Today I discovered a security hole in my host's server which enables me to access any file on the server, e.g. files on other people's sites. Oh that reminds me my ikonboard security exploit still works with gold :D

anyhow safe_mode for PHP was off, so I've emailed them to turn it on... they won't be pleased :D

Has anyone else discovered security problems?

I posted one in this forum that told about some of them. running in safe mode will not let you do some functions. I have read about this safe mode and I don't think my server is running it. I also can't access other peoples directories. so I don't now what they have in place for this.

Safe mode has little to do with it. The thing about it is the server cofiguration. Your host will need better software to prevent this. You will propably be able to access those files with talnet and perl, or any other server scripting language. This is the thing that happened to the BR network.
Good Luck,
Paul

:( oh I'm sorry for bringing back bad memories Jason :(

Oh that reminds me my ikonboard security exploit still works with gold

whats that? I just wanted to know, cause I run serveral sites, that all use ikonboard for thier forum script.

Originally posted by Tom
Today I discovered a security hole in my host's server which enables me to access any file on the server, e.g. files on other people's sites. Oh that reminds me my ikonboard security exploit still works with gold :D

anyhow safe_mode for PHP was off, so I've emailed them to turn it on... they won't be pleased :D

Has anyone else discovered security problems?
actually I think it was a hole in Apache. they have fixed it in the lastest version at www.apache.org