By sire on
How do I locate the version I'm currently running ? I don't remember if I'm already updated to 4.6.3 or whether I'm using 4.6.1 at this point. Is there a file or location in the Admin to find this ?
How do I locate the version I'm currently running ? I don't remember if I'm already updated to 4.6.3 or whether I'm using 4.6.1 at this point. Is there a file or location in the Admin to find this ?
Comments
If you go to the changelog
If you go to the changelog it will tell you what version you are running
--------------------------------------
http://www.stephenhendry.net
good point to ask
-imo answer of this this question should be avaliable on every user among with other useful info in a overview.module where they can get on the default admin section which is not exist
This is in the handbook
This is in the handbook here
http://drupal.org/node/27362 -last paragraph :)
In the Troubleshooting section there are a variety of answers to how to get logon blocks back
http://drupal.org/node/1213
Additional suggestions/handbook pages welcome.
-sp
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
Maybe this should be hidden
Maybe this should be hidden a little better...
See my other comment. It's just a matter of how easy you make life for the script kiddies.
--
Morris Animal Foundation
Various systems (phpBB
Various systems (phpBB notably) have recently removed externally visible version numbers specifically because it helps the script kiddies.
It's not clear to me from your comment if you mean that this should be available only on the admin page or on every user's own page, but I would definitely say "only in a privileged page."
--
Morris Animal Foundation
If you are using Apache, you
If you are using Apache, you can lock out access via htaccess. If you are using IIS, you can use NTFS permissions. Obscurity does not grant security.
It helps the script kiddies how? If they run a script and you haven't updated to the latest version, then you are FUBAR'd, if they run a script and you have the latest version, then you are relatively safe. If they actually develop a version checking in their attck script and you update regularly, then it would seem to lower you profile somewhat.
-sp
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
It helps the script kidides
It helps the script kidides exactly as you have said.
In the case of phpBB2 there was a famous vulnerability in 2.13 or something like that. Scripts were created that exploited this, and then ran on the infected server to do a google search for a string that was specific to phpBB 2.13 to find more targets for them to attack. As a response, phpBB now removes these kinds of identifying strings from their distribution by default.
I know that people can remove them after the fact on their own, but it is better (in my opinion) to have the security settings on by default in the distribution, not something that requires a modification after the fact.
Obscurity does not grant security, but it improves security.
Greg
--
Morris Animal Foundation
One of the ways the phpBB
One of the ways the phpBB script worked was to look for specific characteristics of phpBB. They also just did mass ip sweeps and reverse Google queries. My sites, which has never had phpBB, got hammered for a while with these scripts.
There are a number of characteristics in Drupal sites that are every bit as easy to find as the changelog.txt. Useing these characteristics you can do a variety of Google queries to find Drupal sites. On of the simpler ones would be this but there are better ways to do it with other items.
Again, security through obscurity is, in my opinion, an extremely ineffective approach and one I am not inclined to lose any sleep over.
-sp
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
admin means admin
admin 'page' is anly acessable by admin as the title suggest literally. no public users, users/members or 'script kissies'!?? or , green martians involved.
one might say admin should know already whho is the person already 'possible downloaded and installed the site but again it might not be the case always .. for instance if fantastico intaaled a site or he/she manages many sites etc. what is wrong for a driver not to see his /her cars name and model number on the dashboard?
- mentioning 'dashboard' could be a name for an overview module for drupal
Go to
Go to www.yourdomain.com/CHANGELOG.txt if you installed drupal in the root of your site or www.yourdomain.com/drupalinstall/CHANGELOG.txt if you installed elsewhere. Just replace 'drupalinstall' wth the name you gave.
Incidentally, it is recommended that you change the name of CHANGELOG.txt to SOMETHINGELSE.txt (replace SOMETHINGELSE with your own name) so that hackers don't find out which version you are using and try to exploit it.
1. Login as Admin 2.
1. Login as Admin
2. http://www.example.com/admin/logs/status
That should tell you what version you're running along with other system info.