Possible Attack Fix .. All-In-One Download

Zarcon posted 19th of November 2009 in Community Voice. 9 comments.

First I would like to thank AlexT for working with us to create a fix for the "pestering" Possible Attack errors we have been getting. There were several change sets that you had to download and overwrite files in order to put the fix into place.

I decided to simplify this process by creating 1 zip file that contained all the updated files that you can just upload and not have to worry about going through 6-7 different change sets.The zip file contains all of the change sets known to fix this issue.

Please read the READMEFIRST file completely BEFORE you attempt to put this patch into place. I have tested this myself on my server and verified that it does work.

Your comments and feedback are more than welcome. Also, Boonex, if you would like to download and verify the contents, you are more than welcome to. I hope this resolves any issues you are having with Possible Attacks.

You can find the fix here: PossibleAttackFix.zip

Sincerely,

Chris

 
Comments
·Oldest
·Top
Please login to post a comment.
mauricecano
Thanks Zarcon, I know I missed one of the fixes and when I got it put in most of my PA issues were resolved.
houstonlively
Have you considered, that modifying the database structure, may cause problems when running the RC1 to RC2 upgrade script, when it's available?

I'd feel better about doing this, if it were an official Boonex patch that is taken into consideration when running the RC1 - RC2 upgrade script.
mauricecano
The changes listed by alex require the modification of the database and adding the two new rows.
Zarcon
Yes HL, I have actually. The only modification to the database is 2 additional INSERTS into the 'sys_options' table that allows the admin to set the security impact levels. This would allow the admin to do something such as add a simple HTML block with valid HTML code and not get a Possible Attack error page or 1,000 emails per minute, as well as other things.

The rest are just updated php files. Since AlexT provided the fix, I would hope that he also took it into consideration. I just decided see more to package it all into 1 download instead of going through 6-7 change sets and editing the same php file 3 or 4 times. I would not think that these 2 inserts would restrict the upgrade from RC1 to RC2, however I could be wrong.
patrick81
houstonlively,

yes i'm worried about that too. I don't mind waiting til rc2 comes out but will they make a patch for updating from rc2 to final too? :-/
Eli
Honneslty guy's i cant get away from that possible attack when i add the facebook widget , am just worried in case i have members in the nearest future will not enjoy my site because of this PA.
TRACKER
your file is corupted. I can not open it.
okatanani
I am no able to open the file too
mike24078
Hey Dude i tried to download the zip file it took me to mediafire and said it was not available . Can u tell me where i can get this to stop the attack emails i get 8 to 19,000 emails a day from a potential attack
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.056294918060303