My site

**spybot229** · 08-28-2008, 11:39 AM

nice work rvt

**superseed101** · 08-28-2008, 05:14 PM

We have fixed patches. Thanks rvt. We also have now hired a hire coder to potter with security and general issues. All known anti p2p ips have also been blocked. The server aswell as the site has been through some security updates. So all should be ok now. Thanks rvt again. We also looking for members again and uploads should be back up tommorow.

Regards Superseed

PS If its possible to just forget the past and give me a clean sweep at this id be greatfull.

**enviouz** · 08-28-2008, 09:15 PM

Originally Posted by superseed101

We have fixed patches. Thanks rvt. We also have now hired a hire coder to potter with security and general issues. All known anti p2p ips have also been blocked. The server aswell as the site has been through some security updates. So all should be ok now. Thanks rvt again. We also looking for members again and uploads should be back up tommorow.

Regards Superseed

PS If its possible to just forget the past and give me a clean sweep at this id be greatfull.

whats the deal with it redirecting to some porn site? is this intensional? just thought i would ask incase you werent even aware of this. it redirects to something called "the porn hub" at least it does for me.

**KFlint** · 08-28-2008, 11:21 PM

Originally Posted by rvt

Now that you've applied those patches, I'd recommend a comb through all your files when you get the time, and make sure that every _POST, _GET and _REQUEST is wrapped in sqlesc() before being sent to the database

that's what makes me so happy to code in ruby on rails from now on...no more php for me (unless i have to support already existing apps), this is so bad having to check it yourself on every database update.

You expose yourself to holes if you let a beginner code something without supervising him enough, no wonder plenty trackers with inexperienced coders get hacked

wonder when the first ruby based tracker will arrive, would have been a good occasion with the new gazelle...

**rvt** · 08-29-2008, 02:22 AM

Ruby apps can still be hit with SQL injection if not coded properly.
http://www.rorsecurity.info/2007/05/19/sql-injection/

You also still have to manually escape output to avoid XSS issues.