security update v9.72 take 2
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=29315
Printed Date: 01 April 2026 at 10:40am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: security update v9.72 take 2
Posted By: billd3
Subject: security update v9.72 take 2
Date Posted: 10 May 2011 at 3:37pm
|
Bruce - you mentioned: >>It is recommended that anyone running either Web Wiz Forums on Windows 2000 IIS5 or Windows 2003 IIS6 upgrade to these latest versions as soon as possible.<< How about folks hosted with you - if I recall, you are running IIS7 on 2008R2. Does this mean we're ok? I intend to update soon anyway simply because now we're I think 2 builds behind and you keep putting really nifty stuff in the forums, but wonder about how quickly now due to a security thing... |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 10 May 2011 at 4:29pm
|
Windows 2008 IIS7 is more secure so would not run files uploaded with the files names that have the vulnerability. Anyone hosting on our Windows 2008 platform would not be affected. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: efscl
Date Posted: 10 May 2011 at 4:40pm
| Just after "years" a message form myself again: thx for the great maintenance and support! |
Posted By: 123Simples
Date Posted: 10 May 2011 at 7:37pm
That means I take it that anyone running the software through web wiz servers would not be in any immediate danger then? Just to clarify Bruce? ------------- http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design |
WebWiz-Bruce wrote:Posted By: derekcohen
Date Posted: 11 May 2011 at 7:44am
|
We have done some customisation of the asp code to integrate the forum code with the parent web site. Is there a way of knowing what specific changes we need to make to the code to fix the security issue? thanks Derek |
Posted By: WebWiz-Bruce
Date Posted: 11 May 2011 at 8:37am
|
If you have made customisations and are running 9.55 or above just replace the file functions/functions_upload.asp with that from the latest version. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: WebWiz-Bruce
Date Posted: 11 May 2011 at 8:44am
Most customers who host with us will be on Windows 2008 R2 and so would not be vulnerable, but we do have a small minority of around 100 customers left the old Windows 2003 platform who would be. If customers are using WebsitePanel as their Control Panel they are on Windows 2008 and so would not be vulnerable, those using Helm as their Control Panel wioll be on Windows 2003 and would be vulnerable if running Web Wiz Forums. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: derekcohen
Date Posted: 11 May 2011 at 8:49am
| excellent - thanks - now done |
Posted By: billd3
Date Posted: 11 May 2011 at 1:32pm
|
More great reasons to: Use Web Wiz forum software - the paid version and Use Web Wiz hosting. One of the best computer-related decisions I've ever made................... ------------- BillD http://theamcpages.com http://theamcforum.com |
Posted By: JohnLug
Date Posted: 11 May 2011 at 1:45pm
So, just to clarify, I'm running 9.69, and uploading that one file makes me safe? (well as safe as anyone can ever be  ) |
Posted By: WebWiz-Bruce
Date Posted: 11 May 2011 at 1:58pm
|
Yes it would. However, I would recommend upgrading fully to 9.72 as you would also gain the Mobile Optimised View allowing people to use your forum with SmartPhones and Tablets, which are starting to account for a large number of users, and with all manufactures releasing Tablets over the next few months there will be a massive growth in the number of users. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: JohnLug
Date Posted: 11 May 2011 at 2:13pm
|
OK, another (dumb?) question... If I make a copy of my forum on a sub directory, using the same database. and apply the upgrade to it (the copy), will any changes the upgrades make to the Database affect my main forum? (hope that makes sense) |
Posted By: WebWiz-Bruce
Date Posted: 11 May 2011 at 2:17pm
|
There are no database upgrades when upgrading between 9.x versions. Database upgrades only happen when moving between major version such as 9.x to 10.x Web Wiz Forums version 10 will be released in beta before the end of this week. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: JohnLug
Date Posted: 11 May 2011 at 2:19pm
THAT'S what I wanted to hear!!  How stable is it? It's running on here, isn't it? THANKS!!! |
Posted By: billd3
Date Posted: 12 May 2011 at 1:45pm
|
I'm about half tempted to move to the 10 beta for our own forum. AFAIK this is v10 right here and has been for a while.............. I want to upgrade - but would I do 9.7x only to move to 10 a short time later? ------------- BillD http://theamcpages.com http://theamcforum.com |