OPN Version 2.4.9 is out !

OPN DEV NewsHello everybody,

the new release OPN 2.4.9 is now available!

Numberous bugs have been fixed and new features have been realised.(e.g. the modul User_Favorites has been added), exact data of all chages you find in the changelog.

All downloads can be found here.
The full version and all the update packages you find under the headline "Zusätzliche Dateien"

openphpnuke-2.4.9-full.* - The whole OPN, with modules and all languages included
openphpnuke-2.4.9-core.* - OPN without the modules
openphpnuke-2.4.9-modules-full.* - Only the modules complete

There are also update files to update older OPN versions 2.4.8 to 2.4.9: here

Enjoy

The OPN TEAM

Note: the somewhat strange revision number '1138:1142' is based on the fact, that the modul user favorites has been added accidently after finishing the package without checking the version number again.

Additional info: after a successful update please check if the setting for CHMOD for new directories is set to 0777 or 0755. You will find it in Admin - Settings - Filesystem. If there is a wrong value set, OPN will not be able to write new directories (e.g. the cache dirs). Mostly neccessary when you install new moduls.

Posted by golive on 2007-11-01 12:24:54  (28345 * reads) 

comments?      Auf Facebook posten http://www.openphpnuke.com/system/article/index.php?opnparams=CntdOAI3CmdWP1Uz

OpenPHPnuke 2.4.8 available

OPN DEV NewsHello everyone,

the new release of OPN 2.4.8 is out!

There have been some bugfixes and quite a number of new features have been included! Please find all details in our changelog.

All downloads can be found here.
The full version and all the update packages you find under the headline "Zusätzliche Dateien"

Enjoy!
The OPN-Team

Posted by spinne on 2007-09-04 19:53:06  (28180 * reads) 

comments?      Auf Facebook posten http://www.openphpnuke.com/system/article/index.php?opnparams=CntdOAI3CmdWP1U0

OPN 2.4.7

OPN DEV NewsFind the full version here: OPN 2.4.7

openphpnuke-2.4.7-full.* - The whole OPN, with modules and all languages included
openphpnuke-2.4.7-core.* - OPN without the modules
openphpnuke-2.4.7-modules-full.* - Only the modules complete

There are also update files to update older OPN versions 2.4.6 to 2.4.7:here


We recommend to use the *.tgz or *.tar.bz2 files.
These are much smaller than Zip's. Windows can use theses files without trouble:
*.tgz can be handled with Powerarchiver, Winzip or Winrar.
Powerarchiver or Winrar can handle *.tar.bz2 . A pure " tar for Windows" is available as gnuwin32.

The OPN-Team

Posted by spinne on 2007-09-04 19:49:05  (27635 * reads) 

comments?      Auf Facebook posten http://www.openphpnuke.com/system/article/index.php?opnparams=CntdOAI3CmdWP1U1

Changes in Theme Structure in OPN 2.4

OPN DEV NewsThe theme structure was changed in OPN 2.4, so you should be careful when updating your old system and using an own them. We recommend you to install OPN locally and check your theme before uploading to your webspace.

Posted by manne on 2006-12-08 06:38:23  (17658 * reads) 

comments?      Auf Facebook posten http://www.openphpnuke.com/system/article/index.php?opnparams=CntdOAI3CmdWPlU%2F

ATTENTION: security fix available

OPN DEV NewsUnfortunatly some opn-sites has been attacked by a very special exploit. We (the dev team) has been informed by that about 10:30 april 30. After an analysis and first hotfixes the cause is as followed (15:00 april 30):
  • a special weak combination of php settings and opn settings is needed for a successful attack
  • not all opn sites are concerned by that exploit

In your php.ini settings please look for the settings of:
  • register_globals
  • allow_url_fopen


First off:we recommend to enable "Encode the URL-Parameters" in administration-> settings -> security settings

security-fix:
A fixed version of the file "master.php" ist available in trunk and branch. If you do not use subversion there is also a zip file file with the updated master.php available for download:security fix - download

An updated opn package (2.3.5) will be published shortly containing all necessary security fixes. We strongly recommend to update as soon as possible.

At this time we do not have any reports that say the database has been corrupted. It is a direct defacement attack. A successful defacment involves additional files has been uploaded to your webspaces for future attacks of your sites. So a drastic cleanup of your system is needed.

scenario 1: up-to-date backup is available
  • step 1. Remove all (!) opn files from your webserver. It is not possible to just overwrite them since the ftp rights are not high enough to catch them all. The hack gives itself higher acl values to prevent ypu from overwrite them. So you need to delete them to get rid of them.
  • step 2. restore your backup

scenario 2: no backup is available
  • step 1. backup your "mainfile.php"
  • step 2. backup the "cache" directory
  • step 3. if you use a custom theme - backup it.
  • step 4. Remove all (!) opn files from your webserver. It is not possible to just overwrite them since the ftp rights are not high enough to catch them all. The hack gives itself higher acl values to prevent ypu from overwrite them. So you need to delete them to get rid of them.
  • step 5. Upload the current (complete) opn package incl. the security fix
  • step 6. Check your backuped "mainfile.php" for conspicuities and restore it
  • step 7. Check your backuped "cache" directory for conspicuities (look at your local filesystem for files with a timestamp around the attack and remove those files) and restore the directory
  • step 8. Check your backuped theme for conspicuities (look at your local filesystem for files with a timestamp around the attack and remove those files) and restore the directory
  • step 9. adjust the directory rights to the ones named recommended in the documentation


Do not forget to check the "cgi-bin" directory (which in most cases is outside the html directory) for additional files placed by the hack.

Our recommendation:
  • Backup - a continous backup is always a good idea
  • If possible set php.ini setting "register_globals" to "off". (If this is not possible for you, encourage your hoster to do so. If he does not want to do that lookup for a another hoster).

Posted by xweber on 2006-05-01 10:52:55  (44669 * reads) 

1 comment       Auf Facebook posten http://www.openphpnuke.com/system/article/index.php?opnparams=CntdOAI3CmdWPlU0

Browse in our articles

 
Page took 0.28444 seconds to load