15 July 2024, 23:33 | #81 | |
Registered User
Join Date: Jan 2021
Location: Norwich
Posts: 16
|
Quote:
A lot of it is deployment as well as the code though. PHP setups that echo errors out to the end user are just asking to be exploited. I always configure PHP so that it logs errors to a logfile, and if neccesary the HTTP side responds with 500. Stuff like phpmyadmin, webmin, cpanel etc left exposed is also bad news. Either limit it by IP, put it behind a VPN, or dont run it at all. I quickly got rid of phpmyadmin from anything i worked on. |
|
16 July 2024, 13:01 | #82 | |
Alien Bleed
Join Date: Aug 2022
Location: UK
Posts: 4,861
|
Quote:
Plus, a lot of companies simply don't (want to) pay for SAST tools that go a long way to automating these processes too. |
|
16 July 2024, 14:53 | #83 |
Local Moderator
Join Date: Oct 2009
Location: Lancashire, UK
Age: 48
Posts: 1,733
|
I believe Lemon/64 was running at least php 7.
Upgrading to the latest builds of phpbb is a supreme ball ache, and there should be some kind of easy way to batch run installs. |
16 July 2024, 15:26 | #84 |
Local Moderator
Join Date: Oct 2009
Location: Lancashire, UK
Age: 48
Posts: 1,733
|
Good news. Lemons are back in a couple of days. !
Look out for progress maybe soonish. |
16 July 2024, 16:40 | #85 |
Registered User
Join Date: Nov 2014
Location: Italy
Posts: 2,516
|
very good news
|
16 July 2024, 17:55 | #86 |
Alien Bleed
Join Date: Aug 2022
Location: UK
Posts: 4,861
|
|
16 July 2024, 19:23 | #87 |
Puttymoon inhabitant
|
We are back online.
|
16 July 2024, 19:38 | #88 |
Alien Bleed
Join Date: Aug 2022
Location: UK
Posts: 4,861
|
|
16 July 2024, 20:07 | #89 |
Registered User
Join Date: Nov 2018
Location: Liverpool
Posts: 188
|
|
16 July 2024, 21:58 | #90 | |
cheeky scoundrel
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 43
Posts: 7,092
|
Quote:
A) referential integrity constraints and B) if the application database user has the right to drop tables, you must want it to happen. Data theft is the bigger risk. |
|
16 July 2024, 23:53 | #91 |
Registered User
Join Date: Feb 2016
Location: London
Posts: 364
|
|
18 July 2024, 01:32 | #92 |
Amiga User
Join Date: Sep 2003
Location: Pennsylvania
Age: 47
Posts: 568
|
Yay! Lemon is back!
|
18 July 2024, 14:03 | #93 |
Registered User
Join Date: May 2023
Location: Norwich
Posts: 524
|
Well yes, but that's the simple example. Extending it to do anything such as dump out entire tables is trivial.
|
18 July 2024, 14:23 | #94 |
Registered User
Join Date: Aug 2018
Location: Rome / Italy
Age: 53
Posts: 21
|
|
20 July 2024, 14:21 | #95 |
Registered User
Join Date: Jun 2024
Location: Scotland
Posts: 26
|
Is amiga.org down now too?
|
20 July 2024, 14:30 | #96 |
HOL/FTP busy bee
Join Date: Sep 2006
Location: Germany
Age: 46
Posts: 32,503
|
|
20 July 2024, 14:31 | #97 |
Alien Bleed
Join Date: Aug 2022
Location: UK
Posts: 4,861
|
|
20 July 2024, 14:46 | #98 |
Registered User
Join Date: Jun 2024
Location: Scotland
Posts: 26
|
|
20 July 2024, 15:02 | #99 |
Alien Bleed
Join Date: Aug 2022
Location: UK
Posts: 4,861
|
I joke, but it is a bit sad. These sites are all run by enthusiasts, even the ones owned by "business". Amiga.org was my go-to place for Amiga news and discussion for years, long before I ever signed up. When Wayne had to move it to vBulletin from XOOPS, there was so much stuff that couldn't be imported, so we ended up writing custom migration tooling and doing it bit by bit. I remember scripting the link replacements, that had to identify every site referencing URL in every post, comment, article, etc and update them so they'd still link to the same equivalent content etc. We could've left it, but we wanted people to have a consistent experience and not just endless 404s (rewrite rules can only do so much).That was the lariest one, having so many regular expression callbacks. There was so much content to get through, it had to run while the site was up, in a rate limited fashion. I think it took maybe a day to finish working from most recent to oldest.
I'm not blaming anyone for anything, but the long period it was down for prior to the current iteration seems to have been a fatal blow to what was my favourite watering hole in the vast desert of targeted content I can't give a crap about that is the modern web. |
20 July 2024, 15:15 | #100 | |
Alien Bleed
Join Date: Aug 2022
Location: UK
Posts: 4,861
|
Quote:
It could be some shared hosting solution that got owned through a neighbour's laxity. Ignorance ultimately isn't an excuse if you are going to run a site but every kind of sh*t happens. |
|
Currently Active Users Viewing This Thread: 2 (0 members and 2 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
amiga magix website is hacked | Retro-Nerd | Amiga scene | 19 | 14 July 2006 03:31 |
The Lemon Amiga forum is Launched | Lemon | News | 13 | 15 July 2004 23:03 |
Amiga.com hacked ! | RCK | Amiga scene | 34 | 29 December 2002 01:01 |
Another Amiga WebPage Hacked | Carlos Ace | Amiga scene | 13 | 11 May 2002 01:21 |
Amiga.org Hacked/Down | Galahad/FLT | Amiga scene | 3 | 24 December 2001 16:35 |
|
|