Web server security

Web server security SearchSearch

SMS & MMS Technical Forum » NowSMS Support - SMS Issues (Product Support Only) » Archive through July 14, 2004 » Web server security « Previous || Next »
Author Message
NOWSMS registered user.
Unregistered guest
Posted on Tuesday, June 29, 2004 - 12:44 pm:   

Help,

In preparation for a security report on our LAN I inspected the web server running NOWSMS to see how secure it was. I have found that the web server used by NOWSMS is susceptable to Directory Transversal, i.e access to other areas of the server from the browser window. With a very simple hack I was able to access the boot.ini of the server running NOWSMS.

Can you advise how to prevent this happening or at least help me lock down the server without hindering the operation of the software, which apart from this little glitch we are really hapy with.
Bryce Norwood - NowSMS Support
Board Administrator
Username: Bryce

Post Number: 2940
Registered: 10-2002
Posted on Tuesday, June 29, 2004 - 07:58 pm:   

Are you running NowSMS v5.50?

If not, update to that version.
NOWSMS registered user.
Unregistered guest
Posted on Wednesday, June 30, 2004 - 04:01 pm:   

Thanks for the usual swift response. I have downloaded the recommended version 5.5. Can I use the installer to upgrade my current setup or will I have to install a new MMSC from scratch and replicate my settings?
Bryce Norwood - NowSMS Support
Board Administrator
Username: Bryce

Post Number: 2953
Registered: 10-2002
Posted on Wednesday, June 30, 2004 - 04:47 pm:   

The installer will upgrade your existing setup.

(It's a good idea to backup the NowSMS directory structure beforehand, just in case you need to go back to the previous version.)

Login Login / Register Logout Logout Search Last 30 Days Topics Topics