I had some security issues on my photoblog (www.paolofusco.com/index.php (http://www.paolofusco.com/index.php)). at every access an alert from the antivirus for the presence of trojan virus which seem to be related to wmf files. I've re-uploaded my image-template.html file and the problem seems fixed now..
I'm not a html expert so, is there anything else I should do? how can I prevent future events like this?

thank you all,

Paolo

i haven't got a clue what wmf files have to do with pixelpost. do you have wmf files elsewhere on your server? i read about ulnerabilites with internet explorer and wmf files before but i still can't see how this could be related with pixelpost.

that's a good question! I went on new year's eve vacation and on the way back found this problem.. I didn't know and still don't know if I have wmf files, but the problem seems to be related to the presence of wmf files..

wmf are windows media files, generally video files. Pixelpost doesn't support video files unless you're using a modified version.

Perhaps someone has injected some HTML code in your page. What are the files chmodded to?

wmf are windows media files, generally video files. Pixelpost doesn't support video files unless you're using a modified version.

Perhaps someone has injected some HTML code in your page. What are the files chmodded to?

Chmodded? I told you i'm not an expert....

Well you can set permissions on a file. One set is for the owner, one is for the group and one is for the world.

If the permission on your templates files are 777 that means full rights to owner, group and world. The first two of the three groups are not a problem, but writing permission for the world could mean someone injects (changes) the code in your template.

For instance a hidden part linking to a wmv exploit homepage somewhere on the web.

Well you can set permissions on a file. One set is for the owner, one is for the group and one is for the world.

If the permission on your templates files are 777 that means full rights to owner, group and world. The first two of the three groups are not a problem, but writing permission for the world could mean someone injects (changes) the code in your template.

For instance a hidden part linking to a wmv exploit homepage somewhere on the web.

the permissions are set to 755 on all files, so this doesn't seem to be the problem..

thanks for your help

wmf are windows media files, generally video files. Pixelpost doesn't support video files unless you're using a modified version.

Perhaps someone has injected some HTML code in your page. What are the files chmodded to?


no, wmv means "windows media video", this are video files.

but wmf means "windows metafile" and is a graphic file format.

greets, sem

I stand corrected :D