Quote:
Originally Posted by Tony M
...
Until the emergency patch comes out there's nothing that can be done to prevent this potential way in, unless you are able to set up a separate FTP user that only has access to the OOTP directories and no access to forums...
|
Even that doesn't solve this issue. I've seen 2 of my sites with
altered (OOTP generated) index.html pages with an ****** inserted. The hole you saw is EXACTLY how the bad guy is getting in. He either plays OOTP or spent enough time around here to get enough info on how to do this.
Even if you use a limited FTP account, the ****** can still get into the OOTP reports. If this happens, you run the risk of allowing a trojan type virus to get into several league members' computers.
