Quote:
Originally Posted by f.montoya
Even that doesn't solve this issue. I've seen 2 of my sites with altered (OOTP generated) index.html pages with an ****** inserted. The hole you saw is EXACTLY how the bad guy is getting in. He either plays OOTP or spent enough time around here to get enough info on how to do this.
Even if you use a limited FTP account, the ****** can still get into the OOTP reports. If this happens, you run the risk of allowing a trojan type virus to get into several league members' computers.  |
OK. I didn't realise that. I got the impression that the forums were being compromised by the access. Certainly Gollum's attacker was going at the forums but had done it all by FTP.
I don't think I've ever used an ****** - is it something you can get browsers to not show as it seems quite a big security risk on any site?
I think point 2 is still valid though.