I'm getting ready to upgrade from 4.1.3, but until I can clear the time, I want to check two options that I think exist, but I cannot find.
1) specify which files types can be uploaded
2) auto authorize users upon authentication (I don't have to authorize them before they can view living persons)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1) did it go away? I was sure that I used to able to specify a list of file types (or maybe I'm confusing with mediaWiki…) I *had* assumed that was how the hackers got in but probably not. Most of the urls they used were variations of these two:
GET /Trees//views.php HTTP/1.1" 404 697 "-" "libwww-perl/5.837"
GET /Trees/module.php?mod=sitemap&pgvaction=../../../../../../../../../../../../../../../proc/self/env…………………
2) I'm pretty sure that with current config, a person can't see living ppl data until they register, and that I also set it to not require my authorization after they register to be considered a user.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
(1) DEFINITELY upgrade from version 4.1.3. We normally recommend that you upgrade to the SVN version, which includes a check for the hack attempts you have noticed. There are certain requirements of the PHP environment that you need to have enabled or installed. Also, this version requires quite a bit more memory than older versions - 64 Mb or even 128 would be very good.
(2) We don't advise that you configure your system to automatically approve registration requests. This is a very good way for hackers to get access to your system. Wouldn't you want to ensure that only authorized people, such as family members see your private information?
This option is in the site configuration, since it applis to all GEDCOMs your site will support.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
About (1): PGV version 4.2.x requires the PDO sub-system to be installed and enabled. You should also be running PHP version 5. The more recent your PHP 5 version is, the better.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm getting ready to upgrade from 4.1.3, but until I can clear the time, I want to check two options that I think exist, but I cannot find.
1) specify which files types can be uploaded
2) auto authorize users upon authentication (I don't have to authorize them before they can view living persons)
(1) does not exist.
(2) what do you mean? Please explain in more detail.
1) did it go away? I was sure that I used to able to specify a list of file types (or maybe I'm confusing with mediaWiki…) I *had* assumed that was how the hackers got in but probably not. Most of the urls they used were variations of these two:
GET /Trees//views.php HTTP/1.1" 404 697 "-" "libwww-perl/5.837"
GET /Trees/module.php?mod=sitemap&pgvaction=../../../../../../../../../../../../../../../proc/self/env…………………
2) I'm pretty sure that with current config, a person can't see living ppl data until they register, and that I also set it to not require my authorization after they register to be considered a user.
(1) DEFINITELY upgrade from version 4.1.3. We normally recommend that you upgrade to the SVN version, which includes a check for the hack attempts you have noticed. There are certain requirements of the PHP environment that you need to have enabled or installed. Also, this version requires quite a bit more memory than older versions - 64 Mb or even 128 would be very good.
(2) We don't advise that you configure your system to automatically approve registration requests. This is a very good way for hackers to get access to your system. Wouldn't you want to ensure that only authorized people, such as family members see your private information?
This option is in the site configuration, since it applis to all GEDCOMs your site will support.
About (1): PGV version 4.2.x requires the PDO sub-system to be installed and enabled. You should also be running PHP version 5. The more recent your PHP 5 version is, the better.