups
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php
Total impact: 46
Affected tags: xss, csrf, sqli, id, lfi
Variable: REQUEST.topic_text | Value: <div class=\"forum_post_text\">From LaCie</div>
<div class=\"forum_post_text\"></div>
<div class=\"forum_post_text\">
<p><strong> LaCie Coat Laptop 10.2\"</strong> - $14.99
<br />Not so much a NEW sleeve as an old model re-labeled as fitting the iPad<br /> Available in black, red, orange, blue and pink.<br />More info:http://www.lacie.com/us/products/product.htm?pid=11413</p>
<p> </p>
<p><strong>LaCie ForMoa 10.2\" </strong> - $24.99<br />Not so much a NEW sleeve as an old model re-labeled as fitting the iPad<br />Available in black, red, orange, blue and pink.<br />More info: http://www.lacie.com/us/products/product.htm?pid=11417</p>
</div>
Impact: 23 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Variable: POST.topic_text | Value: <div class=\"forum_post_text\">From LaCie</div>
<div class=\"forum_post_text\"></div>
<div class=\"forum_post_text\">
<p><strong> LaCie Coat Laptop 10.2\"</strong> - $14.99
<br />Not so much a NEW sleeve as an old model re-labeled as fitting the iPad<br /> Available in black, red, orange, blue and pink.<br />More info:http://www.lacie.com/us/products/product.htm?pid=11413</p>
<p> </p>
<p><strong>LaCie ForMoa 10.2\" </strong> - $24.99<br />Not so much a NEW sleeve as an old model re-labeled as fitting the iPad<br />Available in black, red, orange, blue and pink.<br />More info: http://www.lacie.com/us/products/product.htm?pid=11417</p>
</div>
Impact: 23 | Tags: xss, csrf, sqli, id, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
REMOTE_ADDR: 64.130.156.217
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /Library/WebServer/Documents/maczoom/modules/boonex/forum/index.php
QUERY_STRING: orca_integration=groups
REQUEST_URI: /forum/groups/
QUERY_STRING: orca_integration=groups
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php
Total impact: 42
Affected tags: xss, csrf, id, rfe, lfi
Variable: REQUEST.post_text | Value: <p>The accessories storm begins! New bags (and one screen protector) announced!</p>
<p><br />From Tom Bihn</p>
<p><br /> <strong>Ristretto for iPad/Netbooks</strong> - $110.00<br /> Not so much a NEW bag as an old model re-labeled as being for the iPad.<br /> More info: <a href=\"http://www.tombihn.com/page/001/PROD/300/TB0222\" target=\"_blank\">http://www.tombihn.com/page/001/PROD/300/TB0222</a></p>
<p><br /><strong>Cache</strong> - $30.00
<br />Not so much a NEW sleeve as an old model re-labeled as fitting the iPad<br /> More info at:http://www.tombihn.com/page/001/PROD/300/TB0350</p>
<p> </p>
<p><em>Note on Tom Bihn: If you do a search on their website for “iPad” you get 13 matches for 13 existing bags / sleeves, including the above. So in other words, these aren’t really iPad bags - they are just bags / sleeves that will fit the iPad. Well, an iPad will fit in a Walmart plastic grocery bag too - but that doesn’t make it an “iPad Bag”.</em></p>
Impact: 21 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects common function declarations and special JS operators | Tags: id, rfe, lfi | ID: 62
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68
Variable: POST.post_text | Value: <p>The accessories storm begins! New bags (and one screen protector) announced!</p>
<p><br />From Tom Bihn</p>
<p><br /> <strong>Ristretto for iPad/Netbooks</strong> - $110.00<br /> Not so much a NEW bag as an old model re-labeled as being for the iPad.<br /> More info: <a href=\"http://www.tombihn.com/page/001/PROD/300/TB0222\" target=\"_blank\">http://www.tombihn.com/page/001/PROD/300/TB0222</a></p>
<p><br /><strong>Cache</strong> - $30.00
<br />Not so much a NEW sleeve as an old model re-labeled as fitting the iPad<br /> More info at:http://www.tombihn.com/page/001/PROD/300/TB0350</p>
<p> </p>
<p><em>Note on Tom Bihn: If you do a search on their website for “iPad” you get 13 matches for 13 existing bags / sleeves, including the above. So in other words, these aren’t really iPad bags - they are just bags / sleeves that will fit the iPad. Well, an iPad will fit in a Walmart plastic grocery bag too - but that doesn’t make it an “iPad Bag”.</em></p>
Impact: 21 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects common function declarations and special JS operators | Tags: id, rfe, lfi | ID: 62
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68
REMOTE_ADDR: 12.27.247.60
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /Library/WebServer/Documents/maczoom/modules/boonex/forum/index.php
QUERY_STRING: orca_integration=groups
REQUEST_URI: /forum/groups/
QUERY_STRING: orca_integration=groups
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php
Total impact: 34
Affected tags: xss, csrf
Variable: REQUEST.post_text | Value: <p>OK - while I don\'t necessarily share all these opinions, this is damn funny.</p>
<p> </p>
<p><a href=\"http://www.youtube.com/watch?v=lQnT0zp8Ya4\" target=\"_blank\">http://www.youtube.com/watch?v=lQnT0zp8Ya4</a></p>
Impact: 17 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Variable: POST.post_text | Value: <p>OK - while I don\'t necessarily share all these opinions, this is damn funny.</p>
<p> </p>
<p><a href=\"http://www.youtube.com/watch?v=lQnT0zp8Ya4\" target=\"_blank\">http://www.youtube.com/watch?v=lQnT0zp8Ya4</a></p>
Impact: 17 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
REMOTE_ADDR: 12.27.247.60
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /Library/WebServer/Documents/maczoom/modules/boonex/forum/index.php
QUERY_STRING: orca_integration=groups
REQUEST_URI: /forum/groups/
QUERY_STRING: orca_integration=groups
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php
Why such messages?
