security threat, How to prevent people to access to stalker server?

[AL Firansi]

Hi,

I have noticed that it is easy for anyone to access any stalker portal byt typing the address server
I also noticed that we can get access to most of directories for instance you can type
http://yourserver/stalker_portal/server/api or else and you can see and download everything
how to protect people accessing it.

cheers

[Ivan Bratash]

You have to fix your general web server configuration. If you can access, browse, or even download PHP files, this means that your web server configuration is incorrect.

If you access http://yourserver/stalker_portal/server/api you should have 403 Forbidden error.

Check your *.conf files for <Directory> tags and fix those.

[French Team]

Thanks Ivan,
but unfortunately I don't know how to do it,
is there any tutorial or steps that I can follow, it might help all of us who face the same problem
cheers

--
Вы получили это сообщение, так как подписаны на группу "Stalker Middleware".
Чтобы отказаться от подписки на эту тему, перейдите на страницу https://groups.google.com/d/topic/stalker-middleware/ZEI8nbg36S4/unsubscribe?hl=ru.
Чтобы отказаться от подписки на эту группу и все входящие в нее темы, отправьте электронное письмо на адрес stalker-middlew...@googlegroups.com.
Чтобы добавлять сообщения в эту группу, отправьте письмо по адресу stalker-m...@googlegroups.com.
Просмотреть это обсуждение в Сети можно по адресу https://groups.google.com/d/msg/stalker-middleware/-/nXoNciCmYMYJ.
Настройки подписки и доставки писем: https://groups.google.com/groups/opt_out.
 
 

[Aleksey Zhurbitsky]

and you can see and download everything

Can you be more specific? What exactly you can see and download?

[AL Firansi]

for example I have downloaded your m3u file located in your portal. " tv.infomir.com.ua/stalker_portal/

but when i check today it seems that you have fixed this problem so could you tell me how to fix it please

cheers.

[Aleksey Zhurbitsky]

Version 4.8.58 has a lot of security patches, including access to m3u.php

[French Team]

actually I am using 4.58
you can still tell me how to fix it or how you did to fix yours
cheers

Le 14/05/2013 09:11, Aleksey Zhurbitsky, Stalker Middleware a écritО©╫:

Version 4.8.58 has a lot of security patches, including access to m3u.php

On Monday, May 13, 2013 8:38:34 PM UTC+3, AL Firansi wrote:

for example I have downloaded your m3u file located in your portal. " tv.infomir.com.ua/stalker_portal/

but when i check today it seems that you have fixed this problem so could you tell me how to fix it please

cheers.

On Monday, 13 May 2013 14:06:52 UTC+1, Aleksey Zhurbitsky wrote:

and you can see and download everything

Can you be more specific?О©╫What exactly you can see and download?

On Friday, May 10, 2013 12:25:11 PM UTC+3, AL Firansi wrote:

Hi,

I have noticed that it is easy for anyone to access any stalker portal byt typing the address server
I also noticed that we can get access to most of directories for instance you can type
http://yourserver/stalker_portal/server/api or else and you can see and download everything
how to protect people accessing it.

cheers

--
О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫, О©╫О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ "Stalker Middleware".
О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫, О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ https://groups.google.com/d/topic/stalker-middleware/ZEI8nbg36S4/unsubscribe?hl=ru.
О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫, О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫ stalker-middlew...@googlegroups.com.
О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫, О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ stalker-m...@googlegroups.com.
О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫ О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ https://groups.google.com/d/msgid/stalker-middleware/ad2d0483-7db7-46e7-ae6a-cf3e89eb0026%40googlegroups.com?hl=ru.
О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫: https://groups.google.com/groups/opt_out.
О©╫
О©╫

[Aleksey Zhurbitsky]

Add to custom.ini

enable_m3u_file = false

On Tuesday, May 14, 2013 3:32:48 PM UTC+3, AL Firansi wrote:

actually I am using 4.58
you can still tell me how to fix it or how you did to fix yours
cheers

Le 14/05/2013 09:11, Aleksey Zhurbitsky, Stalker Middleware a écritО©╫:

Version 4.8.58 has a lot of security patches, including access to m3u.php

On Monday, May 13, 2013 8:38:34 PM UTC+3, AL Firansi wrote:

for example I have downloaded your m3u file located in your portal. " tv.infomir.com.ua/stalker_portal/

but when i check today it seems that you have fixed this problem so could you tell me how to fix it please

cheers.

On Monday, 13 May 2013 14:06:52 UTC+1, Aleksey Zhurbitsky wrote:

and you can see and download everything

Can you be more specific?О©╫What exactly you can see and download?

On Friday, May 10, 2013 12:25:11 PM UTC+3, AL Firansi wrote:

Hi,

I have noticed that it is easy for anyone to access any stalker portal byt typing the address server
I also noticed that we can get access to most of directories for instance you can type
http://yourserver/stalker_portal/server/api or else and you can see and download everything
how to protect people accessing it.

cheers

--
О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫, О©╫О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ "Stalker Middleware".
О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫, О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ https://groups.google.com/d/topic/stalker-middleware/ZEI8nbg36S4/unsubscribe?hl=ru.

О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫ О©╫О©╫О©╫ О©╫О©╫О©╫О©╫, О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫О©╫О©╫О©╫О©╫ О©╫О©╫ О©╫О©╫О©╫О©╫О©╫ stalker-middleware+unsub...@googlegroups.com.