Print

[mealex]

Hi
We have an Adult paid site www.arabsexcity.com [edit GauGau] Warning: link not worksafe [/edit]
Its using coppermine 1.34
I would like to upgrade but its edited alot and could be hard. I am happy with the current version.
But i keep finding usernames and passwords to my site in forums.
What should i do?
Alex

[Vee]

I think you should upgrade.
I can help you for that. 

[Hein Traag]

version 1.34 is stoneage. Upgrading is mandatory!

Even if you edited it a lot you should still upgrade at 1.4.10 is the current stable (and safe) version.

[mealex]

Hello

So can somebody help me upgrading my site.
The site is fully operational with alot of members.
The site has been edited alot

Please reply to mealexxx@gmail.com
Alex

[mealex]

Hi 

My name is Alex.
I own an Adult pay site.
I am using coppermine 1.3.4

I found out more than once anymous people loging into my members area. After investigating i found my site's passwords and usernames in forums. I deactivated those members but after that i found new members info on forums which means that my site is vulnerable for hackers and password sniffers.

I would like to fix this by upgrading and installing any security addons if available.

The only thing is my site is heavily edited. I like it to be the same exactly with no changes but upgraded. The site is heavily traffiked and have alot of members that i dont want to disturb.

I will pay generousily for whom is upto this challenge. 

I need it done Yesterday 

Thanks
Alex

[mealex]

Hi

Yes its me again.
My email is mealexxx@gmail.com

Alex

[Hein Traag]

Try not to double post and be patiened.

[Joachim Müller]

It is not advisable to post your email address in your thread - this will only make email harvesters store your email address, resulting in even more spam. Just enable notifictions for the thread you start instead. You'll be emailed then if potential job takers reply to your thread.

It's advisable to post the budget you're ready to spend, the time schedule you have in mind

[Joachim Müller]

Merging thread "Site getting hacked - Upgrade needed and security issues - WILL PAY" with your other thread "Need Help - My site keep getting hacked". In the future, don't start two identical requests.

Why don't you perform the upgrade yourself?

[mealex]

Hello

OOOps, sorry for the dulpications. Actually one was old and the other 1 was new.

Well i am not a developer myself.

Besides the gallery is heavily edited from some developers in the forum. And the site is heavily trafficked. Members should not feel the process and the coding must be to the highest standards without holes.
B. Mossavari contact me to upgrade my site and fix the security issues and cleanup all the unnessarly files.

The budget is $400

Any recommendations

Alex

[carefree]

Generally i find hacks on our site through "cross site scripting" . Read this article and download a security tool from downloads.com relating to this term.

http://en.wikipedia.org/wiki/Cross-site_scripting

Its easy to overlook even large well known sites experience this.

You should also add a discliamer to you signup page stating that you will try to prevent it, but you are not resposible for hacking attempts.

Hope this helps

[Joachim Müller]

Read this article and download a security tool from downloads.com relating to this term.

Such a tool to download does only make sense if you have no idea why you're under attack. Alex knows pretty well why he's under attack: because he's using an outdated (ancient) version of the script that has known security issues. The attackers know those issues just as well. The only way to fix those issues is to upgrade. I understand that you're trying to be helpfull, but in this case your advice won't help.

You should also add a discliamer to you signup page stating that you will try to prevent it, but you are not resposible for hacking attempts.

What's the benefit of such a disclaimer? If you're aware that your site has security vulnerabilities and you still don't act accordingly, you can be held liable for possible damage, no matter wether you have such a disclaimer or not.

Well i am not a developer myself.

You don't have to be one.

I suggest upgrading as suggested in the docs: doing exactly as suggested there will give you a backup both of your files and your database. This way you can savely go back if the upgrade process should go wrong. The apply the actual update, replacing all customized pages with fresh files of the cpg1.4.12 package. This way, you'll lose your customization for a short period of time, but don't worry: you can apply them carefully, step-by-step after having upgraded.

The budget is $400

Sounds like a fair budget to me. I think you should be able to find a good freelancer to do the job for you.

Joachim

[foulu]

i can hand this work just because i'm the one who modify mealex cpg before. I think i will take place in about 3 - 4 days. Pm or email if you want to hire me.

[Joachim Müller]

Issue solved? Job done?