Is haitiwebs up-to-date ?

Lionheart · #1 08-07-05, 10:28 PM

Quote:

Invision Power Board contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. This flaw exists because the 'login.php' script does not validate user-supplied input in certain login methods and may allow a remote attacker to inject or manipulate SQL queries.

THE link : http://www.milw0rm.com/id.php?id=1013

The solution : http://forums.invisionpower.com/inde...owtopic=168016

Al Saqr · #2 08-07-05, 10:32 PM

ça marche avec moun.com ? lavalas.org ?

haitiwebs · #3 08-07-05, 10:45 PM

The only vulnerability that we have is from robots mass registering. I disabled the protection (a random numbered image that new members must input at time of registration) because most people would be confused.

The first such attack that I will get from a robot, I will delete those registrations and put up those shields.

The other vulnerability which was causing the site to be down all the time was an attack coming in from the contact form. They were using it to mass mail thousands of mail, drawing all the server ressources and causing a crash. The most severe crash was when the data got corrupted and we lost 6 weeks of postings three or four months ago. I closed that loophole by requiring non members to fill in the numbers from a random image. It has been 3 weeks now since the site has not been down.

Al Saqr · #4 08-07-05, 10:50 PM

Le message de redirection a également disparu, j'ai l'impression.

Le message de redirection = le message que l'on a après avoir posté, ou dire "nice".

EDIT :: Ceci pour dire que c'est plus rapide.

haitiwebs · #5 08-07-05, 10:52 PM

Yes you are right. Those messages were meant to give assurances to the poster. I removed them to save on bandwidth (less requests to the server), because the amount of visitors have tripled.

For some reasons which I have not pinpointed yet, the MSN skin is much faster than the Default. If you notice, there are part of the site where I am quietly forcing that style on everyone regardless of their choice (in the newly renovated fun section)

Al Saqr · #6 08-07-05, 10:56 PM

Quote:

Originally Posted by haitiwebs

Yes you are right. Those messages were meant to give assurances to the poster. I removed them to save on bandwidth (less requests to the server), because the amount of visitors have tripled.

How did that happened ?

J'ai vu le super crash de mai, mais je n'ai pas de données up to date.

Hé hé une page "cachée" du site : http://www.haitiwebs.com/webalizer/

Qu'est-ce qui était alors arrivé ? C'était quand le site était down non ?

haitiwebs · #7 08-07-05, 10:58 PM

webalizer has been disabled since May also. The log files are there but are too huge for webalizer to read. Slows the site down for 15 minutes every day.

Al Saqr · #8 08-07-05, 10:59 PM

Quote:

Originally Posted by haitiwebs

For some reasons which I have not pinpointed yet, the MSN skin is much faster than the Default. If you notice, there are part of the site where I am quietly forcing that style on everyone regardless of their choice (in the newly renovated fun section)

La MSN skin, c'est un peu microsoft. Ils ont du bidouillé quelque chose pour favoriser leur skin

Un peu comme Nvidia le fait parfois.

haitiwebs · #9 08-07-05, 11:01 PM

Mais non, a part le nom, ca n'a rien a voir avec Microsoft. Il a ete concu par un ami.

Al Saqr · #10 08-07-05, 11:01 PM

Quote:

Originally Posted by haitiwebs

webalizer has been disabled since May also. The log files are there but are too huge for webalizer to read. Slows the site down for 15 minutes every day.

lol. Ok.

Mais pourquoi la fréquentation du site a-t-elle été multipliée par 3 ?