#1817 - External links to website flagged as hacking attempt following to upgrade to 9.0.18

By Guest
Added 7th Mar 2015, 2:54 AM
4 views

Identifier	#1817
Issue type	Minor issue (breaks specific functionality)
Title	External links to website flagged as hacking attempt following to upgrade to 9.0.18
Status	Completed
Handling member	PDStig
Addon	General / Uncategorised
Description	Following the upgrade to version 9.0.18 clicking on links to the website from other external website links or banners opens the suspected hacking attempt page instead of the site home page. Its possible that this problem occurred with the 9.0.17 upgrade and I'm just noticing it with the 9.0.18 upgrade installation. These external website links to the site have worked properly for years and have not been modified. The site is currently running Composr ver 9.0.18.
Steps to reproduce	Place a link to your website (ie: "http://www.yoursitename.com") on some other external website. click that link and instead of the site home page the following error page comes up: "The website software has detected what may be a hacking attempt. Please do not be alarmed, and unless you are really trying to hack the website, nobody will question you. Please do not click refresh though or you could be automatically banned. If you got here via a link, please inform the link maintainer of the problem." Paste that same link into the browser address bar and it opens the site home page just fine.
Additional information	My site name has a dash "-" in the name. I would not expect that to make a difference. Just noting this in case its related to the issue.
Funded?	No
Commits	b52ae6d

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 7th Mar 2015, 4:01 AM

What does the hack attack notification say? It may have been emailed to admins, otherwise can be found in the Admin Zone > Audit > Security > Security logging

By Guest posted 7th Mar 2015, 4:07 AM

This seems like a terrible bug. I have done a code analysis, and I think it could be happening, but only if the user clicking the link is logged in, which at least mitigates things slightly. I think the security report would say "A POST request by an authenticated member was made from an external website"

By Guest posted 7th Mar 2015, 4:59 AM

Bug reproduced and fixed. Affects any external domain, for a logged in user. Hotfix coming soon.

By Guest posted 7th Mar 2015, 5:21 AM

Automated response: Links from external domains clicked by logged in users, generate false-positive hack-attempt alert

A nasty bug got into the input filter changes in 9.0.17, and continued in 9.0.18.

Composr blocks form posting from external sites; however this filter is running when Composr picks up a default value internally-defined against a potentially-posted parameter, rather than only for an actually-posted parameter. This means that logged-in users clicking a link from an external domain name, get a suspect-hack-attempt notice.

By Guest posted 7th Mar 2015, 6:11 AM

9.0.18 has now been re-released due to this serious issue. We will continue to have this hot-fix against 9.0.18 for the benefit of users who upgraded before we re-released. This hot-fix is the only difference between the original version, and the re-release.

By Guest, By Guest, posted 7th Mar 2015, 9:14 AM

Thanks Chris. The hotfix worked on my end and now all the external links to the website are working properly. Thanks for pulling the patch together. Resolution of issue confirmed.

By Guest posted 8th Mar 2015, 9:26 PM

The hotfix worked for me as well, however I have doubts the code pushed correctly to 9.0.18 . I was aware of this issue, and was aware you resolved it and attempted to re-release 9.0.18 with it. And at the time I have not upgraded yet. However after upgrading to 9.0.18 , someone got a hack message for doing just this, and I had to apply the hotfix.

By Guest posted 9th Mar 2015, 6:42 AM

Thanks for letting me know. I have just fixed our upgrader generator system to auto-expire pre-built upgrade packages if a re-release happens. Sorry about that, I hadn't considered it.

Users online: Details	PDStig , 589 guests Usergroups: Core Developer
Forum statistics:	6K topics, 17K posts, 1K members Our newest member is carlmax Birthdays: superfaresca greentrans

#1817 - External links to website flagged as hacking attempt following to upgrade to 9.0.18

Rating

Comments

Statistics