phpffl.com

[phpffl_jason]

phpFFL 1.25 Released
Download from https://sourceforge.net/projects/phpffl/


IMPORTANT - REQUIRED SECURITY UPGRADE
This upgrade contains security fixes that left unfixed leave phpffl and your server vulnerable. It is required that you upgrade to this version. The changes should be easy to merge with any mods you may have made. All changes relate to the include() and require() functions which generally appear at the top of the files. If you have any questions about merging these changes with your mods please most in the mods forum. [/b]



Changed Files:
admin.php
custom_pages.php
draft.php
faq.php
leagues.php
livedraft.php
login.php
my_team.php
profile.php
signup.php
statistics.php
transactions.php
language\english\admin.php
language\german\admin.php
program_files\admin\custom_pages.php
program_files\common.php
program_files\livedraft\admin.php
program_files\livedraft\livedraft.php


Run Update:
phpffl_updates\1.25\updates.php
All upgrades should run this upgrade script. Just upload it to the root of your
phpFFL installation and run it once through your browser.

NOTE: If you are upgrading from a version prior to 1.20 please see notes for 1.20 upgrade.


Fixes & Updates

- Fixed major security issue. You MUST upgrade the files changed in this version or the security of your install and you server will be at risk. If you have made any mods and aren't sure how to merge them with your changed files post in the mods forum at www.phpffl.com/forums/. The changes made to these files only involve the include() and require() which are generally at the top of the files, so they should be easy to merge.

jason

[phpffl_jason]

Also...we'll probably be making more security updates this week as well so please check back next week for another important upgrade.

[mjcocat]

Other than modified html, what are some signs of an exploited site?

[phpffl_jason]

[zencorners]

Got hacked myself, besides the obvious html file, I had the three files posted in my phpFFL directory: