| Web server security |  Search
|
|
NowSMS Support Forums ⬆ NowSMS Support - SMS Issues ⬆ Archive through July 14, 2004 ⬆ |
◄ ► |
| Author | Message | |||
| NOWSMS registered user. Unregistered guest |
Help, In preparation for a security report on our LAN I inspected the web server running NOWSMS to see how secure it was. I have found that the web server used by NOWSMS is susceptable to Directory Transversal, i.e access to other areas of the server from the browser window. With a very simple hack I was able to access the boot.ini of the server running NOWSMS. Can you advise how to prevent this happening or at least help me lock down the server without hindering the operation of the software, which apart from this little glitch we are really hapy with. | |||
| Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 2940 Registered: 10-2002 |
Are you running NowSMS v5.50? If not, update to that version. | |||
| NOWSMS registered user. Unregistered guest |
Thanks for the usual swift response. I have downloaded the recommended version 5.5. Can I use the installer to upgrade my current setup or will I have to install a new MMSC from scratch and replicate my settings? | |||
| Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 2953 Registered: 10-2002 |
The installer will upgrade your existing setup. (It's a good idea to backup the NowSMS directory structure beforehand, just in case you need to go back to the previous version.) | |||
