Quote from: eagleshout at Nov 09, 2006, 02:51 AM
FORTUNATELY the sites that ModX was installed on were testing sites because I had two sites defaced in 24 hours. Where’s the documentation that could have prevented this . . . nested in the forums!!!!
Point well taken eagleshout. The documentation needs to be more prominent and organized. That’s one of the reasons there’s been a Wiki project in the works. If you have a better idea how to present essential information like this, please share it with the team.
Quote from: eagleshout at Nov 09, 2006, 02:51 AM
Here’s an excerpt from my hosting company which had the sense to monitor the email injection permitted by ModX and stop it after only a few minutes:
Correction -- MODx itself did nothing in regards to your mail injection. A 3rd party package which is included with MODx had a vulnerability that allowed a malicious hacker to upload files to your server. For that the MODx team should (and does) take responsibility for not auditing 3rd party code that we distribute. You on the other hand may want to ask your hosting company why register_globals was turned on for your PHP install to enable this situation?
Quote from: eagleshout at Nov 09, 2006, 02:51 AM
The SCRIPT vulnerabilty referred to here was in ModX . . . yes even after the install was deleted.
See my comment above again. In context, what you’re saying is simply inaccurate. I understand you’re upset (and rightfully so), but let’s not paint with too broad of a brush here, shall we?
Quote from: eagleshout at Nov 09, 2006, 02:51 AM
When is ModX going to stop calling itself a "CMS" or even a "development platform" and get real!!!! You folks are obviously leading others down the path of death and destruction with your BS.
Wow. I don’t even know what to say. I am going to assume that emotion got the better of you and you let loose in our direction. Otherwise, if you really talk like that in your every day life, well I am going to assume that perhaps your future lies in....let’s say....less professional fields.
Quote from: eagleshout at Nov 09, 2006, 02:51 AM
Oh yeah, and why NOT keep this topic on the run by moving it from one topic to another. That keeps the DOCUMENTATION shell game so much more interesting!
Are you implying that the MODx admin deliberately hid this information from people? Sorry, your random capitalization throws my context parsing out of whack. Not sure where you’re going with that anyway....
BTW I find it interesting that your signature is a quote from Lorca. Didn’t he also say "Besides black art, there is only automation and mechanization"? And that’s what we’re dealing with here my friend -- automation and mechanization, Mistakes will and do happen. You can choose to be constructive and communicative in these issues, or you can choose to vent and alienate people. Your choice.