Leafsforever.ca

Anonymous
Hi, I have a few questions that I hope can be answered. Does the "Are you Secure" link containing the "getbent()" code apply for Geeklog version 1.3.5. sr2 also? Is it reccommended?

If so, I need detailed instuctions of how to install it. I have put all the coding into the "lib-custom.php" so that is done. Then the instructions say: "Create a new phpblock, that points to that function, make its group "Root" and remove R permissions from All users and Anonymous."

So I created a new block, BUT how do I point to the function? Is the function "getbent()"? And how do I make the group "root"? I know how to remove R permissions.

If I could please recieve some help on this, I would be very pleased. Thanks.

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Yes, you can use that code with Geeklog 1.3.5sr2. The name of the function is (obviously) phpblock_getBent. To make the group of that block "root" just select "Root" from the group popup (which, per default, reads "All Users". bye, Dirk

Status: offline

dreamscape

Forum User
Junior
Registered: 22/01/02
Posts: 30
the getBent() code only checks some very minor issues (default admin passwords, and if someone can still get to your admin/install/ directory (or install.php) to wipe out your site). It does not include checks to see if you are vulnerable for any of the security issues fixes in either 1.3.5SR1 or 1.3.5SR2. This code was written after a quick inspection of some geeklog sites around the net that were still running in the default "root-me" configuration (basically they hadn't changed admin passwords, nor restricted permissions to the install directory). This becomes even more important now as we have included several "helper" scripts in admin/install/ to help us help you install geeklog.

Leafsforever.ca

Anonymous
Thanks for the help! So do you reccommend still installing getbent on 1.3.5sr2 ? Or would it be a waste of my time? Thanks again.