Re: Serious holes affecting JFFNMS

[not@themoment.thanks]

Per the following comments...

"Finally, the auth.php PHP script also includes the following code:

if (($jffnms_version=="0.0.0") && ($_SERVER["REMOTE_ADDR"]=="128.30.52.13")) {

which could be considered a backdoor althought it does not appear to be
exploitable in a typical installation."

...it should be noted that 128.30.52.13 is likely the source IP address of the W3.ORG validator.  So perhaps the PHP 
code intends to behave differently during a W3.ORG validation test.