missuse of download script

General discussions about WebYep
Post Reply
ivb101
Posts: 6
Joined: Tue Mar 25, 2008 1:12 am

missuse of download script

Post by ivb101 » Tue Mar 25, 2008 1:14 am

If i read the wepyep-log.txt in de data directory i see a lot of erros like this (sitename changes)
04.03.2008 (23:41:24): missuse of download script, path: http://www.thoseguysfilms.com/forums/te ... za/laqipu/

if i do a search on it on google, a lot of connections are made with webyep. whats this?can anyone tell me?

kind regards,

Ivan

johannes
Objective Development
Objective Development
Posts: 815
Joined: Fri Nov 10, 2006 4:39 pm
Contact:

Post by johannes » Tue Mar 25, 2008 10:55 am

The download script in WebYep ensures that files attached to a page with the WebYep Attachment Element are really downloaded and not displayed in the browser.

By its nature, this script is a favored target of hacking attacks.

We therefore have built into this script numerous security measures to ensure it is not abused. But nevertheless hackers do try it of course.

Whenever someone tries to use the WebYep download script to do something it is not intended for, WebYep will log this.

The URL you posted:

Code: Select all

.../forums/templates/subSilver/images/uza/laqipu/

suggests that someone has hacked into a phpBB2 installation of some other website and then tried to use files deposited there to hack into your website via the WebYep download script.

The attempt was logged and he/she did not succeede. But unfortunately hackers and script kiddies have a lot of spare time to play around and ruin other people's hard work. So they will keep trying and we will keep spending a lot of time and effort to keep them from ruining your website.

It's therefore a good idea to always update WebYep to the most current version (by now all updates where free) and to have recent backups of your website including the changes made online via the CMS (the webyep-system/data folder).

ivb101
Posts: 6
Joined: Tue Mar 25, 2008 1:12 am

Thank you

Post by ivb101 » Tue Mar 25, 2008 11:14 am

Woww Johannes (dutch?), thanks for the reply. Now i understand where those log errors came from. i thought i understood something like this but could not really find something if they succeeded.
of course security i a great good nowadays :-)

thanks and regards,

Ivan

johannes
Objective Development
Objective Development
Posts: 815
Joined: Fri Nov 10, 2006 4:39 pm
Contact:

Re: Thank you

Post by johannes » Tue Mar 25, 2008 7:14 pm

ivb101 wrote:Woww Johannes (dutch?)

Nope, Austrian :)

ivb101 wrote:of course security is a great good nowadays :-)

You can say that again!

Post Reply