+- Madison Motorsports (https://forum.mmsports.org)
+-- Forum: Official (https://forum.mmsports.org/forumdisplay.php?fid=5)
+--- Forum: Site Suggestions/Status (https://forum.mmsports.org/forumdisplay.php?fid=15)
+--- Thread: The Gallery (Signup Info) (/showthread.php?tid=5401)
- .RJ - 02-02-2007
lol, where have you been?
- Mike - 02-02-2007
security holes from us? or them going down to a security hole somewhere that wreaked havoc? i don't think 777ing a gallery directory is that exploitable.
- .RJ - 02-02-2007
Well, since we put the forum here... then yes, its our fault. Call it a phpBB or gallery problem, but it still our problem no matter where you point the finger.
Can we move this site off nexpoint?
- Mike - 02-02-2007
ipowerweb is great... free domain and 84/yr.
- HAULN-SS - 02-02-2007
most free domain sites register the site for you, in their name. It's a rip.
- Apoc - 02-02-2007
Mike Wrote:ipowerweb is great... free domain and 84/yr.
...and you can transfer a domain and they'll add another year to it. You can also get 100 subdomains (mikeisgay.mmsports.org) so MM could hand out personal space to it's members with limited FTP access. Concerned about space? Their service offers 200gb
hock: of storage. I just got them to up me to 50gb a few months ago and I can't even touch that.P.S. - Use this link and I'll give you $$
Mike got a free lunch out of the deal... I think. Didn't I buy you Chipotle? <!-- m --><a class="postlink" href="http://partners.ipower.com/z/4/CD2257/">http://partners.ipower.com/z/4/CD2257/</a><!-- m -->edit: You own the domain, not ipowerweb, and you can take it with you any time you want.
- Jewels - 02-02-2007
I'd be willing to throw in a few bucks for this, We've been jerked around enough now. Plus I like the idea of having personal sites attached to MM.
- white_2kgt - 02-02-2007
Mike Wrote:security holes from us? or them going down to a security hole somewhere that wreaked havoc? i don't think 777ing a gallery directory is that exploitable.
are you kidding? making a web directory writeable AND executable to the ENTIRE WORLD isn't a security hole, HA!
Mike Wrote:ipowerweb is great... free domain and 84/yr.
ipowerweb SUCKS. I had them for 1 month, and in that month my site was working for 3 days.
- Mike - 02-02-2007
white_2kgt Wrote:Mike Wrote:security holes from us? or them going down to a security hole somewhere that wreaked havoc? i don't think 777ing a gallery directory is that exploitable.
are you kidding? making a web directory writeable AND executable to the ENTIRE WORLD isn't a security hole, HA!
what can they write? learn me, i don't know shit about "hacking."
and yes, ipowerweb has been great. english speaking support, prompt, courteous. i've been down maybe a total of 24 hours over the past 2 or 3 years.
- ViPER1313 - 02-02-2007
Mike Wrote:what can they write? learn me, i don't know shit about "hacking."
Anything they want, including a program that could give them full access to all the server's files.
Its the same reason that avatar uploads are disabled at the moment. If I give the upload folder 777 permissions it works great, but I just don't feel the risk is worth it.
Seriously, is the 10mb gallery that big of a deal? Just use http://www.imageshack.us and save the links to a text file. 1mb per pic limit, they never get deleted and you can do as many of them as you want :roll:
- CaptainHenreh - 02-02-2007
ViPER1313 Wrote:Seriously, is the 10mb gallery that big of a deal? Just use http://www.imageshack.us and save the links to a text file. 1mb per pic limit, they never get deleted and you can do as many of them as you want :roll:
Nobody is bitching about 10mb per pic limit, it's the whole "the MM gallery doesn't work worth a damn 90% of the time" thing.
- white_2kgt - 02-03-2007
CaptainHenreh Wrote:ViPER1313 Wrote:Seriously, is the 10mb gallery that big of a deal? Just use http://www.imageshack.us and save the links to a text file. 1mb per pic limit, they never get deleted and you can do as many of them as you want :roll:
Nobody is bitching about 10mb per pic limit, it's the whole "the MM gallery doesn't work worth a damn 90% of the time" thing.
and the fact that there's a link to 'gallery' at the top, which doesn't work.
Mike, if I can upload a script to your server (by you chmoding a dir 777), and if I then find a way to do a remote execution on your server (which happens all the time, esp on unpatched servers like ipowerweb runs
) I can run any program I want, including one that erases the root password. Once that is done, all bets are off, however, 99.9% of the time when a hack like this is carried out it is done so you don't even know it, the 'hacker' just owns your computer, installs whatever he wants and is able to run anything he wants (mail server to send out spam, p0rn server, DDOS client, etc).
- Mike - 02-03-2007
no no i understand that, but how can you upload to that directory?
- white_2kgt - 02-03-2007
Mike Wrote:no no i understand that, but how can you upload to that directory?
With a correctly crafted PUT command.
- Mike - 02-03-2007
hrm, didn't know you could PUT via http.
- white_2kgt - 02-03-2007
Mike Wrote:hrm, didn't know you could PUT via http.
uh, yea, GET, PUT, POST, HEAD, DELETE, TRACE and CONNECT
- Mike - 02-03-2007
word, i need to lock my shit down
- HAULN-SS - 02-08-2007
can we switch to punBB? it's more leet.
- .RJ - 02-08-2007
HAULN-SS Wrote:can we switch to punBB?
Why?
This isnt busted.
- CaptainHenreh - 02-08-2007
HAULN-SS Wrote:can we switch to punBB? it's more leet.
Hey, I've got an idea!
How about we address the issue at hand?
That would be incredibly "leet". Take some time off from hacking the Gibson here, and fix the dumb gallery.