Quote:
Originally Posted by borked
{debug}
|
This tells you about errors and what smarty calls to make. You can not call everything from the debug menu into a nats template. It isn't a security issue of any kind.
MYSQL has nothing to do with this, nor protecting mysql. The IP lock feature is within the Admin area and instantly stopped this attack from happening.
Quote:
Originally Posted by SmokeyTheBear
it would only take 2 seconds to look and see obvious non-human logins in the nats admin but they missed that for months right .. if you dont look for things they are hard to see .. if they were smart enough to steal the master nats passwd list and build software to remotely retrieve data on a daily basis from numerous sponsors , it doesn't seem a far stretch they would do something as simple as edit a template and drop in a few backdoor scripts incase the admin ever found out the password list was compromised. infact i would think that would be the very very first thing they would do..
|
Looking at the logins vs looking at discolored admin templates which never flip ownership, really stands out in NATS. Logins, not so much.
You can't do anything with the templates, you can't execute, upload, backdoor anything. They are nothing more than text files, executed as text/html.
The password list is TMM admin accounts on NATS. Not ALL NATS admin accounts or any other admins, webmasters, ect.. Only the TMM admin accounts were breached.