Announcement

Collapse
No announcement yet.

cross scripting

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    cross scripting

    Hi everyone,

    We've had our sites hacked and stopped by Google over the sunny weekend. Running version 8.5.1 - I guess its our fault for not upgrading....

    Is this still a problem with Actinic - with version 9?



    Toby

    #2
    I would definately be interest to know what Version has the holes fixed?

    Comment


      #3
      What did the hackers actually do?

      Are you sure it was hacked through the Actinic scripts? There are a lot of other ways for sites/servers to be hacked, we had for example our account hacked and it was done from the root and nothing actually todo with anything on our site.

      There are also vunrabilities in CPanel, MySql etc which although you may not specifically be using on the Actinic site exist on the server. I would check with your hosts, you may find that other sites on the server were also hacked and they should be able to check the logs to see what and how the hack happened.

      Comment


        #4
        I can confirm that some vulnerabilities were found in Actinic scripts that were fixed in the latest versions. However, as far as I'm aware, we don't know of anyone actually exploiting these vulnerabilities.

        There have been some Actinic based sites compromised recently where the hacker has acquired the FTP logon and password of the site, and has downloaded the index.html file (and sometimes others), inserted some malicious code and re-uploaded. This is typical of the sites that get flagged by Google, so may be the case here.

        So if it's the case, it isn't actually related to Actinic per se.

        The response is to make sure your anti-virus software is up to date, change your FTP password (probably best to always cut and paste passwords in the future to avoid any key loggers on your PC) and completely update the site.

        Chris

        Comment


          #5
          Chris,

          This thread is suggesting that cross scripting vulnerabilities still exist. http://community.actinic.com/showthread.php?t=41937

          Are actinic actively pursuing this to understand the details?

          Mike
          -----------------------------------------

          First Tackle - Fly Fishing and Game Angling

          -----------------------------------------

          Comment


            #6
            There is a discussion on another forum about this, the site was 8.5.3 though, as to how the exploit happened im not sure, could be a keylogger could be the scripts?

            Chris when you say the latest versions is this all V9 or v9.0.4

            Comment


              #7
              I've just checked with our internal guru on this issue.

              As far as we know there are no open cross site scripting issues. There are several suggestions from automated scanners that the scripts are vulnerable but we have investigated these and don't believe it is true. For instance, one says that we are vulnerable to SQL injection, but since the scripts don't use SQL to access a database, it's irrelevant.

              Actinic are however looking at changes to stop these erroneous warnings as they waste everyone's time. However, that's being done at a lower priority than if there was a genuine security issue.

              I can't remember exactly what was fixed when but I believe that all of v9 (certainly from v9.0.2) and v8.5.3 were fully patched for any vulnerabilities.

              Hope that all makes sense, and obviously it's all subject to the usual "this is the best that we know now" caveats.

              Chris

              Comment


                #8
                Thanks Chris

                All the information i have is sketchy aswell, without actually finding a hacker and asking him how he did it its going to be a bit hard to narrow it all down

                Comment


                  #9
                  We (Actinic) tend to get reports on our support line when a site gets hacked, and Google complains, so we have a certain amount of intelligence as a result.

                  There was a case in the last two weeks where one of the very big hosting companies had, as far as we could see, hundreds of sites hacked, a few of which were Actinic ones. The most obvious explanation was the acquisition by the hacker of FTP logons and passwords, possibly via a key logger.

                  We have done some searching and there are a lot of references across the Internet to this problem. For our own internal admin, we've strengthened our passwords (longer and not using any known words or simple variants of known words), installed keyboard scrambler software, started a policy of only cutting and pasting passwords and started scanning for vulnerabilities with more than piece of software, to increase coverage.

                  That's probably not bad practise for anyone.

                  Chris

                  Comment


                    #10
                    Sounds Good and that you are keeping on top of things Chris, Well done
                    Chris Ashdown

                    Comment


                      #11
                      We've been having issues for a month or so with an apparent problem. I've scrubbed all files prior to upload, I've overwritten, refreshed, deleted and started again. I change passwords regularly and it still happens. Been on to Streamline who hosts and they say it's not their system. We're using 9.0.3.0.0.0.IMMA. Have nor taken out alternative hosting with another company to try and keep on top of it. Any advise greatly appreciated.

                      Comment

                      Working...
                      X