 |
maczoom, this is rather simple, and this has been discussed in detail here on the forums. this is a security threshold which prevents injection of malicious code into your many areas where copy and paste are allowed. by default the settings are 9 and 27. this can be seen at the following location: Admin --> settings --> advanced settings --> other scroll down and look for the two digits or for the words security threshold. it has been declared that this is not working properly and the better thing to do is just disable this feature by setting both to -1 (minus one). if you look at the report ithas on the first injection Total Impact 40, you can adjust the settings to a number higher than the Total Impact, however, once you scale above the security platuea that is coded, you are no longer within the protective boundaries of the security implementation. so instead of going through the hassle of trying to figure what exactly the max level can be and still retain a sense of security, just disable it, this should be fixed in Dolphin 7.0.1 Regards, DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
Ok, thanks. BUT WHY 7.0.1 IS TAKING SO LONG TO COME? |
Ok, thanks. BUT WHY 7.0.1 IS TAKING SO LONG TO COME? its really not taking so long to come out. Dolphin 7 was released Dec 25, 2009, there has been a few bugs reported in this short period, and the developers are working on getting all reported and confirmed bugs resolved. Regards, DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
maczoom, this is rather simple, and this has been discussed in detail here on the forums. this is a security threshold which prevents injection of malicious code into your many areas where copy and paste are allowed. by default the settings are 9 and 27. this can be seen at the following location:
Admin --> settings --> advanced settings --> other
scroll down and look for the two digits or for the words security threshold. it has been declared that this is not working properly and the better thing to do is just disable this feature by setting both to -1 (minus one). if you look at the report ithas on the first injection Total Impact 40, you can adjust the settings to a number higher than the Total Impact, however, once you scale above the security platuea that is coded, you are no longer within the protective boundaries of the security implementation.
so instead of going through the hassle of trying to figure what exactly the max level can be and still retain a sense of security, just disable it, this should be fixed in Dolphin 7.0.1
Regards, DosDawg I use these email for checking memberships and spammer. The following email is an alert from a profile user that became a member...simple female profile. I looked at it and the email checked out.. This was a spam attempt right, hence the links to all the drug sites, if I had set the values to -1 I would not have know this member was trying to post these links to her wall. And she blocked me right off...thinking I could not see her profile. I was able to block the IP address because of this alert. They might be bothersome but I have stopped several of these this way. Please correct me if I'm wrong....If values are set too low you will not get these important messages. This is the alert email.... Total impact: 8 ManOfTeal.COM a Proud UNA site, six years running strong! |
newton, in your case, the feature worked, but what if you had a client who was a paying member, and they wished to copy and paste an article that they were the author of, and the site posted the huge HACKER ATTACK~ nobody wants to see this if they have paid you and quite frankly this could freak them out to the point of cancelling their membership, as they would not understand that something as common as copy and paste would have them deemed as a hack attempt. so this feature does not work, if you wish to have it on on your site, good luck with it. boonex has stated its not functioning properly so the -1 disables the feature as noted in my post. if you choose to use it that is your option. Regards, DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
newton, in your case, the feature worked, but what if you had a client who was a paying member, and they wished to copy and paste an article that they were the author of, and the site posted the huge HACKER ATTACK~ nobody wants to see this if they have paid you and quite frankly this could freak them out to the point of cancelling their membership, as they would not understand that something as common as copy and paste would have them deemed as a hack attempt. so this feature does not work, if you wish to have it on on your site, good luck with it.
boonex has stated its not functioning properly so the -1 disables the feature as noted in my post. if you choose to use it that is your option.
Regards, DosDawg Understand DosDawg, but I don't have paying members. I feel safer this way... I get these all long, and they are all spammers. If I see otherwise I have contacted the members. I can see this being a problem in the future. ManOfTeal.COM a Proud UNA site, six years running strong! |
hey newton, just thought i would point you in this direction. boonex says the security threshold is broken and they wont be fixing it. they will be disabling it with the next release of 7.0.1 Regards, DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
The new Dolphin solution is powered by UNA Community Management System.