#1 By: Datarunner Subject:Security update, please apply (3.0) Time: 31.Oct.06 14:08:16
Hello,
if you are a Supermod 3.0 user:
Since there were some hackers on their way to Supermod websites,
I recommend you to download this .zip file and overwrite index.php and all files in /Sources
with this updated package. All files except index.php belong into the subdirectory /Sources.

We make use of crackertracker, a tool originally written for another forum software which
filters hack attacks.

Please also remove News.php, PrintPage.php and Reminder.php from the main directory, because they are now in the Sources directory. This is all, if you have not made any modifications yourself, to .php files like a hobby programmer, you are done:
Simply extract and overwrite. That's all!

There is also a new full version of Supermod with all updates in the download section on the main page.

HERE IS THE FILE:

Now Supermod is protected against SQL injections and no one can execute scripts from another source by calling a script and passing a wrong parameter.

Datarunner
---
Supermod is in development. We have some great new features you do not see here.



#2 By: Datarunner Subject:Security update, please apply  Time: 31.Oct.06 14:18:47
If you have made modifications to Supermod yourself, and you do not want your changed files to be overwritten by this update, this is for you (everybody else can leave out this message and read on somewhere else - please do so!!):

Replace only those files you know about that that you have not changed them by the files from the .zip. Include at the top of the sourcecode the following lines to the files where you have made modifications:

if (!defined('YaBBSM'))
die('Hacking attempt...');

Now this protects you if you have not chmodded your directory and files correctly, when they can get executed directly (which happened to AAA).

If you want to keep your changes to index.php, it is likely that you have made changes to the following:

Code:

$actionArray = array(
??????'addboard' => array("$sourcedir/ManageBoards.php", 'CreateBoard'),
??????'addmoods' => array("$sourcedir/Moods.php", 'AddMoods'),
??????'addmoods2' => array("$sourcedir/Moods.php", 'AddMoods2'),
??????'admin' => array("$sourcedir/Admin.php", 'Admin'),
???...
??????'vote' => array("$sourcedir/Poll.php", 'Vote'),
??????'xbirthdaypage' => array("$sourcedir/Xbirthday.php", 'xbirthdaypage'),
??????'xbirthdayset' => array("$sourcedir/Xbirthday.php", 'xbirthdayset'),
??????'xbirthdayset2' => array("$sourcedir/Xbirthday.php", 'xbirthdayset2'),
??????'yabbinfo' => array("$sourcedir/Admin.php", 'showYaBBInfo'));


Correct?
Rename your original index.php to index.old and upload the altered file from the .zip.
Then replace these lines of code through thise parts in your original index.php where you have made
YOUR modifications. You can also copy the whole array.

Then:
Do not forget to copy the new News.php, PrintPage.php and Reminder.php from the .zip to the directory /Sources. Remove these files from the root. Add in your index.php file $sourcedir/ where these three filenames appear in index.php (look for that string in an editor). This is important for Supermod to find those files after you have moved them out of the root into Sources!

If you have made personal changes to the Source, you are now done. If you haven't made any changes to the Sourcecode yourself and you have read up so far anyway, you would have only needed to read the first message.

Datarunner