Post to Facebook
Tweet about this
Share at LinkedIn
Invite participants
Reference this page
| NickR |
Thanks for the info. Nick. ----- Nick |
English « Bug tracker «
SECURITY ALERT [Integrated]
Please remove script links/trackback.php manually from your server
| Workflow | Support request |
| Status | Solution has been fully integrated |
| Owner | Bernard Paques |
| Progress |  |
We have been reported one site running YACS 7.2 hacked. The root case analysis has shown repeated attacks on the aforementioned script. Flaws identified here have been fixed in the archive 7.3alpha19 released on March-20.
If you can't or don't want to move to this new version, the simplest way to protect your server is to manually remove the script
A safer version will be automatically re-installed during a next update to 7.3, so you won't have to do something specific on this after the removal.
If you can't or don't want to move to this new version, the simplest way to protect your server is to manually remove the script
links/trackback.php with the limited drawback of not accepting trackback requests for some time.A safer version will be automatically re-installed during a next update to 7.3, so you won't have to do something specific on this after the removal.
