Subject: About the secuirity

Posted on: 16/07/02 11:08pm
By: Anonymous

Hi, I have a few questions that I hope can be answered. Does the "Are you Secure" link containing the "getbent()" code apply for Geeklog version 1.3.5. sr2 also? Is it reccommended?

If so, I need detailed instuctions of how to install it. I have put all the coding into the "lib-custom.php" so that is done. Then the instructions say: "Create a new phpblock, that points to that function, make its group "Root" and remove R permissions from All users and Anonymous."

So I created a new block, BUT how do I point to the function? Is the function "getbent()"? And how do I make the group "root"? I know how to remove R permissions.

If I could please recieve some help on this, I would be very pleased. Thanks.

About the secuirity

Posted on: 17/07/02 02:14am
By: Dirk

Yes, you can use that code with Geeklog 1.3.5sr2. The name of the function is (obviously) phpblock_getBent. To make the group of that block "root" just select "Root" from the group popup (which, per default, reads "All Users". bye, Dirk

About the secuirity

Posted on: 17/07/02 06:28am
By: dreamscape

the getBent() code only checks some very minor issues (default admin passwords, and if someone can still get to your admin/install/ directory (or install.php) to wipe out your site). It does not include checks to see if you are vulnerable for any of the security issues fixes in either 1.3.5SR1 or 1.3.5SR2. This code was written after a quick inspection of some geeklog sites around the net that were still running in the default "root-me" configuration (basically they hadn't changed admin passwords, nor restricted permissions to the install directory). This becomes even more important now as we have included several "helper" scripts in admin/install/ to help us help you install geeklog.

About the secuirity

Posted on: 17/07/02 12:46pm
By: Anonymous

Thanks for the help! So do you reccommend still installing getbent on 1.3.5sr2 ? Or would it be a waste of my time? Thanks again.

Geeklog - Forum