Jump to content
TNG Community
Martin J Mosley

Security update e107 v0.7.21

Recommended Posts

Martin J Mosley

Those of you using e107 may or may not have noticed a new release which is designed to overcome some security issues as well as fix one or two bugs. You may want to consider updating your e107..

I don't yet know whether this update is going to require any changes for the TNG iL.

Share this post


Link to post
Share on other sites
svoght

Those of you using e107 may or may not have noticed a new release which is designed to overcome some security issues as well as fix one or two bugs. You may want to consider updating your e107..

I don't yet know whether this update is going to require any changes for the TNG iL.

Thanks for pointing this out Martin, and there's also been an additional minor bug-fix update to v 0.7.22.

There aren't any changes to the database structure or anything relating to tngIL, but you will need to update *all* of your e107 files because they changed part of the way they do version tracking.

Here are the three relevant tngIL-related modified e107 files, as updated for version 0.7.22. Simply go to e107.org, download the relevant update version (if you've been keeping up-to-date, you'll want the v0.7.15-0.7.22 update), unzip everything in place of your current installation, and then add these three files in place of the default files.

0722_update.zip

In other update-related news, due to a new child it will be a while before I have time to look at TNG 8 and figure out what changes are needed to make tngIL compatible with it, but stay tuned.

-Steve

Share this post


Link to post
Share on other sites
ca_drm1n

Please don't delay on this one! I have two domains running e107 (one includes my TNG site, the other one is totally unrelated), and BOTH were hit in approximately the last week of May due to me procrastinating this upgrade. The bad guys uploaded three files to the site root, and were using my non-TNG domain to run illegal software on the server. According to my host:

The hackers used a vulnerability in e107 to execute arbitrary commands on the server. Then they downloaded malicious software on your account, which gave them access to your files. They also uploaded a DoS utility, which was used to attack other servers.

My host (ICDSoft) caught the activity on my non-TNG site, shut the site down and removed the offending files, and sent me an email notification. I quickly went to my TNG site in a panic and found it was still up, but upon examination at the control panel, three new files had been uploaded there as well (two text files and one php). They were commented quite obviously as malware, so they shouldn't be hard to find (I think they were named nb.txt, nbt.txt, and please_help_us.php, or something similar).

I am very ashamed and embarrassed that I left this update slide for awhile, especially after Steve's and Martin's warnings here in the forums. Please be sure to update your e107 package soon!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×