Security patch GuppY v.4.6.4 - by hpsam_GT_Dev 03/11/2007 @ 22:01
Dear,
A security failure has been discover on version 4.6.1 to 4.6.4 some hours ago and can seriously harm your sites under certain conditions. We publish this safety patch which is available in download in order to correcting it.
This one must be applied immediately.
After upgrade in version 4.6.4 it is recommended to you to check the following points:
Check the presence of .php, .html or .htm that are not from GuppY, plugins or from yourselves. If you findone, remove it or if you doubt rename it. You can download by FTP all your site and your antivirus will react on dangerous files. Verify most accurately file/, /flash/, /img/ et /photo/
Check the place occupied by your site on the server. If your site grew bigger of a blow, then check if there were not use of your space to store illegal files, vidéos, mp3... Remove them!
By additional safety measure, if one of those points corresponds to you then change your passwords of admin.
We also point out that it is imperative to have:
A htaccess at the root of the site (delivered with the GuppY pack) and which must be modified in certain cases as indicated in the FAQ : http://www.freeguppy.org/faq.php?lng=fr&pg=98411
A htaccess for the admin in accordance with this FAQ : http://www.freeguppy.org/faq.php?lng=en&pg=70
Note: Some Providers have specific procedures and in this case it is necessary to see with them. Note 2: Among other providers, it is not possible to have htaccess which function and in this case the solution is to change provider
