Posts: 11
Name: Alexander vanRossum
Location: ~ /usr/sbin/
|
I'll give a full review later on, for now i'm going to bed.
I just wanted to say this one thing:
I've had quite a few security issues with Coppermine. Major. I had a server turned into a zombie due to public posting rules, and another turned into a spambot, both dealing with different issues, and both sites were compromised, overloaded, blacklisted, and shut down by me for security reasons within one hour after the holes were detected on the underground. Repairing the blacklist status was bad enough, let alone all the garbage traffic from all the spam references. Viagra FTW!
I had a third site DoS itself (very interesting paradox there o.O) for no apparent reason other than a script kiddie having "fun." Two SQL Injections, one DoS, and one filename restriction bypass later and i no longer use Coppermine.
I'm not saying that they haven't fixed the issues, they have. But, it's just left a REALLY bad taste in my mouth. Coppermine makes a product that is, for the most part, really good quality.
Just a warning, be careful of how you handle users, registration and posting.
ReCaptcha is your friend.
Also - why the tinyUrl? the real one is only 3 chars longer! 
Dev.
__________________
The Free Open Forum - An open forum where anyone can post articles.
If only it were this easy...: (theWorld:~ Problems$ fsck -f)
Last edited by Deviros; 07-06-2008 at 05:45 AM..
Reason: ReCaptcha name wrong
|
