Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Advanced Poll - Security Problems  XML
Forum Index » Support Forum
Author Message
[Post New]26/08/2008 17:04:02
    Subject: Advanced Poll - Security Problems
[Up]
Johnny
Newbie

Joined: 26/08/2008 16:48:48
Messages: 3
Offline
Hello, I have been using Advanced Poll on my website without any problems for several years now, but this month it all went wrong.

My first problem is that I noticed that scam e-mails were being sent from my e-mail account (I should know, I was getting all the mail delivery errors!). I was told by the host that this often happens, and I should just sit it out, which isn't easy when you're getting 10,000 a day! It also isn't easy when the next week Site5 disabled my site for 'SPAM/UCE reasons'. I told them my story and they re-enabled the site, but told me to up security.

I had a root through the Advanced Poll directory and found several odd files, including one containing an unknown script titled 'InboX Mass Mailer'. Not thinking anything of it, I just deleted the lot and then went on holiday.

I then came back to discover that the day I left Site5 had completely disabled the site, this time because it was hosting two phishing scams - one at /polls/image/customer.html and one at /polls/lang/e-online-banking/update.html. I told my story, and after a while they deleted the files themselves and activated the site. They also confirmed for me that all of this month's problems arose because of security issues within Advanced Poll, although they're unwilling to help any further and say that it's an issue which I have to take up with you.

So there we go, is there anything I am unaware of? I am using version 2.03, but I have temporarily removed the Advanced Poll directory from the site as a precaution, although I still have it saved on my PC if it's of any use to you.

Other than that, PLEASE HELP!

Thanks!
[WWW]
[Post New]26/08/2008 19:00:56
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
You neglect to say which version of th epoll you are running.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]26/08/2008 19:02:51
    Subject:
[Up]
Johnny
Newbie

Joined: 26/08/2008 16:48:48
Messages: 3
Offline
Hi,

I am using Advanced Poll 2.03. Thanks.
[WWW]
[Post New]26/08/2008 19:30:43
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
http://proxy2.de/scripts.php

You will see that the current version is 2.0.8 which should fix the exploit they used on you.

It is always best practice to check on the scripts you use to see if there are new versions.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]26/08/2008 19:32:56
    Subject:
[Up]
Johnny
Newbie

Joined: 26/08/2008 16:48:48
Messages: 3
Offline
OK, I'll try that then thanks.

I installed the script through Fantastico which still says I am using the newest version, that'll be why I didn't know I was out-of-date.

Thanks again.
[WWW]
[Post New]26/08/2008 19:35:15
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
As you have just discovered Fantastico sucks when it comes to having the latest scripts. Let your host know that the fantastico version is the reason you were exploitable so if they want to blame anyone they should blame Fantastico and themselves.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum