READ ENTIRE POST
I made a mistake in the previous blog post to not mention this: you need to delete all of the old ZEND ENCRYPTED files before uploading the new version. We need to remove all traces of the old files because the security vulnerability exists in them.
The new version of the prosper202 software has less files. So when you upload this version, because there are less files than the previous versions, it will not delete all of the old files. This means there will still be files remaining that have the old zend encpytion on them, which are a security vulnerability. So you need to delete all of the old files and then upload the new unencrypted files.
The Prosper202 1.1.2 release is the same as the 1.1.1, but I needed to change the version so everyone would re-download the files, and make sure they follow the installation instructions exactly. This is to fix the issue security vulnerability described: ---HERE---, which if you have not read, you need to read.
AGAIN YOU NEED TO DELETE ALL OF THE OLD ZEND ENCRYPTED FILES BEFORE UPDATING TO 1.1.2. YOU CAN DO THIS BY WIPING OUT THE DIRECTORY AND INSTALLING FRESH, THE INSTRUCTIONS CAN BE FOUND HERE.
Please also note that Prosper202 is now fully open source
anxiolytic on Oct 31, 2008 at 9:47am
Great news. Now add it to GitHub!
Kevin on Oct 31, 2008 at 12:11pm
Do we need to upload the new files in Binary mode?
Also if we are using shared hosting and our just using the initial domain under public_html do we need to completely delete all the files there like:
cgi-bin
_private
_vti_cnf
etc?
Or do we just delete P202 files?
Thanks
Wes Mahler on Oct 31, 2008 at 12:32pm
No you do not have to upload in binary mode any longer, delete all the prosper202 related .php files, you could leave the files that were there already unless your not using them, might as well get raid of them all
Samuel on Nov 01, 2008 at 1:01am
That was an easy upgrade, done it under 10 minutes, thanks.
Brendan on Nov 03, 2008 at 11:09pm
Hey Wes. I just started using prosper202 about a month ago and everything was working fine. After the new update however I get a "403 Forbidden" when i click my links for direct link. I tried reinstalling my mysql database, made new links and it seems like the program is working fine(internally), but when I try to click on my redirect it just doesn't work."403 forbidden"Do you have any idea on what my problem is. Here is exactly what it says:
FORBIDDEN
You don't have permission to access /tracking202/redirect/cl2.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Thanks man and sorry to bug ya!
Wes (MasterlessSamurai.com) on Nov 05, 2008 at 12:56am
To hopefully further protect the growing 202 community...I posted some ideas on how to lock down your Prosper202 installation.
http://masterlesssamurai.com/ppc/tips-tricks/prosper202-self-hosted-apps-10-best-practices-to-securing-your-prosper202-installation/
Peter on Nov 27, 2008 at 10:57am
Hi Wes,
I just installed prosper202_1.2.0, and I've got the same problem as Brendan:
"You don't have permission to access /tracking202/redirect/cl2.php on this server."
I'm on a standard Reseller Hosting of Hostgator.com, so nothing exotic here.
Maybe do I have to add a php.ini in order to overrule some server-wide php settings? If yes, which ones?
Thanks for a quick answer
Peter
Wes Mahler on Nov 27, 2008 at 11:39am
It seems to be a mod_security issue, turning it off should fix it I believe. This has been an issue with hostgator after they turned it on I believe.