CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • IDS Detector Details: etc/passwd&reset=1
Pages: [1]

Author Topic: IDS Detector Details: etc/passwd&reset=1  (Read 822 times)

karunadave

  • I post occasionally
  • **
  • Posts: 50
  • Karma: 0
    • Karuna Dev
  • CiviCRM version: 4.4.4
  • CMS version: Drupal 6.30 or Drupal 7.26 Drush 6.2.0
  • MySQL version: 5.5.35-cll - MySQL Community Server (GPL)
  • PHP version: 5.3.21
IDS Detector Details: etc/passwd&reset=1
September 07, 2013, 08:34:41 pm
I see this in the log and it makes me worry, civicrm\ConfigAndLog\CiviCRM.0df1e6bbfb3eba04b9a452e48155a482.log.201308011200

Is there a way to know if my system is hacked?  Any comments are very appreciated.  Thanks!

Aug 26 20:37:40  [info] $IDS Detector Details = Array
(
   
  • => Array

        (
            [name] => gid
            [value] => ../../../../../../../../../../etc/passwd
            [page] => /civicrm/profile/create?gid=../../../../../../../../../../etc/passwd&reset=1
            [userid] =>
            [session] => FKK07OcuWwtiKybay62GCBwuLJXXT_1feA-K5Qj0ndo
            [ip] => 162.166.146.8
            [reaction] => 0
            [impact] => 30
        )

    [1] => Array
        (
            [name] => IDS_request_uri
            [value] => /civicrm/profile/create?gid=../../../../../../../../../../etc/passwd&reset=1
            [page] => /civicrm/profile/create?gid=../../../../../../../../../../etc/passwd&reset=1
            [userid] =>
            [session] => FKK07OcuWwtiKybay62GCBwuLJXXT_1feA-K5Qj0ndo
            [ip] => 162.166.146.8
            [reaction] => 0
            [impact] => 30
        )

)


Aug 26 20:37:40  [info] $Fatal Error Details = Array
(
    [message] => The requested Profile (gid=) is disabled, OR there is no Profile with that ID, OR a valid 'gid=' integer value is missing from the URL. Contact the site administrator if you need assistance.
   
Code: [Select]
=>
)


Aug 26 20:37:40  [info] $backTrace = #0 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Core/Error.php(315): CRM_Core_Error::backtrace("backTrace", TRUE)
#1 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Profile/Form/Edit.php(117): CRM_Core_Error::fatal("The requested Profile (gid=) is disabled, OR there is no Profile with that ID...")
#2 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Core/Form.php(336): CRM_Profile_Form_Edit->preProcess()
#3 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Core/QuickForm/Action/Display.php(93): CRM_Core_Form->buildForm()
#4 /home/account2/public_html/d7/sites/all/modules/civicrm/packages/HTML/QuickForm/Controller.php(203): CRM_Core_QuickForm_Action_Display->perform(Object(CRM_Profile_Form_Edit), "display")
#5 /home/account2/public_html/d7/sites/all/modules/civicrm/packages/HTML/QuickForm/Page.php(103): HTML_QuickForm_Controller->handle(Object(CRM_Profile_Form_Edit), "display")
#6 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Core/Controller.php(316): HTML_QuickForm_Page->handle("display")
#7 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Utils/Wrapper.php(117): CRM_Core_Controller->run()
#8 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Core/Invoke.php(424): CRM_Utils_Wrapper->run("CRM_Profile_Form_Edit", "Create Profile", (Array:2))
#9 [internal function](): CRM_Core_Invoke::profile((Array:3))
#10 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Core/Invoke.php(258): call_user_func((Array:2), (Array:3))
#11 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Core/Invoke.php(70): CRM_Core_Invoke::runItem((Array:14))
#12 /home/account2/public_html/d7/sites/all/modules/civicrm/CRM/Core/Invoke.php(52): CRM_Core_Invoke::_invoke((Array:3))
#13 /home/account2/public_html/d7/sites/all/modules/civicrm/drupal/civicrm.module(436): CRM_Core_Invoke::invoke((Array:3))
#14 [internal function](): civicrm_invoke("profile", "create")
#15 /home/account2/public_html/d7/includes/menu.inc(517): call_user_func_array("civicrm_invoke", (Array:2))
#16 /home/account2/public_html/d7/index.php(21): menu_execute_active_handler()
#17 {main}

Erik Hommel

  • Forum Godess / God
  • I live on this forum
  • *****
  • Posts: 1773
  • Karma: 59
    • EE-atWork
  • CiviCRM version: all sorts
  • CMS version: Drupal
  • MySQL version: Ubuntu's latest LTS version
  • PHP version: Ubuntu's latest LTS version
Re: IDS Detector Details: etc/passwd&reset=1
September 08, 2013, 11:34:33 pm
It looks like someone has tried to edit/create a profile. Are you aware of any such action?
Consultant/project manager at EEatWork and CiviCooP (http://www.civicoop.org/)

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: IDS Detector Details: etc/passwd&reset=1
September 09, 2013, 01:04:24 am
Not been hacked, but someone/a bot tried. It happens all the time, trying to put "wrong" params to get extra info not meant to be accessible (in that case, trying to get the list of password)

This was stopped at the first layer of defence, but would have been blocked at plenty of other places. I wouldn't worry about these "scriptkiddie" attacks, it's pretty much part of being online.

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • IDS Detector Details: etc/passwd&reset=1

This forum was archived on 2017-11-26.