OXPUS.de

hello

i found the link of this site and download mod 5 in phpbb2.de
this mod is the one of the best mod for phpbb 2
this mod is more powerful than pafileDB and it has support

i have installed this mod
it works like a charm but i seached in configuration
i searched for a place to add forbidden suffixes like php, php3 ,cgi and other
sufixes but i think this download center doesn't have this part
at this time eveybody can upload a php file and run it of server :?
am i right ?

Yes, these files will only be up- and download as each other filetypes, too.
There is no directly execute to any file by the MOD itself.

But you should save the downloads folder via .htaccess for external access. Use the .htaccess file which comes with the mod or create an own one.

thanks ocpus

you mean by having this rules in .htaccess file in downloads folder my forum is completely safe and secure

Code: Alles auswählen

order deny,allow
deny from all
allow from localhost 127.0.0.1

:?:

i checked other similar mod like pafiledb and atachment mod 4.3.2
all of them have that .htaccess file but have a section in control panel for banning some suffixes (uploading php, php3, php4 can be very dangerous at least ban this 3 suffix in default form like attachment mod)

i think it can be a security risk
is it possible for you to add this part in next version 5.0.10

thank you again for your good mod

Okay, a good idea overall.
I'll insert a blacklist for unallowed file extentions on the next release.
This blacklist should be manages via acp for all downloads and will work on upload, download, move and edit the files.

Okay, it's done.
The new release is out now with functions of a blacklist for unwanted file extentions.
Download the release 5.0.10 and have fun.

OH

thank you

its fastest development that i ever seen

keep going friends