View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 1817 | Composr | General / Uncategorised | public | 2015-03-07 07:54 | 2015-03-09 10:42 |
| Reporter | Guest | Assigned To | Guest | ||
| Priority | normal | Severity | minor | ||
| Status | resolved | Resolution | fixed | ||
| Summary | 1817: External links to website flagged as hacking attempt following to upgrade to 9.0.18 | ||||
| Description | Following the upgrade to version 9.0.18 clicking on links to the website from other external website links or banners opens the suspected hacking attempt page instead of the site home page. Its possible that this problem occurred with the 9.0.17 upgrade and I'm just noticing it with the 9.0.18 upgrade installation. These external website links to the site have worked properly for years and have not been modified. The site is currently running Composr ver 9.0.18. | ||||
| Steps To Reproduce | Place a link to your website (ie: "http://www.yoursitename.com") on some other external website. click that link and instead of the site home page the following error page comes up: "The website software has detected what may be a hacking attempt. Please do not be alarmed, and unless you are really trying to hack the website, nobody will question you. Please do not click refresh though or you could be automatically banned. If you got here via a link, please inform the link maintainer of the problem." Paste that same link into the browser address bar and it opens the site home page just fine. | ||||
| Additional Information | My site name has a dash "-" in the name. I would not expect that to make a difference. Just noting this in case its related to the issue. | ||||
| Tags | No tags attached. | ||||
| Attach Tags | |||||
| Attached Files | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
What does the hack attack notification say? It may have been emailed to admins, otherwise can be found in the Admin Zone > Audit > Security > Security logging |
|
|
This seems like a terrible bug. I have done a code analysis, and I think it could be happening, but only if the user clicking the link is logged in, which at least mitigates things slightly. I think the security report would say "A POST request by an authenticated member was made from an external website" |
|
|
Bug reproduced and fixed. Affects any external domain, for a logged in user. Hotfix coming soon. |
|
|
Automated response: Links from external domains clicked by logged in users, generate false-positive hack-attempt alert A nasty bug got into the input filter changes in 9.0.17, and continued in 9.0.18. Composr blocks form posting from external sites; however this filter is running when Composr picks up a default value internally-defined against a potentially-posted parameter, rather than only for an actually-posted parameter. This means that logged-in users clicking a link from an external domain name, get a suspect-hack-attempt notice. |
|
|
Fixed in git commit b52ae6d (https://github.com/chrisgraham/Composr/commit/b52ae6d - link will become active once code pushed to github) A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). |
|
|
9.0.18 has now been re-released due to this serious issue. We will continue to have this hot-fix against 9.0.18 for the benefit of users who upgraded before we re-released. This hot-fix is the only difference between the original version, and the re-release. |
|
|
Thanks Chris. The hotfix worked on my end and now all the external links to the website are working properly. Thanks for pulling the patch together. Resolution of issue confirmed. |
|
|
The hotfix worked for me as well, however I have doubts the code pushed correctly to 9.0.18 . I was aware of this issue, and was aware you resolved it and attempted to re-release 9.0.18 with it. And at the time I have not upgraded yet. However after upgrading to 9.0.18 , someone got a hack message for doing just this, and I had to apply the hotfix. |
|
|
Thanks for letting me know. I have just fixed our upgrader generator system to auto-expire pre-built upgrade packages if a re-release happens. Sorry about that, I hadn't considered it. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-02-26 18:29 | Chris Graham | Category | General => General / Uncategorised |
