Announcements

Greetings OTLand members.

It has come to my attention that XAMPP comes with a security flaw which is exploited through the use of the WebDAV (C:/xampp/webdav) folder. A hacker could upload scripts with malicious code onto your website (a shell for instance or a DoS script), thus gaining full access to the website's files and sometimes on the entire server. Since TFS users have their database credentials in config.lua this, by extension, could give the hacker root access to the database of...

 

I've recently seen alot of users getting hacked, so I've used some of my free time to look into this and I found a "security vulnerability" in phpMyAdmin which comes with XAMPP. The control user pma comes with an empty password as default, and XAMPP does not alert the user about this.

I'm not going to explain in details how you can take advantage of this vulnerability, but to explain it in a single sentence: the user pma has more permissions than it should have.

NOTE: The...

 

Recently it was found, there's an important security hole in POT (for newbies: Gesior/Unnamed AAC uses it) which displays database connection information. Here's a fast solution for XAMPP users from Xampy, which everyone using POT for their AAC should apply:

(...) I will tell you how to prevent hacks in your server:

MySQL Users
Go to C:\xampp\htdocs\pot and open the file OTS_DB_MySQL. Go to line 96~ and:
Change:

        // PDO constructor...

 

Hello,

I've noticed that the last few days people are making new accounts and posting viruses and other programs that will ruin your computer, I've made this thread to warn people about it and how to avoid getting those annoying viruses and other malware.

<If you don't trust>
First of all, if you want to download something then look who posted it.
-If it's some one below 20 posts becareful mostly people with low posts are posting viruses.
-Read the messages below, since...