[quote:9c151e77ba][i:9c151e77ba]Originally posted by itf[/i:9c151e77ba]
[b:9c151e77ba] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info
http://forums.cpanel.net/read.php?TID=4074
[/b:9c151e77ba][/quote:9c151e77ba]
Hi ITF
I think we were talking about the cpanel builds and its updates - where did Interchange came in
Parag
[b:9c151e77ba] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info
http://forums.cpanel.net/read.php?TID=4074
[/b:9c151e77ba][/quote:9c151e77ba]
Hi ITF
I think we were talking about the cpanel builds and its updates - where did Interchange came in
Parag
[quote:466cba29e0][i:466cba29e0]Originally posted by parag[/i:466cba29e0]
[quote:466cba29e0][i:466cba29e0]Originally posted by itf[/i:466cba29e0]
[b:466cba29e0] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info
http://forums.cpanel.net/read.php?TID=4074
[/b:466cba29e0][/quote:466cba29e0]
Hi ITF
I think we were talking about the cpanel builds and its updates - where did Interchange came in
Parag[/quote:466cba29e0]
Updating Cpanel overwrites Interchange (however it was unsuccessful) then you are vulnerable
Whatever you want, you --parag don’t apply that
[quote:466cba29e0][i:466cba29e0]Originally posted by itf[/i:466cba29e0]
[b:466cba29e0] You have to apply my Interchange hack against those exploits again after these tries read this thread for more info
http://forums.cpanel.net/read.php?TID=4074
[/b:466cba29e0][/quote:466cba29e0]
Hi ITF
I think we were talking about the cpanel builds and its updates - where did Interchange came in
Parag[/quote:466cba29e0]
Updating Cpanel overwrites Interchange (however it was unsuccessful) then you are vulnerable
Whatever you want, you --parag don’t apply that
hi itf
i already fixed the interchange exploit few days back.
but i have also saved the procedure you posted thanks
And its not the question of applying it or not - i was wondering why suddenly interchange came into the picture - so just asked - nothing much
Omar - Interchange is a Shopping Cart System
Parag
i already fixed the interchange exploit few days back.
but i have also saved the procedure you posted
thanksAnd its not the question of applying it or not - i was wondering why suddenly interchange came into the picture - so just asked - nothing much
Omar - Interchange is a Shopping Cart System
Parag
[quote:e04bf0f98f][i:e04bf0f98f]Originally posted by parag[/i:e04bf0f98f]
hi itf
i already fixed the interchange exploit few days back.
but i have also saved the procedure you posted thanks
Omar - Interchange is a Shopping Cart System
Parag[/quote:e04bf0f98f]
please be informed you tried to update to cpanel build 53, but you didn't get the result, but it rewrites the Interchange, I mean if you applied my hack before this update you are now vulnerable
hi itf
i already fixed the interchange exploit few days back.
but i have also saved the procedure you posted
thanksOmar - Interchange is a Shopping Cart System
Parag[/quote:e04bf0f98f]
please be informed you tried to update to cpanel build 53, but you didn't get the result, but it rewrites the Interchange, I mean if you applied my hack before this update you are now vulnerable
[quote:19a6eac11f][i:19a6eac11f]Originally posted by itf[/i:19a6eac11f]
[quote:19a6eac11f][i:19a6eac11f]Originally posted by parag[/i:19a6eac11f]
hi itf
i already fixed the interchange exploit few days back.
but i have also saved the procedure you posted thanks
Omar - Interchange is a Shopping Cart System
Parag[/quote:19a6eac11f]
please be informed you tried to update to cpanel build 53, but you didn't get the result, but it rewrote the Interchange, I mean if you applied my hack before this update you are now vulnerable[/quote:19a6eac11f]
yeah yeah i understand what you mean -
but i did it the other way using iptables and have those rules in the init script itself
Parag
[quote:19a6eac11f][i:19a6eac11f]Originally posted by parag[/i:19a6eac11f]
hi itf
i already fixed the interchange exploit few days back.
but i have also saved the procedure you posted
thanksOmar - Interchange is a Shopping Cart System
Parag[/quote:19a6eac11f]
please be informed you tried to update to cpanel build 53, but you didn't get the result, but it rewrote the Interchange, I mean if you applied my hack before this update you are now vulnerable[/quote:19a6eac11f]
yeah yeah i understand what you mean -
but i did it the other way using iptables and have those rules in the init script itself
Parag
To be clear --
the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?
The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.
the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?
The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.
[quote:738ca93159][i:738ca93159]Originally posted by Curious Too[/i:738ca93159]
To be clear --
the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?
The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:738ca93159]
I thought build 53 would solve the problem then didn't lock that file.
To be clear --
the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?
The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:738ca93159]
I thought build 53 would solve the problem then didn't lock that file.
