e107 Security alert

CaMer0n by CaMer0n in e107

Recently jalist was sent an email detailing an e107 security issue.

Recently jalist was sent an email detailing an e107 security issue. jalist sent it on to me and I have let the rest of the dev team know about it. Upon looking further, it seems that it may even be broader than the author knew.

Because of the security concerns we are asking all e107 site admins to rename their e107_admin directory. You must then update your e107_config.php file (or class2.php file if you are using a version older than 0.616) and set the $ADMIN_DIRECTORY to this new directory name. Since you do not ever need to retype this directory name, you can make it as complex as you wish. Some nice MD5 hash is always nice : e107_74c46183b0b9e99971b44ca33e3f123d

The fix for this will probably be pretty extensive and will be seen in the 0.617 release.

Renaming your admin directory is a good idea anyway, but now you NEED to do it. Sorry if this causes any hassles.

If anyone wants any more info on this, please contact me privately. No, I will not tell you exactly how to take advantage of it.


Social Links