| Author |
 Topic Search  Topic Options
|
WebWiz-Bruce 
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
 Post Options
 Thanks(0)
 Quote  Reply
 Posted: 06 February 2006 at 1:07pm |
|
Navigate your web browser to the folder within the forum folder called 'admin' eg:-
www.mysite.com/forum/admin
|
|
|
 |
b_w_t
Newbie
Joined: 28 January 2005
Location: Netherlands
Status: Offline
Points: 6
|
Post Options
Thanks(0)
Quote Reply
Posted: 16 February 2006 at 12:14am |
Now i see why i suddenly got an unknown turkish member with an invallid e-mail address and weird entries from his IP in the logfiles.
glad that i followed the security pointers.
Blocked his IP
|
|
frufru
Newbie
Joined: 23 February 2006
Location: Canada
Status: Offline
Points: 13
|
Post Options
Thanks(0)
Quote Reply
Posted: 23 February 2006 at 8:16pm |
|
for number 3, if I have Modify permission disabled for the forum's folder, it will give an "error writing to database" error...
Oh, and is it OK to have the database named as some really long name like ijrovosodofigosdjfoig8q4nq9j32333rq.mdb , keeping it in the "database" folder, and using a default.asp file in there to cover up file listings for the folder?
oh, and howcome my registration date says "October 2003" when I only installed the forum 2 days ago?
Edited by frufru - 23 February 2006 at 8:18pm
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 24 February 2006 at 8:55am |
|
Number 3 is to disable write and modify permissions on public folders in your site, not the database folder which, if you had followed point 1, will not be in a public folder on your web site.
Renaming the database is a good idea, but if you leave it in a public folder a hacker can still get hold of it, as a hacker could course a server crash that would display the name and location of the database within the server error.
"October 2003" is when the Access database was created.
Edited by -boRg- - 24 February 2006 at 8:56am
|
|
|
|
jeffdaro
Groupie
Joined: 15 April 2005
Status: Offline
Points: 171
|
Post Options
Thanks(0)
Quote Reply
Posted: 01 March 2006 at 2:54pm |
 dfrancis wrote:
BoRg, can you explain number 3? (Privately if you think better.) I'm not familiar with this exploit. |
I can provide a non WWF anecdotal example. Some friends and I sat down one night to come up with a stupid Internet idea, and after 2 nights www.human8ball.com was born. We added a place where people could upload their own images, and in the first phase we didn't secure this very well, must have been the beer coding. Since the upload folder needed write priv's, someone was trickey enough to upload an ASP, instead of a JPG, and then they were able to run it. Luckily for us there was no damage done, and we caught the hole and patched it. But this is an example of how simply allowing an unchecked upload can give someone access to your server. BTW, I think everyone should upload a cool answer picture to my human8ball.com web site, ASAP. LOL.
|
|
savvyboarder
Newbie
Joined: 30 April 2006
Location: United States
Status: Offline
Points: 1
|
Post Options
Thanks(0)
Quote Reply
Posted: 30 April 2006 at 6:05pm |
Hi, i'm just curious how to place a username and password on the "database_connection.asp" file if i want to add that to my database? Its available on the SQL Server script, but i want to add it to my Access DB.
Anybody have suggestions?
Cheers,
BW
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 May 2006 at 12:05pm |
|
You don't use a username and password with Access, because it is a flat office file, not a server that requires you to login like SQL Server.
To protect an Access database file it needs to be placed in a folder that doesn't have public access so that it can not be downloaded by a hacker.
|
|
|
|
34747Forum
Newbie
Joined: 30 March 2005
Location: United States
Status: Offline
Points: 9
|
Post Options
Thanks(0)
Quote Reply
Posted: 20 May 2006 at 7:50am |
Hi -boRg-
I search the forum for answer of how to convert, migrate, import or upgrade and access 7.9 webwiz database to the new SQL 8.01,
and I can find it.
Can you please guide me to that tool or code.
I just upgrade my forum from 7.9 access to 8.01 SQL, and I need to convert the database.
Also do I need to buy a new license for this upgrade or I can use the one that I already got?.
Thanks in Advanced....
|
|
