Announcement

#1 2016-12-06 23:19:14

vikozo
Member
suisse
2016-11-20
41

clean Plugin's

Hello/Hi/Greetings,

@admins
I wonder if the Plugins for Piwigo are checked for safty?

Since i installed Piwigo on my Server and added some Plugins, the mail traffic increased, i try to find out where the mail traffic comes from, would be sad i have to swich off the plugins ....

have a nice day
vinc


Piwigo version: the newest since 2.8.2 / PHP: 5.6.27-0+deb8u1 /  MySQL: 5.5.5-10.0.27-MariaDB-0+deb8u1
Piwigo URL:              http://www.kocher.photos/piwigo/
Lightroom --> Piwigo extensions: https://alloyphoto.com/plugins/piwigo/

Offline

 

#2 2016-12-07 11:44:34

flop25
Piwigo Team
2006-07-06
7037

Re: clean Plugin's

Hello
we cannot check extensions for security flaws etc
you can disable mail for each apache virtualhost https://serverfault.com/questions/72529 … irtualhost ; probably the same feature for nginx


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#3 2016-12-07 18:02:40

vikozo
Member
suisse
2016-11-20
41

Re: clean Plugin's

Hello Flop25
if i do disable nobody would be able to send email with the contact Form, and also the underlaying Joomla would not apreciate it.
But there is not Piwigo-controll-team is ok to know it.

have a nice day
vinc


Piwigo version: the newest since 2.8.2 / PHP: 5.6.27-0+deb8u1 /  MySQL: 5.5.5-10.0.27-MariaDB-0+deb8u1
Piwigo URL:              http://www.kocher.photos/piwigo/
Lightroom --> Piwigo extensions: https://alloyphoto.com/plugins/piwigo/

Offline

 

#4 2016-12-07 19:29:14

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13634

Re: clean Plugin's

I confirm that on piwigo.org/ext there is no moderation "before publish". So yes, anyone can push a plugin with a security failure. But, thanks to our vigilant community, when such a problem occurs, the plugin is fixed quickly.

As far as I can remember, nobody as ever used this to hack some Piwigo. But it's a perfecty legitimate question :-)

I can also give you this tip: if the plugin is available on Piwigo.com, you can be pretty sure it has been reviewed ;-)

Offline

 

#5 2016-12-14 18:37:49

vikozo
Member
suisse
2016-11-20
41

Re: clean Plugin's

after i deactivated 12 Plugins and also needed to deinstall them the spam stopped.
but i don't know which one. sorry


Piwigo version: the newest since 2.8.2 / PHP: 5.6.27-0+deb8u1 /  MySQL: 5.5.5-10.0.27-MariaDB-0+deb8u1
Piwigo URL:              http://www.kocher.photos/piwigo/
Lightroom --> Piwigo extensions: https://alloyphoto.com/plugins/piwigo/

Offline

 

#6 2016-12-15 11:27:11

WuppiGER
Member
Germany
2016-05-31
38

Re: clean Plugin's

vikozo wrote:

after i deactivated 12 Plugins and also needed to deinstall them the spam stopped.
but i don't know which one. sorry

which plugins?

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2023 · Contact