GoFuckYourself.com - Adult Webmaster Forum - View Single Post

nata25 · 12-21-2009, 10:20 AM

No answer from czarina - OK, I found her ticket myself. Just a few short points:

1) aWIZ is not a firewall or antivirus to remove viruses/trojans - it is still CMS, however probably the only CMS who can detect known and unknown viruses/trojans (heuristics analysis) and notify the user for further actions. czarina never activated this protection, so no comments why she were blind in aWIZ areas.

2) in reality aWIZ provides an unique line of methods of EXTRA protection&safety which are not provided by most other scripts. Particulary aWIZ provides blocking of any kind of injections, so server couldn't be infected THROUGH aWIZ. In czarina's case never were proved (and I suppose even not investigated) that trojan were injected right through aWIZ.

3) CHMOD 777 is required by default to get to script the rights to work with the files, BUT it is absolutely not enough to inject the trojan. It is fact.

4) Anyway, CHMOD 777 can be changed to more secure ones if customer need it and asks us. Particulary chazina got such explanation in 8 minutes after she submitted her ticket. However since her hoster were unable to put one line onto the cron (as she said) - we suppose that permissions readjustment were all the more the task beyond their strength.

5) In given case we suppose took place quite rare combination of some other hole-ridden script (which were hacked) and CHMOD 777 at aWIZ area where trojan were placed. Sadly that all czarina's anger pointed to aWIZ, not to this unknown script or to dull hoster... But it's her right.

As anyone see that no other complaints about trojans with aWIZ at this thread, on this board or at any other boards WorldWide - we suppose that this particular case requires attention, but is not a reason for hysterics to all the world

In any case here are a few simple recommendations for other scripts users (not only aWIZ):
a) use phpsu apache mode, it solves the question of CHMOD 777 and actually now it is used by half hosters worldwide by default.
b) set even simple free firewall onto the server - it will block all harmful activity in both directions
c) if you are aWIZ user and hasn't "a" and "b" and are worry about safety of OTHER scripts on your server - contact us and we will explain how to avoid CHMOD 777.

12-21-2009, 10:20 AM
nata25 Confirmed User Join Date: Feb 2002 Posts: 240	No answer from czarina - OK, I found her ticket myself. Just a few short points: 1) aWIZ is not a firewall or antivirus to remove viruses/trojans - it is still CMS, however probably the only CMS who can detect known and unknown viruses/trojans (heuristics analysis) and notify the user for further actions. czarina never activated this protection, so no comments why she were blind in aWIZ areas. 2) in reality aWIZ provides an unique line of methods of EXTRA protection&safety which are not provided by most other scripts. Particulary aWIZ provides blocking of any kind of injections, so server couldn't be infected THROUGH aWIZ. In czarina's case never were proved (and I suppose even not investigated) that trojan were injected right through aWIZ. 3) CHMOD 777 is required by default to get to script the rights to work with the files, BUT it is absolutely not enough to inject the trojan. It is fact. 4) Anyway, CHMOD 777 can be changed to more secure ones if customer need it and asks us. Particulary chazina got such explanation in 8 minutes after she submitted her ticket. However since her hoster were unable to put one line onto the cron (as she said) - we suppose that permissions readjustment were all the more the task beyond their strength. 5) In given case we suppose took place quite rare combination of some other hole-ridden script (which were hacked) and CHMOD 777 at aWIZ area where trojan were placed. Sadly that all czarina's anger pointed to aWIZ, not to this unknown script or to dull hoster... But it's her right. As anyone see that no other complaints about trojans with aWIZ at this thread, on this board or at any other boards WorldWide - we suppose that this particular case requires attention, but is not a reason for hysterics to all the world In any case here are a few simple recommendations for other scripts users (not only aWIZ): a) use phpsu apache mode, it solves the question of CHMOD 777 and actually now it is used by half hosters worldwide by default. b) set even simple free firewall onto the server - it will block all harmful activity in both directions c) if you are aWIZ user and hasn't "a" and "b" and are worry about safety of OTHER scripts on your server - contact us and we will explain how to avoid CHMOD 777. __________________ Web Design ~ Paysite Software ~ Cash STABILITY & RESPONSIBILITY: OVER 15 YEARS IN THE INDUSTRY