|
Title: Cross Site Scripting attack Post by: rocco bertels on February 21, 2008, 02:20:08 PM Just wanted to let you all know that our website (with NeoRecruit 1.4.3) has been under css attack and was used to send thousands of unwanted emails.
They used the NeoRecruit component to get in, but it was also made possible through a "allow_url_fopen setting" in the php.ini file. Apparently most providers do not activate this setting, but unfortunately ours did. All is back to normal now, but be aware of the possible risk! Rocco Title: Re : Cross Site Scripting attack Post by: Raphael on February 24, 2008, 06:45:22 PM Hello Rocco,
We made some security modifications in the version 1.4.4, did you update your component ? And are you sure the problem comes from the component ? We protected the component from the CSS attacks since the version 1.4.0. Regards, Title: Re: Cross Site Scripting attack Post by: rocco bertels on March 03, 2008, 10:12:45 AM Raphael,
according to our provider's support service, it was the Neorecruit component that was responsible, but of course they could be wrong. I e-mailed you the same day as my original post in this forum asking if you could send me the files to upgrade to 1.4.4, but didn't receive an answer. Is it possible to send me the 1.4.4 files so I can upgrade our site? Thanks, Rocco Title: Re: Cross Site Scripting attack Post by: Raphael on March 03, 2008, 10:56:45 AM Hello Rocco,
I just sent you a mail. Regards, Title: Re: Cross Site Scripting attack Post by: rocco bertels on March 04, 2008, 08:38:32 AM Just got them. Thanks!
Powered by SMF 1.1 RC3 |
SMF © 2001-2006, Lewis Media
Joomla Bridge by JoomlaHacks.com |