Dolphin Major Security Holes

Morocco posted 10th of January 2010 in Community Voice. 13 comments.

Database Injections & Websites Hacking etc

I wrote this Blog, but when I tried to submit, I got this error: "Please enter entry text from 100 characters"

Any idea? thanks.

 
Comments
·Oldest
·Top
Please login to post a comment.
Morocco
Since I couldn't post the whole blog, I am going to reply to my own blog, in hopes I can get some assistance.

Read on next reply please..
Morocco
My members can no longer login, I can’t login with my Admin account either. I asked my hosting company to restore last week data in hopes to overwrite any corrupted passwords, unfortunately, the issue still remains despite the fact I lost a week of data because of the restore. If you wish to visit my site & test it yourself, please send me a message, I'd rather not post it here.

Read on next reply please..
Morocco
I am not sure if this is D6 bug, or my site has been hijacked or God knows what.. I am wondering if anyone has experienced a similar issue. If so, how do we fix it and how do we prevent it from happening again..

I am sincerly asking for your assistance. I am running a critical business, and most importantly, this is costing me my good reputation I built with my clients/members for the last 8rs or so. Money comes & go, but when you loose your good reputation, everythings goes rigth down the see more drain along with it..

Read on next reply please..
Morocco
Unless I get some guaranties for something like this doesn’t happen again or if there is way I can secure my site (which I don’t mind paying extra to secure it), I will certainly cease to using this App altogether. I just can’t afford this anymore.

I'd apprecaite any help/input.
Thank you.
AJ.
Morocco
Sorry for multiple replies, I couldn't post my blog at once for some reason. I kept getting this error: "Please enter entry text from 100 characters"

Thanks.
-AJ
megabyte_hosting
Morocco

Firstly this is not the place to post questions for support, It has been said time and time again that all support questions (no matter what their nature) should be posted in the forums in the relevant section. Your post here will most likely be deleted by a moderator or admin from boonex. I would suggest posting your question in the forums and also you asked people to visit your site to see the issues but did not provide your url. So that would help when you post in the forums.
Morocco
Here is my site URL: http://www.marocnetwork.com - which is completely down now. One issue after another.
As far as deleting this Blog, it don't matter anymore, I am looking for better solutions now.. It is not worth my time anymore..

FYI - my intention was not only to post my issue here, but rather, the fact that nobody is talking about Dolphin major SECURITY holes that is taking my site along with my business completely south..
AlexT
switch to Dolphin 7 - it is definitely more secure !
Nathan Paton
Yet more annoying! - Sorry, AlexT, I couldn't help it with the security attack issues.
buckmcgoo
We have discussed those issues on several previous blogs and forums.. you are using an older version of Dolphin. The topic was gone over so many times, I'll give you the condensed version: turn off register globals and don't use shared hosting.

And not to be rude but you are never going to get total strangers to get worked up about your business going "completely south"...
Morocco
Bbuckmcgoo - If you look under Blogs home main page, there is not even one Blog that talks about Dolphin Security. I wanted to use this opportunity to talk about security issues and at the meantime I will use my situation as a starting point. My apologies if anyone thinks I am whining about my own issues on this Blog. I am sure others (such as Mr. Magnussoft) are having some security issues as well, if it is not now, they will soon encounter it, just matter of time..

By the way, I put my site see more under maintenance since nobody can login, if you need to test it, please visit this link: http://www.marocnetwork.com/index_stop.php - you can create an account, but you can’t login. READ ON MY NEXT REPLY..
Morocco
Regarding D7 - I spent a great deal of Mods on my D6 App, I am not sure if they will get upgraded as well during D7 migration. But regardless, I don’t mind reinventing the wheels and pay someone to redo them again on D7, my only concern is, can BOONEX reassure us that D7 has good security shields around it and something like this doesn’t happen again. Or at least they should provide us with some solid security code/solutions, which I don’t mind paying extra for as long as I know my investment see more is protected.

This is one of the downside about open source Apps. Some people have plenty time on their hand, they can reverse engineer the whole suite and start attacking everyone who has owns Dolphin products. I have to admit that Boonex team has done such an outstanding job putting together D6 & D7 and others, that was the main reason I licensed D6 initially. I was very impressed with all the features these Apps have to offer, therefore, I wanted to support & contribute to this great community as well. But after the security issues I’ve been encountering, now, I am really looking for other alternatives if Boonex doesn’t come up with a better solutions as far as SECURITY is concern, I just can’t afford to have a site that goes down every week. I don’t see how anybody can operate a successful business like that. READ ON MY NEXT REPLY..
Morocco
Just last week, someone created an account on my site and the next day, he was able to send a MASS email to everyone on my database, this is very SERIOUS ISSUE. How could anybody access all my members emails unless he/she knows well how this App works.

In fact, my email address I created my account with at Boonex, only Boonex has it, however, I get at least 3 emails a day from single girls who want to meet me even though I am happily married. Being married or not is not the issue, but how the see more heck my profile ended up in some dating sites in lala land without me subscribing to them? This is beyond me, I have yet to get a valid answer from Boonex. Speaking of security issues, this is a huge problem. Legally I can get sued if one of my members profiles or emails ended up on other websites without their knowledge.

All in all, I really don’t mind paying extra money to secure my site and my investment. When I licensed D6 from Boonex, I had no idea what I am getting into. But I wish if the Boonex team keeps their clients in the loop as to what they need to do to protect their sites from SPAM, Attacks and so forth. So far I received a License Key and that’s it. You can swim on your own until you encounter the big Shark and hope you can swim fast enough so you don’t become lunch. That’s how I feel unfortunately.
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.058113098144531