Confused by analyzer.php

Nuke Cadet Joined: Feb 18, 2003 Posts: 9

I have installed 6.5 full and have run analyze.php on it. Analyze has found the following errors:

MySQL server version 3.23.54 (I have sent an email to my server to update this)

magic_quotes_gpc is not enabled, yet when I run phpinfo.php from the same domain it shows the magic_quotes_gpc value as ON. (magic_quotes_runtime is OFF and magic_quotes_sybase is OFF)

WebMail attack - mailattach.php was found and should be deleted... I thought that I read a post here stating that FB has fixed this in 6.5... has it been fixed?

phpBB2 forums are at risk (showing as version 2.0.2). I checked the forums and everything is clearly labelled version 2.1 from NukeCops. I understand that FB did not include some of the database changes with the port, but am wondering if it is still at risk?

I have removed mailattach.php for now, but am confused by the phpBB error and the magic_quotes_gpc error. Any comments would be greatly appreciated!

analyze.php ==> http://mysafetech.com/analyze.php
phpinfo.php ==> http://mysafetech.com/phpinfo.php

Posted: Wed Mar 19, 2003 12:26 pm

I also got some clear miss information from analyzer!!!!!!!!!

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

That's odd, I have to check the code again. If you look http://mysafetech.com/analyze.php?zx=phpini you'll see that both local and global for magic quotes is "1", or "on". Analyzer correctly reports that, but not sure why its missing on the warning. Thanks for the heads up, I'll inspect the code again.

Nuke Cadet Joined: Feb 18, 2003 Posts: 9

Hi ZX;

Thanks for the reply... I feel a bit less confused now! Wink

Any ideas as to the phpBB warning?

Nuke Soldier Joined: Jan 30, 2003 Posts: 28 Location: USA

I also get the mailattach and phpbb 2.0.2 warning in 6.5 final install?

Posted: Thu Mar 20, 2003 3:50 am

If using 6.5 ignore both warnings, to get rid of the phpBB warning in phpMyAdmin type update nuke_bbconfig set version = .0.4 change the nuke value to whatever your prefix is, else edit this value manually.

Nuke Cadet Joined: Feb 18, 2003 Posts: 9

I would assume that this is part of the database changes that were not implemented by FB... I do not have a 'version' field in _bbconfig.

Posted: Thu Mar 20, 2003 10:10 am

Not sure if this would be the case with you but when i view the bbconfig table through phpMyAdmin because it has so many fields i only see half of them in the page but if i click next i will see the other half, among these version.

Nuke Cadet Joined: Feb 18, 2003 Posts: 9

DUH!

I don't know why that never even occured to me!

You are correct! The version field was the last in the table and set to .0.2 (now .0.4). Thanks!

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Yah CS is right... our forums port is in the 6.5 final, and our copyright notice is there too. You can see it right at phpnuke.org. Only problem is, fbc forgot to change the version from .0.2 to .0.4. Of course that in itself isn't a security issue.

Corporal Joined: Jan 17, 2003 Posts: 58

If you go to your PHPbb admin and look at the bottom of the admin page on the right you will see:

Powered by phpBB 2.0.2 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem, sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com