Announcement

**smiffy** · 24-Oct-2011, 02:23 PM

Originally posted by Laylah View Post

sure, I understand that.

BUT since upgrading to v.10 we have had three further attacks . . . so, we are either in a database somewhere or this forum is is being used as a quick source? [because a robot would ignore us as we are now v.10!]

Either way . . . Actinic are aware of the problem and V.7 or earlier users are vulnerable to this form of attack. As the Hackers gain full access to the web space with full priviliges it is serious a matter. If Actinic won't fix it then upgrade is the only option.

Is this true that hackers can exploit any of the .pl files to gain full access to the web space? I've removed my MF00001.PL files as I though this was the only loophole!

**Darren B** · 24-Oct-2011, 03:02 PM

Originally posted by smiffy View Post

Is this true that hackers can exploit any of the .pl files to gain full access to the web space? I've removed my MF00001.PL files as I though this was the only loophole!

Yes this is possible in the earlier scripts V7 and before. fergus agreed earlier in this thread so i would trust that

**fergusw** · 24-Oct-2011, 03:08 PM

Originally posted by smiffy View Post

Is this true that hackers can exploit any of the .pl files to gain full access to the web space? I've removed my MF00001.PL files as I though this was the only loophole!

The only exploits I have been aware of were a possible XSS injection (Cross Site Scripting) as well as the mailform issue, however these issues were both well documented and resolved with subsequent releases of the software. To my knowledge no up-to-date version (7,8,9,10 or11) of Actinic perl files are open to direct exploitation in this way.

Originally posted by Darren B View Post

changing the ftp passwords

Darren, I had several responses ready for this typo, but sometimes its best to say nothing!

**Darren B** · 24-Oct-2011, 03:11 PM

Originally posted by fergusw View Post

Darren, I had several responses ready for this typo, but sometimes its best to say nothing!

maybe a A Freudian slip

Thought i would get away with editing my post just now but your were here already

**smiffy** · 24-Oct-2011, 03:23 PM

[QUOTE=fergusw;325614]The only exploits I have been aware of were a possible XSS injection (Cross Site Scripting) as well as the mailform issue, however these issues were both well documented and resolved with subsequent releases of the software. To my knowledge no up-to-date version (7,8,9,10 or11) of Actinic perl files are open to direct exploitation in this way.

As far as I'm aware I'm running the most current V7 software, but I've suffered from the mailform issue. Have I missed an update?

**Mike Hughes** · 24-Oct-2011, 03:49 PM

AFAIK

1. The mailform issue is seperate from the cross scripting issues.

2. I'm not sure Actinic fully released V7 with the latest XSS fixes as I think it was sometime after V8 was released. It might have been available by request only from Actinic.

Mike

**dalydesign** · 13-Jan-2012, 11:57 AM

Actinic no longer support v7, so I guess that loophole is not fixed in the latest v7 patch.

We have just had one of our clients v7 sites sending out a few thousand spam emails. Looking at the logs, the MF00001.PL was attacked at the same time (repeatedly executed hundreds of times).

I'm in the middle of upgrading his site to V11, but wont launch till March 1st.

I'll try and change the perl numbers and hopefully that'll delay the bot a little while until they rescan the site.

Announcement

Spam through Contact Us Form

Comment

Comment

Comment

Comment

Comment

Comment

Comment