Host Blacklisted me for suspicious file
Permalink
Hi everyone,
I've spent an hour today back & forth with my hosting provider who blacklisted my IP for this reason:
Your IP address was blocked as it was flagged by our firewall for uploading a potentially malicious file:
/home/cthemete/public_html/kore/concrete/vendor/symfony/console/Resources/bin/hiddeninput.exe
If you are unsure of the contents of this file, it may be infected with malicious content. If this is the case, you will need to perform a full virus scan on your computer to ensure your own computer is not infected.
Has anyone else experienced this with v8.4.3? I'm just getting back to Concrete5 after about two years or so and things have changed a lot.
Thanks
Steve
I've spent an hour today back & forth with my hosting provider who blacklisted my IP for this reason:
Your IP address was blocked as it was flagged by our firewall for uploading a potentially malicious file:
/home/cthemete/public_html/kore/concrete/vendor/symfony/console/Resources/bin/hiddeninput.exe
If you are unsure of the contents of this file, it may be infected with malicious content. If this is the case, you will need to perform a full virus scan on your computer to ensure your own computer is not infected.
Has anyone else experienced this with v8.4.3? I'm just getting back to Concrete5 after about two years or so and things have changed a lot.
Thanks
Steve
I never had any host pick up on that and my computer antivirus also doesn't mind it. It is indeed part of Composer.
Still, for peace of mind, I have contacted the core team about it and they are looking into the matter.
Still, for peace of mind, I have contacted the core team about it and they are looking into the matter.
Just to follow up on this, it seems that at one time someone, somewhere must have been using this filename as a trojan or something which got picked up by some virus scanners (http://www.herdprotect.com/hiddeninput.exe-16cfcdaabf09d7c9bec01397dd2eaa11d4d98f19.aspx) but that particular file is 200+k compared to the authentic file which is ~10k (https://www.virustotal.com/#/file/8fdff52a7430dba14fb97239c7fe414710991f16da269374e0936a1385f3a318/detection). The hash of the file reported as vulnerable at herdprotect.com does not match any known hash of this executable ever distributed by concrete5.
In short, this executable is distributed as part of Symfony and is a legitimate file.
In short, this executable is distributed as part of Symfony and is a legitimate file.
Thanks for the comments guys. I was able to get all the files up and CMS installed on second attempt, once my host was aware of what I was doing and that the files were legitimate.
I've not encountered this kind of blacklisting due to concrete5's files with hosts before myself.
You could let your host know this file is legitimately part of concrete5's libraries, sending them a link like this:https://packagist.org/packages/symfony/console... - you'll see the file referenced in the credits. They might then whitelist that file.
Or, if they are stubborn about it I'm pretty sure you could simply delete the file without it affecting the running of concrete5, it's just for command line stuff. You'd just have to be mindful of updates in the future re-introducing the file.