Home Help Search Login Register
Welcome Guest, please login or register.
Username:
Password:

News: Development has begun on 3.0.0.  See the the announcement in the Core Development Forum for details!
Development has begun on 3.0.0.  See the the announcement in the Core Development Forum for details!
Pages: [1]   Go Down
Topic Tools  
Read
August 17, 2007, 07:19:22 AM
HCL Admin
Administrator
HCL Superstar
*****
Offline Offline

Posts: 844
It appears that there maybe a security issue with certain administrative files on all recent versions of HCL.  We are aware of the issue, and are working to expedite a fix for these issues.  I should have at least a hotfix tonight, and a new version up in a few days with the security patch installed on the sourceforge page.

This issue is detailed here and may cause the admin to be locked out, or for your HCL install to be hacked.  Until the hotfix is released (in the next few hours) I recommend putting an .htaccess in your admin folder such as this:

Code: (.htaccess)
Order Deny, Allow
Deny from all
Allow from 000.000.000.000

Change the 000.000.000.000 to your IP address.  If you need multiple address' then separate each address with a space.
This is on necessary until the hotfix is released, again, this should be sometime this morning (Friday, August 17th)

Remember, if you hear of ANY security related issue with HCL, Please, please, please let us know.  These types of issues can cause serious repercussions for others. 
« Last Edit: August 17, 2007, 07:36:45 AM by mlzhosting » Logged
how may I help you today?
 
Read
August 17, 2007, 08:03:24 AM
HCL Admin
Administrator
HCL Superstar
*****
Offline Offline

Posts: 844
Here is the hotfix file, which I shall be posting on the portal page in a few minutes, simply extract the auth.php file from the archive and replace the hcl/class/auth.php on your webserver.

NOTE:  This hotfix is untested at this time, and while it should cause no problems, there may be issues with it.

Frankly the fix involved adding one line to the auth.php code, a simple exit statement appears to have been missing.  Please, if your using 2.1.2, 2.1.3, 2.1.3a, or 2.1.4, replace the auth.php with the one attached to this message. 
 

Again, remember, if you spot even a suspected vulnerability, please at least PM me a message about it, or post on the forums here.  I'd rather chase a few wild geese then have even on vulnerability out in the wild. Smiley

Edit: Doh, I forgot to add the file...
« Last Edit: August 17, 2007, 08:17:31 AM by mlzhosting » Logged
how may I help you today?
 
Read
August 17, 2007, 02:55:55 PM
HCL Admin
Administrator
HCL Superstar
*****
Offline Offline

Posts: 844
As a further note, I'll be releasing another version (2.1.5) this weekend or Monday, Because of the potential of this security fix, I'd rather bump another version number due to it.
Logged
how may I help you today?
 
Read
August 26, 2007, 12:46:17 AM
beLite
Global Moderator
Not too much to say...
*****
Offline Offline

Posts: 37
Quote from: mlzhosting on August 17, 2007, 02:55:55 PM
As a further note, I'll be releasing another version (2.1.5) this weekend or Monday, Because of the potential of this security fix, I'd rather bump another version number due to it.
You should hurry up since Windows IIS is not able to read those @#$@ing .htaccess files.. No really, take your time Smiley
Logged
 
Read
August 26, 2007, 01:08:31 AM
HCL Admin
Administrator
HCL Superstar
*****
Offline Offline

Posts: 844
Hehehe, I was just working on the transcript garbling issue, I'll either get it today or not, either way I'm pushing 2.1.5 out the door since I don't like the current release having a security issue.
Logged
how may I help you today?
 
Read
August 27, 2007, 04:45:27 PM
victor
HCL Member
****
Offline Offline

Posts: 266
great, so we must wait for 2.1.5 correction... do you have any temptative date of release it?

thanks!  Smiley
Logged
Victor Pereyra
 
Read
August 27, 2007, 05:05:16 PM
HCL Admin
Administrator
HCL Superstar
*****
Offline Offline

Posts: 844
Should be this morning sometime.
Logged
how may I help you today?
 
Read
August 27, 2007, 05:39:11 PM
HCL Admin
Administrator
HCL Superstar
*****
Offline Offline

Posts: 844
Ok, might be just a tad longer, the route to my datacenter is down, the ISP knows about it, now I just have to wait until it's back up.  This is where the SVN is stored and I've never had an issue like this before, so we just need to be patient.  I'm going to take the uncommited sources and work on the demo site here in the mean time.
Logged
how may I help you today?
 

Pages: [1]   Go Up
« previous next »
Jump to:  

Theme by Your Hosting Professionals :: DClune Powered by SMF 1.1.6 | SMF © 2006-2008, Simple Machines LLC MySQL | PHP | XHTML | CSS
Page created in 0.144 seconds with 20 queries.
gay sex parties in new jersey sex video clips gay sex parties in new jersey
teen nude sex sex video clips hardcore nude sex pics
cartoon nude sex upskirt voyeur kinky gay sex
amateur sex pics sex video clips google gay sex
man gay sex redhead pussy free gay sex pix
gay sex rooms sex video clips free gay sex men
amateur gay sex sexy photos amateur sex pics
gay sex daddys magazine sexy photos free gay sex pics and clips
nude sex pics best porn gay sex voyeor
amateur sex clips sexy photos gay sex maui
chubby gay sex teen news pussy playboy porne nude sex
free photos of hot gay sex sexy photos preeten gay sex
kinky gay sex naked coeds eva mendex nude sex
mary j blige nude sex pics sexy photos bi gay sexx
anonamous gay sex free photo college girls naked gay sexcom
guide to gay sex sex video clips guide to gay sex
eva mendex nude sex rate my hot body gay sex xxx
gay sex daddys magazine sex video clips what are the different gay sex position
gay sex ads nude thumbs gay sexy teens
amateur sex picturs sex video clips gay sex japanese
black pre-teens gay sex.com simpsons fuck man to boy gay sex
gay sexy teens sex video clips amateur sex
gay sex free clips tankless hot water heaters gayonthenet.net gay sex reality index.html
amateur sex pics sex video clips nude sex pics
black pre-teens gay sex.com beautiful lesbians first time gay sex
gayonthenet.net gay sex reality index.html sex video clips nude sex pics
gayonthenet.net gay sex reality index.html gay lads can str8 guys have gay sex
nude sex pics sexy photos black pre-teens gay sex.com
bi gay sex partis cincinnati ohio naturist girl gay sex ads
hardcore nude sex pics sexy photos freegay sex pics
nude sex pics teen teen tgp a gay sex story
amateur sex pics sexy photos a gay sex story
gay sexy sissy men in panty pics sex gay sexy teens
gay sex rooms sex gay sex free clips