|
||||
|
|
Earlier versions of OOTP: Commissioner's Corner Want to run an online league? Want to learn about the 'ins' and 'outs' of being a commish? This is the place! |
|
Thread Tools |
12-03-2008, 10:52 AM | #61 |
Hall Of Famer
Join Date: Nov 2004
Posts: 6,069
|
Forgot to mention that 3 sites of mine got hit. Spent 3+ hours cleaning up the mess.
__________________
Fidel Montoya Asahi2 Baseball ex-Commissioner(Historical League Since 2004) www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!) Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required) |
12-03-2008, 10:55 AM | #62 |
Hall Of Famer
|
Sorry if I've missed this, but how is OOTP9 files linked to being able to upload and comprimise sites? The only things that OOTP9 would have on a site is a zip or rar for the league file and basic html pages correct?
|
12-03-2008, 11:01 AM | #63 | |
Hall Of Famer
Join Date: Nov 2004
Posts: 6,069
|
Quote:
Even if you use a limited FTP account, the ****** can still get into the OOTP reports. If this happens, you run the risk of allowing a trojan type virus to get into several league members' computers.
__________________
Fidel Montoya Asahi2 Baseball ex-Commissioner(Historical League Since 2004) www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!) Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required) |
|
12-03-2008, 11:02 AM | #64 |
All Star Reserve
Join Date: Feb 2007
Posts: 925
|
It's the actual OOTP league file that GMs download and install into OOTP.
|
12-03-2008, 11:04 AM | #65 | |
Global Moderator
|
Quote:
I don't think I've ever used an ****** - is it something you can get browsers to not show as it seems quite a big security risk on any site? I think point 2 is still valid though. |
|
12-03-2008, 11:50 AM | #66 |
Hall Of Famer
Join Date: Nov 2004
Posts: 6,069
|
If you just want to make sure your index files are clean, download them to your hard drive and open them with a text editor. If you see anything in any of your index files like...
Code:
< ****** ...BLAH, Blah, BLAH.../******>
__________________
Fidel Montoya Asahi2 Baseball ex-Commissioner(Historical League Since 2004) www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!) Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required) Last edited by Tony M; 12-03-2008 at 12:03 PM. Reason: put some codes round it |
12-03-2008, 12:03 PM | #67 | |
Global Moderator
|
Quote:
|
|
12-03-2008, 12:09 PM | #68 |
Hall Of Famer
Join Date: Nov 2004
Posts: 6,069
|
Thanks Tony.
I thought I was going to get banned for knocking off the OOTP forums with an ****** sample.
__________________
Fidel Montoya Asahi2 Baseball ex-Commissioner(Historical League Since 2004) www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!) Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required) |
12-03-2008, 12:27 PM | #69 |
Minors (Single A)
Join Date: Jun 2004
Posts: 68
|
Does anyone know if 2007/2008 have the same security issues as 2009. I run a league that is getting hacked also but we run 2007/2008 not 2009.
|
12-03-2008, 12:34 PM | #70 |
Global Moderator
|
Without access to a 2007/2008 game I couldn't say. I'll just go and have a look in the 2008 forum and find a random online league to see if it's still on the previous version.
|
12-03-2008, 12:38 PM | #71 |
Minors (Single A)
Join Date: Apr 2006
Posts: 87
|
Is there a patch out? Someone emailed a league I'm in with a patch...please confirm this
|
12-03-2008, 12:43 PM | #72 |
Hall Of Famer
|
Well considering I was the one who emailed you, you probably won't believe that I confirm it but I'm sure someone else will soon.
__________________
From the wise mind of Davey Eckstein "Now all you need is a signature. A quote or initial, perhaps." [ |
12-03-2008, 01:34 PM | #73 |
Major Leagues
Join Date: Nov 2006
Posts: 310
|
The link that was sent to us was for the 9.2.7 patch (?). However, that patch was put up on November 17, which was before you guys figured out what the hole was. So I'm a bit dubious that the patch would solve anything.
|
12-03-2008, 01:39 PM | #74 |
Global Moderator
|
I told Andreas about this hole a couple of days after this thread started so this patch does cover this hole.
|
12-03-2008, 01:43 PM | #75 |
Hall Of Famer
Join Date: Aug 2007
Posts: 2,360
|
Is there a Mac version of the patch available? The mailing I received only pointed to a PC version. Several of my owners use Macs.
__________________
Founder of the Planetary Extreme Baseball Alliance (PEBA) Premiere OOTP fictional league where creativity counts and imagination is your only limitation Check for openings - contact us today! |
12-03-2008, 05:14 PM | #76 |
Global Moderator
Join Date: Nov 2002
Location: Vancouver, Canada
Posts: 10,693
|
Is this patch going to be publicly announced? It sounds like it is only being spread privately and I don't understand why that would be. If it fixes an exploit surely it should be announced like any other patch so as many people can know about it as possible rather than just talked about here and in private.
EDIT: I was just passed the link to the aforementioned patch. I don't know why it wasn't publicly posted, but unless someone can tell me why it shouldn't be I'll be linking to it here and in the online league board's stickied thread. |
12-03-2008, 06:15 PM | #77 | ||
Global Moderator
Join Date: Nov 2002
Location: Vancouver, Canada
Posts: 10,693
|
Quote:
Quote:
|
||
12-03-2008, 06:27 PM | #78 | |
Hall Of Famer
Join Date: Dec 2004
Location: Bay Area, CA
Posts: 4,014
|
Quote:
__________________
Global Unified Baseball Association - Vice Commish and Oakland Oaks GM |
|
12-03-2008, 06:53 PM | #79 |
All Star Reserve
Join Date: Feb 2007
Posts: 925
|
I've kept my toungue privately on this all morning. I cannot for the life of me understand why a patch was made to address a security hole in OOTP without being released to the public. I'm not stupid. I'm not going to say that I know 100% for sure that my site was hacked due to an exploit of this security hole, but I'd say it's a good bet that it was. And even if it wasn't, for the OOTP developers to sit there and watch as numerous sites were hacked over the past month and not do anything to circulate this patch file is inexcusable to me, and it's causing me serious doubts as to whether I want to buy OOTP 10 when it comes out.
It's one thing to fix an issue that isn't a major security hole and wait to release it in a cummulative patch. It's quite another to fix a major security hole and not release an "emergency patch" when you know your customers are being victimized, regardless if you think the security hole is the problem or not. |
12-03-2008, 07:16 PM | #80 |
Hall Of Famer
Join Date: Dec 2001
Location: Union City, TN
Posts: 6,383
|
So, can all commishes get this patch or is there a select few that are worthy of being protected against this?
|
Bookmarks |
Thread Tools | |
|
|