Jump to content
TNG Community

Security update e107 v0.7.21


Martin J Mosley

Recommended Posts

Martin J Mosley

Those of you using e107 may or may not have noticed a new release which is designed to overcome some security issues as well as fix one or two bugs. You may want to consider updating your e107..

I don't yet know whether this update is going to require any changes for the TNG iL.

Link to comment
Share on other sites

Those of you using e107 may or may not have noticed a new release which is designed to overcome some security issues as well as fix one or two bugs. You may want to consider updating your e107..

I don't yet know whether this update is going to require any changes for the TNG iL.

Thanks for pointing this out Martin, and there's also been an additional minor bug-fix update to v 0.7.22.

There aren't any changes to the database structure or anything relating to tngIL, but you will need to update *all* of your e107 files because they changed part of the way they do version tracking.

Here are the three relevant tngIL-related modified e107 files, as updated for version 0.7.22. Simply go to e107.org, download the relevant update version (if you've been keeping up-to-date, you'll want the v0.7.15-0.7.22 update), unzip everything in place of your current installation, and then add these three files in place of the default files.

0722_update.zip

In other update-related news, due to a new child it will be a while before I have time to look at TNG 8 and figure out what changes are needed to make tngIL compatible with it, but stay tuned.

-Steve

Link to comment
Share on other sites

Please don't delay on this one! I have two domains running e107 (one includes my TNG site, the other one is totally unrelated), and BOTH were hit in approximately the last week of May due to me procrastinating this upgrade. The bad guys uploaded three files to the site root, and were using my non-TNG domain to run illegal software on the server. According to my host:

The hackers used a vulnerability in e107 to execute arbitrary commands on the server. Then they downloaded malicious software on your account, which gave them access to your files. They also uploaded a DoS utility, which was used to attack other servers.

My host (ICDSoft) caught the activity on my non-TNG site, shut the site down and removed the offending files, and sent me an email notification. I quickly went to my TNG site in a panic and found it was still up, but upon examination at the control panel, three new files had been uploaded there as well (two text files and one php). They were commented quite obviously as malware, so they shouldn't be hard to find (I think they were named nb.txt, nbt.txt, and please_help_us.php, or something similar).

I am very ashamed and embarrassed that I left this update slide for awhile, especially after Steve's and Martin's warnings here in the forums. Please be sure to update your e107 package soon!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...