MyBB Community Forums

Full Version: Discuss: MyBB 1.2.10 Security Update
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4
This vulnerability has nothing to do with Labrocca's problems (which appear to be unrelated to MyBB)

And second, the reason there is no version number change because 99% of cases, this vulnerability is useless
Jude there are ways to do automatted backups. Sometimes hosts have it built into their control panel. Check and see.

And tikitiki..yes it might not be anything related to mybb but better safe than sorry.
Quote:there are ways to do automatted backups.
There are? I didn't know that. <.<

I guess I need to get more regular in my backups!

Update uploaded. Smile Thanks!!
Easiest method is a cron job running a script. I could make one that was mybb specific as a plugin. The important part is the database...files don't change much and are generally harder to hack.
labrocca Wrote:And tikitiki..yes it might not be anything related to mybb but better safe than sorry.
Unless you have your server set up to execute JPEG/GIF/BMP/PNG files as PHP scripts (or some other executable format), this won't be your issue Toungue
Actually on some of my sites I do have png as executable for a specific reason though.
labrocca Wrote:Actually on some of my sites I do have png as executable for a specific reason though.
Then that could be part of your issue...

This won't allow config.php file to be re-written, unless:
a) You have FTP details stored on your server, and is retrievable
b) The file is CHMOD'd to be writable

Why would you need to execute PNG anyway? You can have a "fake" .png file, with a PHP script behind it, but most servers are set up to parse only .php and .php# files as PHP scripts.
ZiNga BuRgA Wrote:
labrocca Wrote:Actually on some of my sites I do have png as executable for a specific reason though.
Then that could be part of your issue...

This won't allow config.php file to be re-written, unless:
a) You have FTP details stored on your server, and is retrievable
b) The file is CHMOD'd to be writable

Why would you need to execute PNG anyway? You can have a "fake" .png file, with a PHP script behind it, but most servers are set up to parse only .php and .php# files as PHP scripts.

If you have a "fake" png file, and you're using Apache, just use mod_rewrite. Smile
Thanks for the quick fix for MyBB 1.2.10!

You are the Best!
thanks, patched!

if i need an executable image i just use a php script with an image header and gd functions.

about the backups: i have a script that runs once a week and backups sql and transfers it to 3 remote ftp server. sweet eh?
Pages: 1 2 3 4