A few things - Page 2

Alan Mills · #11 (**permalink**) 02-09-2005, 10:31 AM

45 minutes? not so bad. If you take it then you might find that after a while it will be all the excuse you need to find a place of your own...

..and experience the true cost of living :cry:

Seriously though, if you liked the position then go for it. Hold off for a couple of days though to see what might come from the other interviews you had. You never know.

From my experience in these matters though, do not spend ages thinking about it logically, weighing it up this way or that. Simply go with your initial gut reaction. It's invariably right.

Marc Peters · #12 (**permalink**) 02-09-2005, 01:04 PM

Glidecam 2000 is officialy a bastard to set up...

Marc Peters · #13 (**permalink**) 02-09-2005, 01:13 PM

Okay, this is REALLY embarrasing. Spent about 30 mins adjusting the balance intil it was perfect, but couldn't figure out why it was spinning. Der... the manual says, "use both hands".

Pieguy · #14 (**permalink**) 02-09-2005, 08:59 PM

Originally Posted by Marc Peters

when we make the move to phpbb 3.0 and upgrade the forums

Cool, i'm looking forward to that.
Have you seen phpbb.com recently?

Originally Posted by phpBB.com

www.phpbb.com
Creating Communities

Last updated: 9th February 2005, 12:22 GMT

Hi everyone,

A further update and reminder as to the situation with this site. Our system was compromised Sunday evening by a group of hackers/crackers who (based on available information apparently corroborated by said hackers/crackers) used an exploit in awstats to gain entry. I'll repeat this very clearly since some people and worse some hosting providers are not listening to what is being said. Based on said information we do not believe, nor do we have any reason to believe, that our system was compromised due to any fault in phpBB 2.0.11.

Server update, unfortunately the datacenter where our box is located have been less than helpful. The box was supposed to have been shipped Monday, it wasn't. With further pushing we were told it would definitely ship yesterday (Tuesday), it didn't. The box is now being collected "manually". Very unimpressive service quite frankly. Because of this we are now working to an altered plan which may see the site return tomorrow (Thursday 9th) or Friday (10th). Please note that we will not be able to comment on the method used to exploit our site for at least several days.

It is actually quite fustrating at present that some hosting providers are asking or forcing their customers to remove installs of phpBB 2.0.11 due to the loss of phpbb.com. As I say above, our best available information right now is that phpBB was not to blame. If a hosting provider knows different perhaps they can inform us (along with details of how they know!).

Equally it's annoying to see some people posting the same old highlighting exploit claiming their 2.0.11 board was hacked via it. Again unless my team and indeed our other teams, heck large sections of our community, are all lying to me that vulnerability was fixed in 2.0.11. Sites running .11 and claiming (or thier hosts claiming) to have been attacked using it should take a close look at other applications they have installed. phpBB is not alone in being exploited, all the major boards can be if you don't update as new releases are made. Equally users should ensure the relevant highlighting fix is indeed present. Over the years we've dealt with thousands of users who say they've patched something (be it an exploit or bug) but upon examination we've discovered the problem code is still there. Equally hosts should look at their own systems. Are you running awstats if so have you updated? Do you regularly update your OS and particularly the kernel (if appropriate) as fixes are released? Are your users running old versions of other PHP/Perl/etc. software? Have you set appropriate permissions on key folders such as /tmp and /var/tmp? Is your webserver running with as few permissions as possible? Just because we overlooked something doesn't mean you should!

To our community, please do not ask us for further updates as to the situation, its cause, etc. Everything we have to say is said here. Our support channel (#phpbb) on IRC has at times been swamped with "What happened? Any news?" style questions which are making it extremely difficult to support users with real issues. So we appreciate the interest but please, accept that we have nothing else to add.

Users in need of support with phpBB 2.0.x can visit our development board, area51.phpbb.com where such support is being offered at this time. Of course you can also view the next version of phpBB, 3.0 "Olympus" in the process (minus the new style of course!). We are also maintaining our IRC support channel, #phpbb on the irc.freenode.net network

Again we apologise for any problems this may cause our userbase. We obviously take the huge support our community gives phpBB very seriously. And we will do our best to return to "normal operations" just as soon as we can.

psoTFX - phpBB Group

I know I'll be updating awstats!

Pieguy · #15 (**permalink**) 02-09-2005, 09:24 PM

Oh, and from the awstats website

Originally Posted by awstats website

Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").
If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommanded to update to 6.3 version that fix this security hole.

Well, i only have AllowToUpdateStatsFromBrowser on for my "private" setting, which is only accessible from localhost, so I probably always was safe, still, I just updated anyway.