[quote:c95dd188e1][i:c95dd188e1]Originally posted by Curious Too[/i:c95dd188e1]
To be clear --
the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?
The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:c95dd188e1]
hi curious too
we were talking about build 53 and - normally everyone is not wise enough to have the chattr +i Server.pm set on their server.
ITF posted it for the information because it would get overwrite if the build was proper and would have had a proper update.
because of the faiilure in updating build 53 - its not overwritten.
first read all the posts..
Parag
To be clear --
the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?
The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:c95dd188e1]
hi curious too
we were talking about build 53 and - normally everyone is not wise enough to have the chattr +i Server.pm set on their server.
ITF posted it for the information because it would get overwrite if the build was proper and would have had a proper update.
because of the faiilure in updating build 53 - its not overwritten.
first read all the posts..
Parag
build 53 upgrade works but it installs build 52, I checked it out by manually upgrading it in SSH session by using /scripts/upcp and it ovewrites everything (cpanel softaware)
[quote:a1afac30aa][i:a1afac30aa]Originally posted by parag[/i:a1afac30aa]
[quote:a1afac30aa][i:a1afac30aa]Originally posted by Curious Too[/i:a1afac30aa]
To be clear --
the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?
The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:a1afac30aa]
hi curious too
we were talking about build 53 and - normally everyone is not wise enough to have the chattr +i Server.pm set on their server.
ITF posted it for the information because it would get overwrite if the build was proper and would have had a proper update.
because of the faiilure in updating build 53 - its not overwritten.
first read all the posts..
Parag
[/quote:a1afac30aa]
Your sarcasm is not appreciated.
I did read all the posts. I hacked the Server.pm file according to the instructions. When I ran the upcp script the hacked file was overwritten with the old Server.pm file. I then re-hacked the file and chattr +i the file and ran the upcp script. Even though the Server.pm file was not overwritten the server DID NOT update to Build 53.
[quote:a1afac30aa][i:a1afac30aa]Originally posted by Curious Too[/i:a1afac30aa]
To be clear --
the failure to update to CPanel build 53 has nothing to do with the Interchange hack, it is a separate problem?
The attempted update will overwite the hacked Server.pm, if you chattr +i Server.pm the update will not overwrite it.[/quote:a1afac30aa]
hi curious too
we were talking about build 53 and - normally everyone is not wise enough to have the chattr +i Server.pm set on their server.
ITF posted it for the information because it would get overwrite if the build was proper and would have had a proper update.
because of the faiilure in updating build 53 - its not overwritten.
first read all the posts..
Parag
[/quote:a1afac30aa]
Your sarcasm is not appreciated.
I did read all the posts. I hacked the Server.pm file according to the instructions. When I ran the upcp script the hacked file was overwritten with the old Server.pm file. I then re-hacked the file and chattr +i the file and ran the upcp script. Even though the Server.pm file was not overwritten the server DID NOT update to Build 53.
Curious Too
server.pm (the hack provided by ITF) is overwritten after upgrade, build 53 doesn't work but it rewrites everything
use /scripts/upcp in a root SSH session then you can see build 53 overwrites everything it also overwrites Interchange but does not upgrade properly and shows build 52
rewriting server.pm or not is irrelevant to build 53 problem just we have to make sure if server.pm was overwritten your system is vulnerable and have to apply ITF's hack
but also have to know if you lock server.pm and a later version of interchange be released in the future Interchange would not work properly. (this is not for this release)
server.pm (the hack provided by ITF) is overwritten after upgrade, build 53 doesn't work but it rewrites everything
use /scripts/upcp in a root SSH session then you can see build 53 overwrites everything it also overwrites Interchange but does not upgrade properly and shows build 52
rewriting server.pm or not is irrelevant to build 53 problem just we have to make sure if server.pm was overwritten your system is vulnerable and have to apply ITF's hack
but also have to know if you lock server.pm and a later version of interchange be released in the future Interchange would not work properly. (this is not for this release)
[quote:aee1fdd24e][i:aee1fdd24e]Originally posted by mikerayner[/i:aee1fdd24e]
but also have to know if you lock server.pm and a later version of interchange be released in the future Interchange would not work properly. (this is not for this release)
[/quote:aee1fdd24e]
Yes, I know, I'm hoping that when the real build 53 is released it will include the hacked version of Server.pm instead of the vulnerable version. In the meantime, since all my servers run the autoupdate I have to lock Server.pm until the new build is released.
but also have to know if you lock server.pm and a later version of interchange be released in the future Interchange would not work properly. (this is not for this release)
[/quote:aee1fdd24e]
Yes, I know, I'm hoping that when the real build 53 is released it will include the hacked version of Server.pm instead of the vulnerable version. In the meantime, since all my servers run the autoupdate I have to lock Server.pm until the new build is released.
