Support (offered by community volunteers) > Using CiviCRM

Security vulnerability?

(1/1)

Matt2000:
Has anyone else running CiviCRM 1.9 suffered recent security breaches? I've had a serious exploit that allowed the hacker to run arbitrary processes as the apache user, and I'm trying to determine the cause. Drupal and CiviCRM are my only open-source web apps on the server, and I upgraded Drupal to the latest security release shortly after the first breach, but I was exploited again.

Am I alone here? Or has anyone else had troubles.

Michał Mach:
Hey Matt,

This looks serious and we would be happy to quickly close any potential holes, taken CiviCRM is the reason of the problem.

A few questions outside of CiviCRM area that might help identify the reason of the exploit:
- did you check potential security holes in Apache/PHP versions that you are using (those are open source apps on your server as well)?
- are you sure that you don't have any other scripts (e.g. some default Apache cgi) installed?

I'm not security expert, so I cannot help with many more suggestions, but hopefully you will be able to find the reason and secure your server soon.

Also, it would be great if others reported any similar cases.

Just for your information, we are a member of OCert (Open Source Computer Emergency Response Team - http://ocert.org/) and didn't have any breach reports through this channel either.

Thanks,
Michał

Matt2000:
Hi,

To clarify, I'm far from certain that CiviCRM is the vulnerability. I also have some third-party custom code, which is currently being reviewed by the author.

System software (PHP & Apache) are regularly upgraded via apt-get from CentOS5 repositories.

I supposed it's also possible that the hacker got in through my out-of-date Drupal, then opened up other entries that were used after Drupal was upgraded after the first incident.

Navigation

[0] Message Index