Quote:
Originally Posted by Tony M
...
Until the emergency patch comes out there's nothing that can be done to prevent this potential way in, unless you are able to set up a separate FTP user that only has access to the OOTP directories and no access to forums...
|
Even that doesn't solve this issue. I've seen 2 of my sites with
altered (OOTP generated) index.html pages with an ****** inserted. The hole you saw is EXACTLY how the bad guy is getting in. He either plays OOTP or spent enough time around here to get enough info on how to do this.
Even if you use a limited FTP account, the ****** can still get into the OOTP reports. If this happens, you run the risk of allowing a trojan type virus to get into several league members' computers.
__________________
Fidel Montoya
Asahi2 Baseball Commissioner(Historical League Since 2004)
www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!)
Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required)