Darkvader

I think mouradski_21 is right, avatars are disabled in this forum. it doesn't matter if you upload or link them, they will not show up in the forum posts.

Could you post a sample of those characters you are getting? is it all the smilies causing the problem or just some of them?

Where did you put you logo.swf file? is it in the same directory as overall_header.html? or is it somewhere else? Also what template are you using? is it the prosilver? if it is prosilver, let's do it my way. Go under \styles\prosilver\template and create a directory, name it flash, now put your "logo.swf" in flash directory, and insert this code in overall_header.html like I showed you before. Don't forget to refresh your template in the ACP, under the Styles tab. If that doesn't work, please post your source HTML.

Thank you. it's a pleasure to contribute.

Alright, open \styles\prosilver\template\overall_header.html and look for this code here {SITE_LOGO_IMG} remove the whole line and replace it with your own HTML that embeds flash file like make sure the path to swf file is relative to phpBB root directory like src="www.domain.com/somefilename.swf", not to template file. Also you might want to remove "" before and "" after that code. Good Luck.

I might be able to help you with the first request if you know how to write some HTML code. Let me know. Thanks

Yes that's before he upgraded to a new version, on apache 2.2.4 there is an HTTP Server 413 Error Page XSS vulnerability. By passing a content-length : -1, and a malformed GET Request, apache will not sanitize the request, and will digest it as is, making it vulnerable to XSS and possibly a non-persistent defacement of the site. if you telnet into a server that has apache 2.2.4 on it like Telnet xxx.xxx.xxx.xxx 80 and you type in GET With a little bit of JavaScript knowledge you can do a lot.

Although it sounds like those are new terms that I wasn't even aware of, thinking that the old forum terms apply to this one. I was mistaken, but fair enough, I don't think I belong here anyway, so if you could be nice to deactivate my account. Thanks.

Peace upon whom follow guidance, Please, I don't want to offend you, but I don't think you read the forum terms of use. I read it at least three times, and I failed to find that the forum language is French, please correct me if I am wrong. Now if you want to make it a new rule, that's fine with me, I just don't think it's fair to tell people what to speak or how to speak. As far as I know English is very well understood in this forum and nobody has objected besides you. Peace out.

Glad your upgrading your apache server, because as of last night it was vulnerable to XSS, I was playing on it, and I think you banned my IP address. Good luck securing it.

you are welcome, I am glad you fixed it. As for the tart and drink I don't think they would survive the trip to USA, but thanks anyway.

What happened to the server, you took it down?

the file is \includes\functions.php, open it and go to the function "get_preg_expression($mode)" change this portion case 'email': return '(?:[a-z0-9\'\.\-_\+\|]|&)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z]+'; break; With case 'email': return '(?:[a-z0-9\'\.\-_\+\|]|&)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z0-9]+'; break; and you're good to go.

Glad you came to the conclusion that the email is not being validated because of the address itself that's why I asked about it. Find the file where the regular expression is, and modify it. PHPBB express: ^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*[a-z]+$ Modify it to ^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*[a-z0-9]+$ It will work.

I know that email are in somthing@something.somthing, not every email will pass validation. regular express is : ^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*[a-z]+$ you can check your email against that regular expression online and see if it is validated. Good luck.

What is the email address? no sweat, I am not gonna use it for spamming, I am just trying to help. It might be that your email is not passing regular expression validation that phpbb is using.

Glad you came to that conclusion.

So much for Mac security. Mac OS is so secure

Everybody is trying to help you but you need to help yourself explaining the issue, what you said here sounds Chinese that nobody is really understanding. Could you at least connect to the vpn then go execute "route print" command under DOS prompt, let's see what you have there. another question why is your server having a gateway address (192.168.0.1)? Thanks

Absolutely, there are bugs in every software, that's because they were made by failable humans. Not that I am an expert in Microsoft products, but because I watched and studied the significant improvement that MS brought to II6 from previous versions, and that's why more than half of the Fortune 1000 companies adopted II6 over Apache. As for your question about directory transversal attacks, there are plenty of ways to prevent that, and here is what I would do. 1. Set Execute Permissions of the web site to none in IIS manager console. 2. Create an anonymous Web Users Group, add the IIS anonymous user account to the group. 3. Set Full Control permission to DENY on Windows and System32 folders for the anonymous web Users Group that I create. 4. By default IIS gets installed on a bootable drive (C drive) most of the time, and most of the web applications are in C:\inetpub by default, so create a new web server directory on a different drive for example (E drive). 5. In IIS Manager Console, change the web server directory from C:\inetpub to the new directory on the E drive. Moving the Web site off the boot drive volume disables many directory transversal attacks. 6. Give the new Anonymous Web Users group read-only permission to the new Web site folder to prevent anonymous users from writing to or creating files on the web site. 7. Make sure to sanitize Inputs and URL from your web application.

WAMP or LAMP I don't think it matters, if you build your servers and network without security in mind, than you've opened your doors to everybody. Let's be honest and talk beyond rhetoric, Apache is no secure than IIS6 or IIS5, you don't have to take my word for it, just go to secunia.com, check the track record for the last 4-5 years of IIS6 and compare it to Apache. it's a no brainer, there are more security advisories for Apache than IIS6.

Thank you, Glad to be back.

I think your title is misleading, it should've said "Windows, Linux, Mac OS owned via Firewire". It's not just Windows, any OS that doesn't ensure a fully trusted device is connected through Firewire is vulnerable to this feature. BTW, this ain't new, it's old news demonstrated back in 2005.

Trusting information with third-party client can still expose you to thorny legal challenges such as subpoena. Unlike a search warrant for your off-line hard drive, which is far more restrictive and difficult to obtain, Google could perhaps be persuaded by law enforcement to deliver up your files without even telling you. So be careful what you store with GOOGLE. BIG BROTHER IS ALWAYS WATCHING YOU.

Ditto. I enjoyed talking to you and hope to have more constructive debates in the future. BTW, what do you think of the next generation of Java and .NET? Have a great day.