FlyerTalk Forums

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Technical Support and Feedback (https://www.flyertalk.com/forum/technical-support-feedback-386/)
-   -   Site Trouble Now? (https://www.flyertalk.com/forum/technical-support-feedback/1203216-site-trouble-now.html)

gfunkdave Apr 7, 2011 5:12 pm
Site Trouble Now?
 
Recently, I got a character encoding error when I tried to get to FT. Now, every page has the following at the top, over the FlyerTalk banner:

IBobi Apr 7, 2011 5:20 pm
IB Tech is all over this.

IBobi Apr 7, 2011 5:24 pm
Back up now. Let me know if the problem is persisting for anyone.

vocoder Apr 7, 2011 5:28 pm
Just a heads up. When the site was giving character encoding errors it was always kicking out an array that included this part in plain text:

Code:
            [MasterServer] => Array
                (
                    [servername] => flyerdbhost
                    [port] => 3306
                    [username] => ****
                    [password] => ****
                    [usepconnect] => 0
                )
Note I replaced username and password with ****, but it was clearly available for a number of minutes.

IB-Dick Apr 7, 2011 5:29 pm
Originally Posted by vocoder (Post 16179549)
Just a heads up. When the site was giving character encoding errors it was always kicking out an array that included this part in plain text:

Code:
            [MasterServer] => Array
                (
                    [servername] => flyerdbhost
                    [port] => 3306
                    [username] => ****
                    [password] => ****
                    [usepconnect] => 0
                )
Note I replaced username and password with ****, but it was clearly available for a number of minutes.
Well aware and taking remediation.

magiciansampras Apr 7, 2011 8:38 pm
Originally Posted by vocoder (Post 16179549)
Just a heads up. When the site was giving character encoding errors it was always kicking out an array that included this part in plain text:

Code:
            [MasterServer] => Array
                (
                    [servername] => flyerdbhost
                    [port] => 3306
                    [username] => ****
                    [password] => ****
                    [usepconnect] => 0
                )
Note I replaced username and password with ****, but it was clearly available for a number of minutes.
Wow. I'm not a techie so I don't really know what that means, but it doesn't seem good, does it?

Mary2e Apr 8, 2011 10:16 am
Looks to me like the admin id & password to the server was visible for a while :eek: :eek:

Note: I could be wrong and if I'm not, that doesn't mean anyone actually did anything with it.

IB-Dick Apr 8, 2011 9:05 pm
Originally Posted by Mary2e (Post 16183112)
Looks to me like the admin id & password to the server was visible for a while :eek: :eek:

Note: I could be wrong and if I'm not, that doesn't mean anyone actually did anything with it.
That is the username and password that the web servers connect to the database on the database server. The username and password have been changed, but the site was never in any real danger. First, you need to know what the database server is. It just has a host name in there, not the IP. Even if the IP was there, it's an internal IP, so it's worthless unless you're on our network. Our db servers are locked away pretty well, so you can only access the data from the webservers. If you have access to the webservers, then it's fairly easy to get this information anyway. This is really only an issue if you're database servers are externally accessible, and ours aren't.

Still, the username and password have been changed. :-)

Mary2e Apr 9, 2011 8:36 am
Well, I figured that was the first thing you would do, perhaps after disconnecting it from the hive first as a precaution :)


All times are GMT -6. The time now is 8:44 am.


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.