Martin J Mosley Posted May 26, 2010 Report Share Posted May 26, 2010 Those of you using e107 may or may not have noticed a new release which is designed to overcome some security issues as well as fix one or two bugs. You may want to consider updating your e107..I don't yet know whether this update is going to require any changes for the TNG iL. Quote Link to comment Share on other sites More sharing options...
svoght Posted May 29, 2010 Report Share Posted May 29, 2010 Those of you using e107 may or may not have noticed a new release which is designed to overcome some security issues as well as fix one or two bugs. You may want to consider updating your e107..I don't yet know whether this update is going to require any changes for the TNG iL.Thanks for pointing this out Martin, and there's also been an additional minor bug-fix update to v 0.7.22.There aren't any changes to the database structure or anything relating to tngIL, but you will need to update *all* of your e107 files because they changed part of the way they do version tracking.Here are the three relevant tngIL-related modified e107 files, as updated for version 0.7.22. Simply go to e107.org, download the relevant update version (if you've been keeping up-to-date, you'll want the v0.7.15-0.7.22 update), unzip everything in place of your current installation, and then add these three files in place of the default files.0722_update.zipIn other update-related news, due to a new child it will be a while before I have time to look at TNG 8 and figure out what changes are needed to make tngIL compatible with it, but stay tuned.-Steve Quote Link to comment Share on other sites More sharing options...
ca_drm1n Posted June 5, 2010 Report Share Posted June 5, 2010 Please don't delay on this one! I have two domains running e107 (one includes my TNG site, the other one is totally unrelated), and BOTH were hit in approximately the last week of May due to me procrastinating this upgrade. The bad guys uploaded three files to the site root, and were using my non-TNG domain to run illegal software on the server. According to my host:The hackers used a vulnerability in e107 to execute arbitrary commands on the server. Then they downloaded malicious software on your account, which gave them access to your files. They also uploaded a DoS utility, which was used to attack other servers.My host (ICDSoft) caught the activity on my non-TNG site, shut the site down and removed the offending files, and sent me an email notification. I quickly went to my TNG site in a panic and found it was still up, but upon examination at the control panel, three new files had been uploaded there as well (two text files and one php). They were commented quite obviously as malware, so they shouldn't be hard to find (I think they were named nb.txt, nbt.txt, and please_help_us.php, or something similar).I am very ashamed and embarrassed that I left this update slide for awhile, especially after Steve's and Martin's warnings here in the forums. Please be sure to update your e107 package soon! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.