Hi,
I've just been asked to solve a following mystery - AA reverting back
to where it was months or weeks ago for no obvious reasons.
After a lot of digging I have found out that the culprit is the
sql_update.php3 script, which
1) restores from bck_ tables without asking for password
2) the (destructive) action is GET based
this has resulted in a random spider or vulnerability scanner going to
/apc-aa/sql_update.php3?repair=AA_Optimize_Redefine_Site_Templates
and just reverting the site back to whne the bck_ tables were created.
Normally the bck_ tables are deleted but here they - for some reason
(permissions, result of some manual backup etc..) - were left alongside
the live tables.
I believe the update script should not be executable by default.
Best
Marek
PS: The attached image could be called "How to loose months of work in
one click".
|
