Results 1 to 2 of 2

Thread: register globals = on ?

  1. #1
    Senior Member gss03's Avatar
    Join Date
    Jul 2003
    Location
    Scotland
    Posts
    725
    Thanks
    6
    Thanked
    28 times in 28 posts

    register globals = on ?

    A client of mine has a ModX website. It got hacked and pulled by it's host.
    With the web designer scurrying now to fix the site to get it live again he told me that "Register Globals" is on.

    Is that a bad thing? - What does that mean really?

    The host won't turn it off globally for the entire server, but has told us that it can be turned off by use of an .htacces file.....but begs the question whether the site is going to get hacked again.....

  2. #2
    YUKIKAZE arthurleung's Avatar
    Join Date
    Feb 2005
    Location
    Aberdeen
    Posts
    3,280
    Thanks
    8
    Thanked
    88 times in 83 posts
    • arthurleung's system
      • Motherboard:
      • Asus P5E (Rampage Formula 0902)
      • CPU:
      • Intel Core2Quad Q9550 3.6Ghz 1.2V
      • Memory:
      • A-Data DDR2-800 2x2GB CL4
      • Storage:
      • 4x1TB WD1000FYPS @ RAID5 3Ware 9500S-8 / 3x 1TB Samsung Ecogreen F2
      • Graphics card(s):
      • GeCube HD4870 512MB
      • PSU:
      • Corsair VX450
      • Case:
      • Antec P180
      • Operating System:
      • Windows Server 2008 Standard
      • Monitor(s):
      • Dell Ultrasharp 2709W + 2001FP
      • Internet:
      • Be*Unlimited 20Mbps

    Re: register globals = on ?

    I would say unless a website can only be hacked by:
    1. Using a vulnerable version of modx
    2. Someone got his password (by any mean) to login to the site / ftp / shell
    3. Someone else's site / ftp / shell account was hacked and that was used to hack your site in the "neighborhood"

    Having register global on should not be a problem if it is a decent CMS. As hacking through register global is considered a vulnerable.
    Workstation 1: Intel i7 950 @ 3.8Ghz / X58 / 12GB DDR3-1600 / HD4870 512MB / Antec P180
    Workstation 2: Intel C2Q Q9550 @ 3.6Ghz / X38 / 4GB DDR2-800 / 8400GS 512MB / Open Air
    Workstation 3: Intel Xeon X3350 @ 3.2Ghz / P35 / 4GB DDR2-800 / HD4770 512MB / Shuttle SP35P2
    HTPC: AMD Athlon X4 620 @ 2.6Ghz / 780G / 4GB DDR2-1000 / Antec Mini P180 White
    Mobile Workstation: Intel C2D T8300 @ 2.4Ghz / GM965 / 3GB DDR2-667 / DELL Inspiron 1525 / 6+6+9 Cell Battery

    Display (Monitor): DELL Ultrasharp 2709W + DELL Ultrasharp 2001FP
    Display (Projector): Epson TW-3500 1080p
    Speakers: Creative Megaworks THX550 5.1
    Headphones: Etymotic hf2 / Ultimate Ears Triple.fi 10 Pro

    Storage: 8x2TB Hitachi @ DELL PERC 6/i RAID6 / 13TB Non-RAID Across 12 HDDs
    Consoles: PS3 Slim 120GB / Xbox 360 Arcade 20GB / PS2

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. where to register a domain name
    By j1979 in forum Networking and Broadband
    Replies: 32
    Last Post: 20-03-2011, 09:48 PM
  2. Cheapest place to register a web address?
    By christiani in forum Retail Therapy and Bargains
    Replies: 25
    Last Post: 27-12-2006, 06:46 PM
  3. Do not call phone register?
    By joshwa in forum General Discussion
    Replies: 17
    Last Post: 22-05-2006, 06:48 PM
  4. Whats the link to register for the free COD2 offer?
    By autopilot in forum SCAN.care@HEXUS
    Replies: 5
    Last Post: 02-12-2005, 02:08 PM
  5. I want to Register!!
    By tgrigg in forum General Discussion
    Replies: 2
    Last Post: 23-04-2005, 10:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •