Disclaimer: I am NOT a web programmer, nor am I a PHP expert. In preparation for FRC season, I decided to do some maintenance of the quiz website where I have hosted FRC rules quizzes for the past two years. Apparently Webtester has two(or more) major security holes. I discovered at least 12 different malicious files uploaded, and at least two other major problems on my site. I’m going to document here what I did to fix my copy of Webtester (version 5.1.20101016), since I haven’t really found a better tool for the way I want to host quizzes. I’m taking two approaches to this: Closing known holes (Google for “WebTester 5.x Multiple Vulnerabilities” to see a few detailed reports), and obfuscating obvious things. At least one of the attacks made an attempt at getting the details of any blog software I use, but I think the randomized table prefix […]

Read more