Security Problems
PermalinkRun a scan, it used to tell you where the malware was so you can replace the files.
Can I ask you how it came to your attention that you had a malware problem?
The hosting companies I use will all do this. This will then give you an idea of what files are affected.
I would be more than happy to take a look at this for you. What domain do you have the malware issue on?
Synopsis: A CGI application hosted on the remote web server is potentially prone to SQL injection attack.
Description: By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, SiteLock was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database.
An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.
Note that this script is experimental and may be prone to false positives.
Solution: Modify the affected CGI scripts so that they properly escape argument
We are a small local business--the monthly fee requested by Site Lock is beyond our budget.
Thanks all for the replies.
2. Who is your web hosting company?
3. Do you have a backup of the site before it was attacked?
I actually had this happen with a client that was on wordpress. He did not secure the git-hub repo I created and a hacker saw the source code and was able to to get it.
The not so good news is that concrete 5.6.3.5 is old and has a long list of well documented and known vulnerabilities.
What scares me a lot more is what I have just found on your site, which I am not prepared to discuss on a 'public' forum even amongst friends because you never know who is listening.
I will send this privately as well if you want to know more.
Regards
FS
We do still actively maintain v6 for serious security issues.
Making someone's site slow is not a good gauge of a security threat.
Usually a contact or other type of form which triggers those CGI issues. Let us know what packages you have installed, odds are one of those has a security flaw rather than Concrete5 itself.
As I mentioned I have no tech ability other than using the front end editor. Concrete 5 is the best marketing tool I have found. I have found no local developers who think much of C5, so I always get grief about changing. Site Lock is very pricey, so I posted here to get other opinions as to what direction to take.
I do sincerely thank everyone who has taken the time to respond.
FaganSystems, care to tell us where that list is?
The lists I refer to are
https://www.cvedetails.com/vendor/11506/Concrete5.html...
https://www.cvedetails.com/vulnerability-list/vendor_id-11506/Concre...
5.6 branch is still maintained from a security point of view. It just isn't receiving new feature updates. I don't see anything at all in the one list you posted that indicates a security issue in 5.6.3.5.
If I want the latest features, 8.2.x has them all. If I want stability and cheap and easy development, 5.6.3.5 is still a good bet.
I faced this issue before. I dod the following steps.
1. Move the entire source code to a different server and include only index.html with sample data, test that file for any malware affected from any inner/outer directories.
2. Check config db-table for any malware injected code.
3. Compare the source code with equivalent c5 core using https://atom.io/packages/compare-files...
4. if any mismatches found, replace it with downloaded source code.
5. Run the site in new server for any malwares.
6. Include RSS attack prevention php class .
I recommend compare source code with downloaded c5 core (Version should matches)
Thanks
While I applaud the precaution, I wonder what can be found that can be that worrying simply by visiting a website with no access to its files or dashboard?
I'd love to know and learn something.
I have explained my findings to the site owner, once it has been addressed I would be happy to disclose here.
Sorry for the clock and dagger.
Sure, I can help. Please add me over Skype : cis.victor1 and write me an email " [email protected] "
Regards,
Victor