The "Possible Attack" Headache

Zarcon posted 15th of November 2009 in Community Voice. 8 comments.

Ok boonex, I am really glad to see that you are trying to make Dolphin as secure as possible. Well, you did it (claps). Unfortunately, you have disabled the ability to do some of the simplest things such as:


- Edit categories

- Add a simple HTML block (which is actually a feature in Dolphin)

- Edit email templates

- Add OpenSocial URLS

- And so many more (just search the froums)

So here is my questions/requests to you:

1) Can you give us the option to disable the feature causing this? (of course understanding the risks)

2) Can you make it where this feature DOES NOT apply to the Administrator?

3) Can you modify the security feature to not block every little thing we try to do?

Of course, out of the 3 questions above, I would prefer #2 or #3, however I would almost be willing to task a risk for #1 and just add additional precautions to  the join process, commenting, etc.

I do understand that if you have a VPS or a dedicated server, that you can always disable the mod_security feature and not have this issue. But I'm sure not everyone has this ability (at least I don't).

Any feedback or help on this would be greatly appreciated.

P.S. I am NOT downloading that modified security.inc.php file  :)

Thanks,

Chris

 
Comments
·Oldest
·Top
Please login to post a comment.
mauricecano
mauricecano15th of November 2009
 
Add create custom profile fields, unless your editing the profile with custom fields as an administrator, it will cause the Possible attack.
PermalinkReplyPlus0 pluses
mydatery
mydatery15th of November 2009
 
However, we will still have issues with this under the following circumstances:

1. If you modify/upgrade to allow members to create custom profile fields then you'll have issues. D6 is customizable for this (Anton for one has a mod for it).

2. TinyMCE if upgraded will more than likely cause issues. For exmample if you upgrade to TinyMCECompact versus a base TinyMCE the security feature is more than likely not set for this.

3. If you were to install CKEditor (Superior product) then more see more than likely it'll kick also.


We need to take another look at this, currently this has a major issue still that needs to be addressed and we need to look at all the potential issues that can come up and work with them to resolve it across the board.
PermalinkReplyPlus0 pluses
mallorca
mallorca15th of November 2009
 
I for myself wasnt on my site today. And because it is hidden for the public, nothing was done from a human I think. I got around 7 different possible attack emails while doing nothing. Then I got the 8 one and that looks curious for me. Have someone a idea for this one? I copy in:

Total impact: 34
Affected tags: xss, csrf, id, rfe, lfi

Variable: REQUEST.body | Value: 5p72gR <a href=\"http://mqszfeikipzn.com/\">mqszfeikipzn</a>, [url=http://thoygjfifwrn.com/]thoygjfifwrn[/url], see more [link=http://qkqfvtbnyhcj.com/]qkqfvtbnyhcj[/link], http://fnyomuubvtmj.com/
Impact: 17 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

Variable: POST.body | Value: 5p72gR <a href=\"http://mqszfeikipzn.com/\">mqszfeikipzn</a>, [url=http://thoygjfifwrn.com/]thoygjfifwrn[/url], [link=http://qkqfvtbnyhcj.com/]qkqfvtbnyhcj[/link], http://fnyomuubvtmj.com/
Impact: 17 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects url injections and RFE attempts | Tags: id, rfe, lfi | ID: 61

REMOTE_ADDR: 204.62.8.128
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
PermalinkReplyPlus0 pluses
buckmcgoo
buckmcgoo15th of November 2009to mallorca
 
Wow, that is the only one I have seen that was something that needed to be blocked.. it looks like link spam but I don't see what file it was trying to access. It looks like something they would have hit guestbook.php with.
PermalinkReplyPlus0 pluses
AlexT
AlexT15th of November 2009
 
Please report your errors in the forum, all the problems will be investigated and fixed, for exact fixes refer to the ticket:
http://www.boonex.com/trac/dolphin/ticket/1467
PermalinkReplyPlus0 pluses
houstonlively
houstonlively16th of November 2009
 
Now that there are email notifications of hacking attempts, we'll see just how much the bad guys like Dolphin sites.
PermalinkReplyPlus0 pluses
Eli
Eli16th of November 2009
 
Nothing special as i still have possible attack when i add facebook widget script to Html Block in the homepage ! and also the builder profile field in admin area stil loading forever and now i got possible attack if you try to join as couple :)
PermalinkReplyPlus0 pluses
Zarcon
Zarcon16th of November 2009
 
As AlexT has requested, I have started a forum for all of us to log their Attack issues in. Please see the following post:
http://www.boonex.com/unity/forums/topic/Are-you-still-getting-Possible-Attacks-Try-This-.htm
PermalinkReplyPlus0 pluses
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Custom Jobs
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd
SSL
© BoonEx
Home
Features
Pricing
Support
Hosting
About
Demo
PET:0.089112043380737