CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM (Moderator: Dave Greenberg) »
  • Security vulnerability?
Pages: [1]

Author Topic: Security vulnerability?  (Read 1549 times)

Matt2000

  • I post frequently
  • ***
  • Posts: 288
  • Karma: 27
    • http://www.ninjitsuweb.com
Security vulnerability?
April 09, 2008, 07:38:35 pm
Has anyone else running CiviCRM 1.9 suffered recent security breaches? I've had a serious exploit that allowed the hacker to run arbitrary processes as the apache user, and I'm trying to determine the cause. Drupal and CiviCRM are my only open-source web apps on the server, and I upgraded Drupal to the latest security release shortly after the first breach, but I was exploited again.

Am I alone here? Or has anyone else had troubles.
Drupal/CiviCRM micro-blogging http://twitter.com/matt2000

Ninjitsu Web Development http://www.NinjitsuWeb.com/

Michał Mach

  • Ask me questions
  • ****
  • Posts: 748
  • Karma: 59
    • CiviCRM site
  • CiviCRM version: latest
  • CMS version: Drupal and Joomla latest
  • MySQL version: numerous
  • PHP version: 5.3 and 5.2
Re: Security vulnerability?
April 10, 2008, 01:34:30 pm
Hey Matt,

This looks serious and we would be happy to quickly close any potential holes, taken CiviCRM is the reason of the problem.

A few questions outside of CiviCRM area that might help identify the reason of the exploit:
- did you check potential security holes in Apache/PHP versions that you are using (those are open source apps on your server as well)?
- are you sure that you don't have any other scripts (e.g. some default Apache cgi) installed?

I'm not security expert, so I cannot help with many more suggestions, but hopefully you will be able to find the reason and secure your server soon.

Also, it would be great if others reported any similar cases.

Just for your information, we are a member of OCert (Open Source Computer Emergency Response Team - http://ocert.org/) and didn't have any breach reports through this channel either.

Thanks,
Michał
« Last Edit: April 10, 2008, 02:14:34 pm by Michał Mach »
Found this reply helpful? Contribute NOW and help us improve CiviCRM with the Make it Happen! initiative.

My absolute favourite: Wordpress Integration!.

Donate Now!

Matt2000

  • I post frequently
  • ***
  • Posts: 288
  • Karma: 27
    • http://www.ninjitsuweb.com
Re: Security vulnerability?
April 10, 2008, 02:08:18 pm
Hi,

To clarify, I'm far from certain that CiviCRM is the vulnerability. I also have some third-party custom code, which is currently being reviewed by the author.

System software (PHP & Apache) are regularly upgraded via apt-get from CentOS5 repositories.

I supposed it's also possible that the hacker got in through my out-of-date Drupal, then opened up other entries that were used after Drupal was upgraded after the first incident.
Drupal/CiviCRM micro-blogging http://twitter.com/matt2000

Ninjitsu Web Development http://www.NinjitsuWeb.com/
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM (Moderator: Dave Greenberg) »
  • Security vulnerability?

This forum was archived on 2017-11-26.