gfunkdave
Apr 7, 11, 5:12 pm
Recently, I got a character encoding error when I tried to get to FT. Now, every page has the following at the top, over the FlyerTalk banner:
Technical Support and Feedback - Site Trouble Now?
View Full Version : Site Trouble Now?
IBobi
Apr 7, 11, 5:20 pm
IB Tech is all over this.
IBobi
Apr 7, 11, 5:24 pm
Back up now. Let me know if the problem is persisting for anyone.
vocoder
Apr 7, 11, 5:28 pm
Just a heads up. When the site was giving character encoding errors it was always kicking out an array that included this part in plain text:
[MasterServer] => Array
(
[servername] => flyerdbhost
[port] => 3306
[username] => ****
[password] => ****
[usepconnect] => 0
)
Note I replaced username and password with ****, but it was clearly available for a number of minutes.
[MasterServer] => Array
(
[servername] => flyerdbhost
[port] => 3306
[username] => ****
[password] => ****
[usepconnect] => 0
)
Note I replaced username and password with ****, but it was clearly available for a number of minutes.
IB-Dick
Apr 7, 11, 5:29 pm
Just a heads up. When the site was giving character encoding errors it was always kicking out an array that included this part in plain text:
[MasterServer] => Array
(
[servername] => flyerdbhost
[port] => 3306
[username] => ****
[password] => ****
[usepconnect] => 0
)
Note I replaced username and password with ****, but it was clearly available for a number of minutes.
Well aware and taking remediation.
[MasterServer] => Array
(
[servername] => flyerdbhost
[port] => 3306
[username] => ****
[password] => ****
[usepconnect] => 0
)
Note I replaced username and password with ****, but it was clearly available for a number of minutes.
Well aware and taking remediation.
magiciansampras
Apr 7, 11, 8:38 pm
Just a heads up. When the site was giving character encoding errors it was always kicking out an array that included this part in plain text:
[MasterServer] => Array
(
[servername] => flyerdbhost
[port] => 3306
[username] => ****
[password] => ****
[usepconnect] => 0
)
Note I replaced username and password with ****, but it was clearly available for a number of minutes.
Wow. I'm not a techie so I don't really know what that means, but it doesn't seem good, does it?
[MasterServer] => Array
(
[servername] => flyerdbhost
[port] => 3306
[username] => ****
[password] => ****
[usepconnect] => 0
)
Note I replaced username and password with ****, but it was clearly available for a number of minutes.
Wow. I'm not a techie so I don't really know what that means, but it doesn't seem good, does it?
Mary2e
Apr 8, 11, 10:16 am
Looks to me like the admin id & password to the server was visible for a while :eek: :eek:
Note: I could be wrong and if I'm not, that doesn't mean anyone actually did anything with it.
Note: I could be wrong and if I'm not, that doesn't mean anyone actually did anything with it.
IB-Dick
Apr 8, 11, 9:05 pm
Looks to me like the admin id & password to the server was visible for a while :eek: :eek:
Note: I could be wrong and if I'm not, that doesn't mean anyone actually did anything with it.
That is the username and password that the web servers connect to the database on the database server. The username and password have been changed, but the site was never in any real danger. First, you need to know what the database server is. It just has a host name in there, not the IP. Even if the IP was there, it's an internal IP, so it's worthless unless you're on our network. Our db servers are locked away pretty well, so you can only access the data from the webservers. If you have access to the webservers, then it's fairly easy to get this information anyway. This is really only an issue if you're database servers are externally accessible, and ours aren't.
Still, the username and password have been changed. :-)
Note: I could be wrong and if I'm not, that doesn't mean anyone actually did anything with it.
That is the username and password that the web servers connect to the database on the database server. The username and password have been changed, but the site was never in any real danger. First, you need to know what the database server is. It just has a host name in there, not the IP. Even if the IP was there, it's an internal IP, so it's worthless unless you're on our network. Our db servers are locked away pretty well, so you can only access the data from the webservers. If you have access to the webservers, then it's fairly easy to get this information anyway. This is really only an issue if you're database servers are externally accessible, and ours aren't.
Still, the username and password have been changed. :-)
Mary2e
Apr 9, 11, 8:36 am
Well, I figured that was the first thing you would do, perhaps after disconnecting it from the hive first as a precaution :)