Jump to content

How do I know if a website is using 4.4 or 4.5?

SUBRTX

By SUBRTX
in General Questions

 Share

Recommended Posts

xtech Proficient

xtech

Posted
Posted (edited)

In important rule of (cyber) security is: don't expose more than what is strictly needed.

I would deny the access to that file.

What's the point of letting anyone to know what is the version you use? To know if a certain exploit can be used or that a vulnerability is present? You certainly don't want to provide rogue actors that valuable information.

 

Edited by xtech
Link to comment
Share on other sites
CoffeeCake Veteran

CoffeeCake

Posted
Posted
3 hours ago, bfarber said:

No, those files don't need to be web accessible necessarily for the software to run correctly.

Well, they've been relegated to the bowels of 404 then. Thank you. 🙂

We've been on the receiving end of a coordinated attack for the past few days, whose efforts are seemingly trying to cause SQL injections by submitting bad parameters to all sorts of things. They have been pulling these URLs as part of their attack.

We've handled the evildoers through our firewalls, but good reminder to think about what needs to be exposed and what doesn't.

Link to comment
Share on other sites
CoffeeCake Veteran

CoffeeCake

Posted
Posted
6 minutes ago, SUBRTX said:

I'm on 4.4, should I wait for 4.6?! ETA?

You should very carefully test an upgrade to 4.5 on a separate test copy of your 4.4 community. There are many significant changes in 4.4 to 4.5 and if you use any third-party plugins, themes, applications, translations, etc., things may no longer work, or require reengineering.

Going from 4.4 to 4.6 will be at least as painful as 4.4 to 4.5, likely worse. It will include all of the changes from 4.4 to 4.5 and whatever else has been done since then.

Best practice would be to backup your database and file storage before any upgrade, maintain a testing environment, and validate that the upgrade works as expected in test, that your dependencies work as expected, and that any add-ons you have in 4.4 upgrade correctly, and are functioning in 4.5.

If you'd like to do all that in an upgrade from 4.4 to 4.6, the same recommended practices would apply.

Link to comment
Share on other sites
Colonel_mortis Proficient

Colonel_mortis

Posted
Posted (edited)
On 1/29/2021 at 10:24 PM, Jordan Invision said:

I don't quite know what this means but just fyi y'all there is no 4.5.5 - the next release is 4.6 =]

I realise this ship has probably long since sailed, but we're 3 months into 4.5.4, and there's a decent pile of bugs, including a currently unpatched security related one, that have piled up in that time. Is there any chance we can have a 4.5.5 release to fix some of those bugs, rather than watching 4.6 stretch further and further out? I pushed for the features to be included in 4.6 rather than 4.5.5, but I did not intend for that to be at the expense of the timely release of other changes. (I also recognise wanting to give staff a break etc, but we're well into 2021 now, and surely having more bugs fixed would reduce their load anyway?)

Edited by Colonel_mortis
Link to comment
Share on other sites
Square Wheels Experienced

Square Wheels

Posted
Posted
12 minutes ago, Paul E. said:

Depending on your web server, make rules to deny access (404 or 403 errors) the files you don't want served to the public.

Using cPanel, I found Error Pages, I see this as a 404 page, but not sure how to edit it.  I tried adding my page outside of the edit marks, but it didn't block the page.

 

<!-- 
                               
<!-- 
         
--> 

Link to comment
Share on other sites
CoffeeCake Veteran

CoffeeCake

Posted
Posted
15 hours ago, Square Wheels said:

Using cPanel, I found Error Pages, I see this as a 404 page, but not sure how to edit it.  I tried adding my page outside of the edit marks, but it didn't block the page.

 

<!-- 
                               
<!-- 
         
--> 

This would be done most easily by modifying your web server's configuration (apache, nginx, etc.)

If you use an .htaccess file, you could do it here.

This web site uses terms like cPanel and htaccess and may be helpful you get you in the right direction. Replace the extensions they care about with xml and json:

https://www.inmotionhosting.com/support/website/htaccess-prevent-filetype/

 

Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...