[support] IRC Hacking Files
Morbus Iff
morbus at disobey.com
Thu Dec 15 19:09:40 UTC 2005
> The CPanel on my host only offers up to 4.6.3.
Is that the version you actually had installed? 4.6.3 was released August
14, 2005 (http://drupal.org/drupal-4.6.3) - if you installed your Drupal
site BEFORE that time, then you were not running the latest security
fixes, and it may still be possible that you're susceptible to an XML-RPC
exploit. For now, a reasonable workaround is to:
* delete the xmlrpc.php file in your Drupal directory.
While this does nothing to prevent the bugs fixed in 4.6.4 and 4.6.5 of
Drupal, it will specifically stop any XML-RPC vulnerabilities, at the
expense of removing the ability to receive updates for blogging
applications (per the blogapi.module).
If you have further concerns or questions regarding the security of your
site in regards to Drupal, please contact security at drupal.org - the
support list isn't the best place for this.
--
Morbus Iff ( you are nothing without your robot car, NOTHING! )
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
O'Reilly Author, Weblog, Cook: http://www.oreillynet.com/pub/au/779
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
More information about the support
mailing list