In reply to Securtiy Problem at Dolphin 6.1.2 ?!
realmasterd
realmasterd10th of July 2008
 
hello again,

many new information.

its not directly a dolphin problem but dolphin is the way to hack server. "allow_URL_fopen" is needed for orca forum and about this the hacker can heacked a server.

they are using this file:
plugins/safehtml/HTMLSax3.php

ip from hacker was this one:
http://private.dnsstuff.com/tools/ipall.ch?domain=189.56.100.76

our solution!
edit the .htaccess file add add this:

RewriteEngine On
RewriteCond %{QUERY_STRING} (.*)=http(.*) [NC,OR]
RewriteCond see more %{QUERY_STRING} (.*)urlx=(.*) [NC]
RewriteRule ^(.*) - [F]

with this they can not include a file which is not on the server.

and you can block the ip.

best regards
PermalinkReplyPlus0 pluses
nurke
nurke11th of July 2008to realmasterd
 
so what do we do with plugins/safehtml/HTMLSax3.php ???
Please let us know
PermalinkReplyPlus0 pluses
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Custom Jobs
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd
SSL
© BoonEx
Home
Features
Pricing
Support
Hosting
About
Demo
PET:0.039670944213867