This is the way things go : while some people as the GuppY Team build, some other people destroy and try to harm. We give the biggest attention to the security rifts raised by GuppY and correct them by releasing security patches and by adding them in GuppY's successive versions.

Caution

In order to prevent your GuppY site from being "hacked" or "cracked" by disgusting individuals, we invite you to upgrade your site to the latest available release of GuppY.

Please keep also in mind that when you add external yet nice scripts (tagboards, chats, and so on) to GuppY, you take risks. These additional scripts indeed can create safety rifts in your site, which can eventually be destroyed because of them. Some Guppyusers have alas experienced it to their detriment.

Vulnerabilities known and applied solutions

The successive versions of GuppY have been fastly corrected by several safety patches, that we are about to introduce here.

• 09/03/2006 : Vulnerability alireza hassani
  This vulnerability was corrected in the version 4.5.12 of GuppY.
   
• 28/11/2005 : Vulnerabilties rgod
  This vulnerability was corrected in the version 4.5.10 of GuppY.
  » More details here
   
• 03/09/2005 : Vulnerabilties Romano (romano_45@hotmail.com)
  This vulnerability was corrected in the version 4.5.4 of GuppY.
  » More details here
   
• 29/07/2004 : L0rd L4m3R vulnerability
  L0rd L4m3R hacked our website, and he then sent us how he proceeded.
  This vulnerability was corrected in the version 3.0p3 of GuppY.
  » More details here
   
• 06/10/2003 : SA9946 - GuppY Cross Site Scripting and Exposure of Admin Password
  Frog-m@n has been kind enough to study in depth GuppY and of there to find several security rifts, corrected in the version 2.4p4 of GuppY.
  » More details here
   
• 01/10/2003 : SA9889 - GuppY / miniPortail Cross Site Scripting
  This vulnerability has been corrected in the version 2.4p2 of GuppY.
  » More details here
   
• 27/08/2003 : SA9621 - aldweb miniPortail Cross Site Scripting Vulnerability
  This vulnerability has been corrected in the version 2.4 of GuppY. But if your site runs with miniPortail v2.3 (or an older version), you can protect your site by editing the file inc/includes.inc this way :
  Ligne 41 : if (empty($­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­lng)) {
  Ligne 42 : $­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­lng = $­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­lang[0];
  Add just before (above) the line 41 the following code : $­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­lng = strip_tags($­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­lng);
   
• 09/05/2003 : SA8750 - aldweb miniPortail admin access
  This vulnerability has been corrected in the version 2.3 of miniPortail.
  » More details here
  If you have to use this patch, you will have to create at the root of your web space a sessions directory (please respect precisely the breaks » word in small letters and plural). Since the version 2.3 of miniPortail, the source having been corrected, this folder is no longer necessary.