Welcome to Geeklog Friday, October 23 2020 @ 04:28 am EDT

Geeklog Forums

About the secuirity


Leafsforever.ca

Anonymous
Hi, I have a few questions that I hope can be answered. Does the "Are you Secure" link containing the "getbent()" code apply for Geeklog version 1.3.5. sr2 also? Is it reccommended?

If so, I need detailed instuctions of how to install it. I have put all the coding into the "lib-custom.php" so that is done. Then the instructions say: "Create a new phpblock, that points to that function, make its group "Root" and remove R permissions from All users and Anonymous."

So I created a new block, BUT how do I point to the function? Is the function "getbent()"? And how do I make the group "root"? I know how to remove R permissions.

If I could please recieve some help on this, I would be very pleased. Thanks.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Yes, you can use that code with Geeklog 1.3.5sr2. The name of the function is (obviously) phpblock_getBent. To make the group of that block "root" just select "Root" from the group popup (which, per default, reads "All Users". bye, Dirk
 Quote

Status: offline

dreamscape

Forum User
Junior
Registered: 22/01/02
Posts: 30
the getBent() code only checks some very minor issues (default admin passwords, and if someone can still get to your admin/install/ directory (or install.php) to wipe out your site). It does not include checks to see if you are vulnerable for any of the security issues fixes in either 1.3.5SR1 or 1.3.5SR2. This code was written after a quick inspection of some geeklog sites around the net that were still running in the default "root-me" configuration (basically they hadn't changed admin passwords, nor restricted permissions to the install directory). This becomes even more important now as we have included several "helper" scripts in admin/install/ to help us help you install geeklog.
 Quote

Leafsforever.ca

Anonymous
Thanks for the help! So do you reccommend still installing getbent on 1.3.5sr2 ? Or would it be a waste of my time? Thanks again.
 Quote

All times are EDT. The time is now 04:28 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content