Why should members vote fore you ?
A few members have told you that there or bad bugs in Oxwall ,and upto date you have not botherd to patch them .
Can you please tell me why you have not brought out any patches ,even though people can take control of admin .
I have not voted for Oxwall too for this reason.
I came across this from Oxwall
Our users informed us about a possible security threat present in all Oxwall versions, including 1.4. We eliminated it and rolled out this unplanned security release. It contains:
Please update to Oxwall 1.4.1, as soon as it’s available for automatic update in your admin area.
Why not oxwall publish what has been changed or updated or fixed in their blogs, so that users will know the real importance..
something related to this thread...
http://www.oxwall.org/forum/topic/6162
Team
SPAM problem is not related to security issues.
With 1.4.1 release we closed the hole that could allow malicious users to hack into the database and to get any user role. We wrote about this while announcing Oxwall 1.4.1, so you should update as soon as possible.
Spam problem is different and is related to the fact that somebody wrote a script that registers users (just as regular ones) and posts blog posts with spam content. Currently there are 2 possible solutions for that:
1) Download and install free antispam plugin for the Oxwall Store.
2) Consider activating mandatory user approval mode to manually let people in.
If you know how to fight spam more effectively, we'd be grateful if you shared your ideas with us. We are ready to work on the solution.
As usual, SPAM is not related to security and is possible for all pieces software.
Thanks,
Emil
Guys,
SPAM problem is not related to security issues.
With 1.4.1 release we closed the hole that could allow malicious users to hack into the database and to get any user role. We wrote about this while announcing Oxwall 1.4.1, so you should update as soon as possible.
Spam problem is different and is related to the fact that somebody wrote a script that registers users (just as regular ones) and posts blog posts with spam content. Currently there are 2 possible solutions for that:
1) Download and install free antispam plugin for the Oxwall Store.
2) Consider activating mandatory user approval mode to manually let people in.
If you know how to fight spam more effectively, we'd be grateful if you shared your ideas with us. We are ready to work on the solution.
As usual, SPAM is not related to security and is possible for all pieces software.
Thanks,
Emil
Hi
I was on about some of the bugs in Oxwall ie members can take control of admin .
regards
TeamIf you mean Paul's report about role management security issue , then yes. It was fixed with the 1.4.1 update, as it's mentioned in blog post:
User Role management security fix;
Team
@Purusothaman
Yeah, we've mentioned it within the blog post. There is no specific full details about this fix especially to safe sites from hack attempts. This is a common practice to avoid publishing specific security bug fixes in details.
Thanks Den
I think if we had a better capcha system this would help to deal with these bots ,the capch type were you can add questions like 4+00000 =
Its a pity that we could not ban certian types of email accounts say hotmail etc
- the support team is very responsive (helpful responses in hours, not days) - and the user community has very little complaints (compared to other solutions).
TeamI think if we had a better capcha system this would help to deal with these bots ,the capch type were you can add questions like 4+00000 =
But wait, Pete, this isn't the right place to discuss antispam strategy. Please, create a separate topic to discuss it deeper.
@Tom
Thanks for sharing your experience with Oxwall. Your words are really important for our team and community. They just confirm that we are on the right way and should move on.
@Purusothaman
I'm totally agree with you. "Open culture" is the next step of Oxwall evolution by involving other developers and contributors into the process. And we should hardly prepare to make the step smoothly and to don't lose control of the product. As that could really destroy it. We are to perform it as accurate as possible even if it requires additional time spending.To be honestly, if the public repo will be open tomorrow, then Oxwall became uncontrolled. Different contributors will be able to commit different code, without any quality approval and affordable developer manuals, interface guidelines and etc. We just don't have enough resources right now to perform it to start in a proper manner. And these are common troubles for a small team which works on an Open Source product hard and prefers to sacrifice time in favor of the quality of product. We just have to finish the current iteration to start to move on.
And great Thanks to the community which connects more and more users around Oxwall, contributes on product and helps each other to sort specific questions.
I know that they're not able to get to everything right away, but this has provided You personally with an opportunity to make money.They do make money out of it from the hosted solutions that they provide. It does not mean if they provide me an opportunity to earn money they are the best. All comments and suggestions said by all is to improve Oxwall.
It's interesting that you're not more grateful for the opportunity Oxwall gives you for making money. I would think you would want to support and promote this community that you are such an active part of.Grateful? Let us see how grateful you are going to be when you post your issues here and waiting for your answers? :P I would request you to view other forums post (not just yours) and see how many does not have any reply from Core team.
