Is your site secure ?
- Monday, April 29 2002 @ 02:35 am EDT
- Contributed by: dreamscape
- Views: 6,167
A couple developers decided to search google for geeklog sites, while we were pleased to see so many sites running geeklog, we were utterly appauled to find out how many of them were blatantly insecure. I'll tell you how you can at least check yourself.
UPDATE: it seems that non-logged in people can see the block on some occassions, you might want to check this.
So you just read enough of the install to get geeklog up and running because you were so exicted to take advantage of feature x.
Regardless of what happened, you should have read the initial post that said change these passwords. Hopefully you did. You should have also read success where it said make /admin/install/ either not readable via the web or move it out of your web tree
Those are the two simplest things to do, and probably 40% of the sites we went to hadn't done one of the two.
I've tried to make things easy by creating a new phpblock to use, getBent() That checks those two things. That link will take you to this static page: http://www.geeklog.net/staticpages/index.php?page=20020429142447190 and get you on your way to checking your site.
I think it's a good idea to run regardless of your current site status, especially if you don't own the box you host on. Someone my accidentally do a chmod -R 777 / and you're back in the same boat.