[arm-allstar] IMPORTANT UPDATE - Supermon/Allmon2 security and feature update
Doug Crompton
wa3dsp at gmail.com
Thu Feb 15 18:19:12 EST 2018
There has been a major security update to BOTH Allmon2 and Supermon and in
addition BOTH programs have been updated to the latest versions. The
current and all past versions have serious security issues when running
either of these programs exposed to the Internet. Whether or not you run
theses programs outside of your local LAN ALL allmon2 or Supermon users
should update and use the new code as soon as possible.
The standard hamvoip update - ADMIN menu item 1 - will update both of these
programs.
All user password and ini files are preserved in these updates however
there are a couple of caveats.
In Supermon the global.php file no longer exists. Users need to re-enter
their call, name, and location into the new global.inc file.
The Allmon2, allmon.ini.php and Supermon, allmon.ini files BOTH REQUIRE
a 'menu=yes' in each stanza to display that stanza. Leaving that out or
making it 'menu=no' will turn off the display of that stanza. This is
different than Allmon2 outside of the hamvoip release and prior versions of
Supermon. We wanted to maintain compatibility between the two programs in
the hamvoip release.
Allmon2 has been updated to the latest version with the exception that it
retains the old menu=yes|no and required yes to display as noted above.
The Supermon code has been very much updated!!! It is now Supermon 6.0+
There are MANY enhancements and changes. The howto on the hamvoip.org web
page has been updated to reflect these enhancements and changes. It is *very
important* for users to read the howto for all updated information. Here is
a direct link to the howto -
https://hamvoip.org/supermon_howto.pdf
When you load it be sure to refresh your bowser as it may be retaining an
old version.
PLEASE NOTE that both Allmon2 and Supermon will not work properly with
Microsoft browsers. Firefox, Chrome, etc. work fine.
Thanks to all who found and helped fix the security bug. Users should still
employ common sense when it comes to security. Use strong passwords and
only make pages available to the outside world when necessary. A future
release will include user access control which will allow a sysop to
control access to specific functions on a user by user basis.
I think you will like the new features that both of these programs offer!
Thanks to Paul, KN2R, Dave, KB4FXC, Tim, WD6AWP, for program updating and
Neil, M0NFI who pointed out the security issue.
*73 Doug*
*WA3DSP*
*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
More information about the arm-allstar
mailing list