b2 - a classy weblog tool ::

[project page / test blog] [login] [register]

[ This is a test blog, with posts about the development of b2, and comments ]

[ Bugs/suggestions ? Check the Forums ! ]

19.07.01

big security flaw in b2

i had installation problems a few moments ago and i realised that b2install.php is on my monkey.dayzero directory. this can be a great security flaw because it simply overruns all existing settings and posts and makes a new copy of b2. this also means that all accounts are wiped out and the admin user and pass becomes the default.

this is worrying. for those of you who're using b2, please DELETE b2install.php from your ftp server after installation. if you can't remember your password you can upload it back and do a clean reinstallation, or request michel to do this password sending thing. thank you.

alternatively, you can chmod the install.php file to something else (like 755) or request yet another feature on b2: for the install.php file to auto delete itself after installing.

i would request this to be reflected in the b2 readme.
ian @ 17:40:25 778
7 comments, 11 trackbacks, no pingback

:: pingbacks

No Pingback on this post so far.

:: return to the blog

[powered by b2.]

archives
march 2004
january 2004
december 2003
november 2003
october 2003
july 2003
june 2003
may 2003
march 2003
november 2002
october 2002
september 2002
august 2002
july 2002
june 2002
may 2002
april 2002
march 2002
february 2002
january 2002
december 2001
november 2001
october 2001
september 2001
august 2001
july 2001
june 2001

What is b2 ?
A classy news/weblog tool (aka logware).

How does it work ?
You type something and hit "blog this" and in the next second it's on your page(s). You can write extended entries, or even entries that span multiple pages. You can also use BloggerAPI clients to post to your b2 weblog.
What's original in b2 ? Pages are generated dynamically from the MySQL database, so no clumsy 'rebuilding' is involved. It also means faster search/display capabilities, and the ability to serve your news in different 'templates' without any hassle.

Requirements ?
A server that can run PHP4, and a MySQL database (you can install b2 in an already existing database, and you can put several b2's in one database).

Where can I download it ?
b2 0.6 is the latest public release.
You can also visit the CVS server for the latest code, at your own risks.
See the ReadMe file for requirements and installation instructions.

Contact info ?
E-mail: m@tidakada.com
Forums: over there. :)

Post categories:

Search:

They are powered by b2:

( 10 random blogs, out of 592 )

phonation
Webfroot
this is my sundown
Dia a dia con Fabiana
gidgetx.com
[A-B-Z]
Journalized
wishing star
xero - arm the homeless
Dr. Curmudgeon's Blog

See the complete list there.
(List last updated 03.11.2002)

e-mail me when you install b2 on your site, include your URL to be linked here.

Recently updated b2 weblogs:

1. Krabbels
2. Syn Raziel's Neoprene
3. indiboi
4. InterNey.Net
5. BLOGGED
6. Revolutionary
7. Xeeozees.com
8. iBabble
9. Dragonchasers
10. PhotoMatt
11. Poets Corner
12. pure-essence.net
13. Davezilla
14. Michael’s Weblog – cyberbrain
15. 180° Shift
16. shanestyle
17. Alicia Keys Fan - Live News
18. DroLLery
19. glutnix.com
20. muso
21. Journalized
22. tank green dot com
23. turtelina.net
24. Simply Sara
25. A Bird’s Melody
26. up so close
27. chachacha.co.uk
28. Chicks with Sticks
29. WuMarkus.COM
30. bootrecords.com
31. dille schreeuwt het van de daken
32. Webfroot
33. et alia
34. svenrox.com
35. Monosyllabically
36. Scream Sophie Gig Journal and Weblog
37. a hundred indecisions
38. Ellipsis [...]
39. Fantasy Log
40. Hokey Mokey
41. Moonberry
42. nimrodel.net
43. GamerZ Homepage
44. Yummy Pi
45. SITC.COM LOLOLOL
46. Blogsherf
47. eternos.org
48. love-always

To be included in that list whenever you post to your weblog, please use b2 v0.6 or later, and then e-mail update@tidakada.com with: your site's name, URL, e-mail, and a password. You will then receive an e-mail with an ID string that you'll have to paste in your b2config.php file. And then you'll be linked there :)