Installer Attack

Date 2007-06-03 06:40:29 | Category: XOOPS
in englishin japanese
Do you know 'intaller attack'?
If you leave 'install' folder in the public area of the server, attacker can know your DB password, DB prefix etc.
You should know attackers know the folder of 'install' can be renamed '_install' etc.

This is certainly a mistake of the user.
But I find checking a constant '_INSTALL_CHARSET' can protects your xoops from such attacks.

I've just updated the module Protector numbered 3.03 with the feature.

If you dare to use the installer after installing Protector, remove the precheck line from your mainfile.php


You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=428