phpgedview-talk

[Phpgedview-talk] Patch to possible security threat

[John F. <Joh...@ne...>]

 Dear PhpGedView Users,

=20

There is currently a hacker attempting to use PhpGedView websites to
gain access to your sites.  I have prepared a patch which will repair
the possible security hole:

https://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D1386434&gro=
up_
id=3D55456&atid=3D477081

=20

It is highly recommended that you apply this patch as soon as possible.
This patch applies to all 3.x and greater versions of PGV.  The same
patch is also included in the latest 4.0 beta 3 release if you happen to
be using the 4.0 versions.

=20

You should also block access to your site from the following IP
addresses:

67.19.24.66

62.42.112.10

=20

--John

John Finlay

PhpGedView Project Manager

RE: [Phpgedview-talk] Patch to possible security threat

[Heike El-A. - T. <hei...@ya...>]

Dear John,
  thanks for fast reaction.
  Have downloaded the file and uploaded it into my website.
  Will now check how I can block my site from the IP addresses mentioned.
  Somewhat frightening for a basically non-computing person, this attack 
  Regards,
Heike

John Finlay <Joh...@ne...> schrieb:
                 Dear PhpGedView Users,
   
  There is currently a hacker attempting to use PhpGedView websites to gain access to your sites.  I have prepared a patch which will repair the possible security hole:
  https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081
   
  It is highly recommended that you apply this patch as soon as possible.  This patch applies to all 3.x and greater versions of PGV.  The same patch is also included in the latest 4.0 beta 3 release if you happen to be using the 4.0 versions.
   
  You should also block access to your site from the following IP addresses:
  67.19.24.66
  62.42.112.10
   
  --John
  John Finlay
  PhpGedView Project Manager

  


		
---------------------------------
Sarah Connor, Moshammer oder Papst Benedikt – die Top-Suchen 2005.

Re: [Phpgedview-talk] Patch to possible security threat

[Keith C. <ke...@dr...>]

John Finlay wrote:

>
>  
>
> You should also block access to your site from the following IP addresses:
>
> 67.19.24.66
>
> 62.42.112.10
>
>  
>
> --John
>
> John Finlay
>
> PhpGedView Project Manager
>
You should also add to the deny list:
IP ADDRESS: 65.118.243.76
DNS LOOKUP: curlyjoe.sd.stargateinc.net

This is the address hitting my server.

Keith Conley

RE: [Phpgedview-talk] Patch to possible security threat

[Dick K. <di...@ka...>]

And here is another site attacking my PhpGedwiew

IP ADDRESS: 80.74.132.220
DNS LOOKUP: ns1.swisseasy.net

Dick

-----Oorspronkelijk bericht-----
Van: php...@li...
[mailto:php...@li...]Namens Keith Conley
Verzonden: dinsdag 20 december 2005 23:01
Aan: php...@li...
Onderwerp: Re: [Phpgedview-talk] Patch to possible security threat


John Finlay wrote:

>
>
>
> You should also block access to your site from the following IP addresses:
>
> 67.19.24.66
>
> 62.42.112.10
>
>
>
> --John
>
> John Finlay
>
> PhpGedView Project Manager
>
You should also add to the deny list:
IP ADDRESS: 65.118.243.76
DNS LOOKUP: curlyjoe.sd.stargateinc.net

This is the address hitting my server.

Keith Conley


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Phpgedview-talk mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phpgedview-talk

RE: [Phpgedview-talk] Patch to possible security threat

[Joe T. <jo...@te...>]

Ok, are you sure it's an attack, if so we need to block that ip too
 
 
Sincerely
 
Joseph Tellup
Regional Chairman, Region Five
Central Committee
Butler County Republican Party
http://www.tellup.org <http://www.tellup.org/> 
614-883-1734


> -----Original Message-----
> From: php...@li...
> [mailto:php...@li...]On Behalf Of Dick
> Kaas
> Sent: Saturday, December 24, 2005 9:29 AM
> To: php...@li...
> Subject: RE: [Phpgedview-talk] Patch to possible security threat
> 
> 
> And here is another site attacking my PhpGedwiew
> 
> IP ADDRESS: 80.74.132.220
> DNS LOOKUP: ns1.swisseasy.net
> 
> Dick
> 

RE: [Phpgedview-talk] Patch to possible security threat

[Dick K. <di...@ka...>]

Joe,

It created a new username so I bet t is an attack.
I guess blocking does not help very much because I see so much ip numbers
that this guy can have very much different ip numbers and / or pc's
available for him/her

Dick

-----Oorspronkelijk bericht-----
Van: php...@li...
[mailto:php...@li...]Namens Joe Tellup
Verzonden: zaterdag 24 december 2005 18:46
Aan: php...@li...
Onderwerp: RE: [Phpgedview-talk] Patch to possible security threat



Ok, are you sure it's an attack, if so we need to block that ip too


Sincerely

Joseph Tellup
Regional Chairman, Region Five
Central Committee
Butler County Republican Party
http://www.tellup.org <http://www.tellup.org/>
614-883-1734


> -----Original Message-----
> From: php...@li...
> [mailto:php...@li...]On Behalf Of Dick
> Kaas
> Sent: Saturday, December 24, 2005 9:29 AM
> To: php...@li...
> Subject: RE: [Phpgedview-talk] Patch to possible security threat
>
>
> And here is another site attacking my PhpGedwiew
>
> IP ADDRESS: 80.74.132.220
> DNS LOOKUP: ns1.swisseasy.net
>
> Dick
>


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Phpgedview-talk mailing list
Php...@li...
https://lists.sourceforge.net/lists/listinfo/phpgedview-talk

Re: [Phpgedview-talk] Patch to possible security threat

[Keith C. <ke...@dr...>]

I just wanted to also say thank you for the lightning fast response to 
this threat.  This is another fine example of how Open Source projects 
can rise above and beyond the rest.

Keith Conley

Re: [Phpgedview-talk] Patch to possible security threat

[Tastiger <tas...@sc...>]

Well - deleting isn't the answer - he's back again :-(

There has to be a file or script running somewhere that keeps auto 
subscribing - just wish I knew where.....