Just wondering if other people having this problem.
I get this message from my host:
"During a recent security scan we have identified that one or more of your hosted sites show signs of being compromised as they are hosting known, malicious web-based backdoors. Specifically, the following file(s) have been accessed by intruders and have been associated with unsolicited bulk email, denial of service or other abusive activity:"
Two files are named and permission on these files are changed and my website no longer works.
I have compared these files to a download copy from Boonex and they are the same.
Any ideas - the hosting company I use is Dreamhost and I have found these guys (Company) very good and they do provide a very good hosting service.
Are there any known issues with the Boonex script. I just bought this licence last week.
Cheers
Richard
|
Assuming this is Dolphin 7.1.4, there's no known security vulnerabilities that would cause something like this. It's more likely your FTP or cPanel account was compromised I recommend changing any passwords and deleting any unused FTP accounts. Also run a local malware scan in case malware on your computer was the culprit (it happens).
Your host might be able to provide more information on how this happened. But the above is the most likely scenario, as well as the most common reason whenever this happens.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
So what were the two files they claimed were at issue? Geeks, making the world a better place |
Hi,
Thanks for your reply, talked to the host and they have fixed this.
So all is good. They have a bot go through their servers checking for problems and for some reason kept selecting Dolphine. But the files were ok. They are a good host and they helped look into the problem. All is good.
Cheers
Richard
|
My guess is they were saying the two files with the encrypted Boonex license check were the bad ones. Now years ago there WAS a backdoor in the admin that Boonex used to work on peoples sites but they removed it in the next version after someone posted a blog and pointed it out. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
The 2 files they questioned were admin.inc.php and design.inc.php
I doubled checked the code and it matched the code from the original download.
I had added a section to block aol.com email accounts since I got a lot of spammers from this email. But it all worked out.
Cheers
Richard
|
Yup, those are the two files that have the encrypted code to do the license check.. I guess they just assumed that since they had encrypted code they were bad. False positive.
The 2 files they questioned were admin.inc.php and design.inc.php
I doubled checked the code and it matched the code from the original download.
I had added a section to block aol.com email accounts since I got a lot of spammers from this email. But it all worked out.
Cheers
Richard
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
How many years ago?
Now years ago there WAS a backdoor in the admin that Boonex used to work on peoples sites but they removed it in the next version
|
2008.. amazingly enough the blog post is still there lol..
http://nanchatte.wordpress.com/2008/06/23/dolphin-community-site-software-security-backdoor/
How many years ago?
Now years ago there WAS a backdoor in the admin that Boonex used to work on peoples sites but they removed it in the next version
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Yep! I am at DreamHost and have been seeing this now every few days. They seem to be hard to reason with.
Any chance of the new Dolphin pro not containing encrypted code?
|
Yep! I am at DreamHost and have been seeing this now every few days. They seem to be hard to reason with.
Any chance of the new Dolphin pro not containing encrypted code?
This is a good question and my guess at an answer would be no since they are changing the licensing; the license check is encrypted but that won't be used in the future Dolphin Pro versions.
Geeks, making the world a better place |
What kind of server informations can be read out via the backdoors
PHP, Sheel, FTP, Admin Passwords, Member Passwords, Member Profiles?
Thanks for your Time
|
Bump again i dought this is a support forum.
What kind of server and site information can be read out via the license backdoor checks?
PHP, Sheel, FTP, Admin Passwords, Member Passwords, Member Profiles?
A awnser would be great otherwise the script needs to be removed for our server.
Thanks for your Time
|
Site domain name and licence code is sent to Boonex servers for the checking.
What kind of server and site information can be read out via the license backdoor checks?
Rules → http://www.boonex.com/terms |
