The Joomla! Forum ™





Post new topic Reply to topic  [ 13 posts ] 
Author Message
PostPosted: Wed Jul 12, 2006 3:13 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 427
Location: Argentina
Author: h4ntu
version: mospray_18RC1

idem..

Have a nice day
Gustavo

_________________
Comunidad Joomla: Maintenance, support, translation and distribution for the Joomla!. Help site online. Member of the Spanish [es_ES] Joomla Translation Team. http://comunidadjoomla.org


Last edited by RobS on Sun Jul 23, 2006 8:07 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Mon Jul 17, 2006 12:18 am 
I've been banned!

Joined: Sun Jul 16, 2006 7:38 pm
Posts: 1
Location: Las Vegas, NV
We have had a number of sites get hit since 7-12-06. We upgraded all sites to 1.0.10 on that date and we had another round on 7-16-06. So just upgrading to 1.0.10 doesnt fix everything. You have to go back and check your sites and look for a file named shell.php in the root of your site. If you are running multiple sites, check ALL of them. If it is on one site on a server, they have full access to the entire server and it doesnt matter what version of Joomla you are using at that point. Once you have found and removed the shell.php file, make sure all sites on the server are upgraded to 1.0.10. If you are using a shared server, you can still be vulnerable if someone else has the file on their portion of the server.

We are working on finding all the details and will let you know more as we find them.

Hope this helps.


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 6:51 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
I couldn't find any contact information or website for this component either.  Do any of you guys have contact information for this components developers?

Thanks

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 7:34 am 
User avatar
Joomla! Intern
Joomla! Intern

Joined: Thu Mar 30, 2006 3:48 am
Posts: 70
Location: Northern California
The file is here:

http://mamboxchange.com/projects/mospray/

The developer is here:

http://www.caneblu.com

I didn't see the component listed on his site, my guess is that this is abandoned.

_________________
FlickrTab Pro for Community Builder
Multiple Random Image Module for Joomla!


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 3:55 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Sep 16, 2005 12:09 pm
Posts: 5
Location: Italy
Hi i'm Walter, creator of Mospray.
Actually Mospray (mambo + flyspray) is not longer supported because i'm (re)writing a Jospray, but is far to complete.
So, can i have more details about this Remote Inclusion, i'll try to fix-it

Regards
Walter Tosolini

_________________
Caneblu.com


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 10:05 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
Firstly, check to make sure that your components files check that they are not being accessed directly.  They should have a line like:
Code:
defined( '_VALID_MOS' ) or die( 'Restricted access' );

This is what has caused many of the recent vulnerabilities.  Additionally, you should not use the $GLOBALS array as this often facilitates turning bugs into major vulnerabilities.  That would be a good start, then I suggest you have a look at the Developers Forum found here: http://forum.joomla.org/index.php/board,126.0.html  There is some good information there on how to write more secure code.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Fri Jul 21, 2006 4:44 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Sep 16, 2005 12:09 pm
Posts: 5
Location: Italy
thx,
so this component is not for Joomla, i think the installer is not working into J, db tables_prefix are not like #__ but older mos_ (so the component dont work if you dont make change into the code)
I strongly recommed do not install this component in Joomla.
I'm working (but i havent much time now) to new component with code complety rewrite and not adapted like this one.

_________________
Caneblu.com


Top
 Profile  
 
PostPosted: Sat Oct 21, 2006 12:23 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Sep 15, 2005 5:52 pm
Posts: 45
I have been using mospray in Joomla for quite a while now and really like it. I had to make the necessary changes to the code to port it from mambo but it works fine  :D

With regard to the security issues outlined about am i correct that the fix would be to
a) add "defined( '_VALID_MOS' ) or die( 'Restricted access' );" to all php scripts where it is missing
b) in newtask.php
    i) insert "global $mosConfig_absolute_path;" at the top of the script
    ii) replace
        require_once( $GLOBALS['mosConfig_absolute_path'] . '/includes/HTML_toolbar.php' );
      with
      require_once( $mosConfig_absolute_path . '/includes/HTML_toolbar.php' );

Walter :- can you give any indication of a release date for Jospray?

Anyone :- is there a Joomla alternative which give similar functionality? The others listed in extensions dont seem to give the same flexibility that i like in mospray

Thanks
Dave


Top
 Profile  
 
PostPosted: Mon Oct 23, 2006 9:46 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Sep 16, 2005 12:09 pm
Posts: 5
Location: Italy
df23 wrote:

Walter :- can you give any indication of a release date for Jospray?



No idea when ready...
i'm starting at begin of year to adapt flyspray into joomla, but the final work was not good at all... so i recently re-start from zero, only table of database are similar to flyspray, my intention is make a php script fully "joomled".

_________________
Caneblu.com


Top
 Profile  
 
PostPosted: Thu Jan 04, 2007 1:20 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Jan 04, 2007 1:18 pm
Posts: 4
df23 wrote:
Anyone :- is there a Joomla alternative which give similar functionality? The others listed in extensions dont seem to give the same


Did you try Flyspray ME ?

Krishan


Top
 Profile  
 
PostPosted: Thu Jan 04, 2007 11:16 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Sep 15, 2005 5:52 pm
Posts: 45
krishan wrote:

Did you try Flyspray ME ?

Krishan


No i havent - it is for M@mbo and i am using Joomla


Top
 Profile  
 
PostPosted: Thu Jan 04, 2007 11:45 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Jan 04, 2007 1:18 pm
Posts: 4
Well, the component just has the old name but works very well in Joomlal (my own page works with Joomla 1.0.11 and Flyspray ME 1.0.2 - without any problem).


Top
 Profile  
 
PostPosted: Thu Dec 20, 2007 8:25 am 
I've been banned!

Joined: Wed Dec 19, 2007 10:36 pm
Posts: 21
well spotted, i took this out of my site a while back anyways.

_________________
smile


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 



Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group