Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Limesurvey is hacked

Limesurvey is hacked 2 years 4 months ago #81130

  • amisaka
  • amisaka's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 2
  • Karma: 0
I would like to know what are the measures to make the limesurvey more secure. My application was hacked twice and even using a hosting service that restricts the access to the folder.
Could someone please help me out with this issue?

Thanks!
The administrator has disabled public write access.

Re: Limesurvey is hacked 2 years 4 months ago #81136

  • Ben_V
  • Ben_V's Avatar
  • OFFLINE
  • Platinum Lime
  • Posts: 1109
  • Thank you received: 250
  • Karma: 78
Hi,
If your host allows it, for the less you have to set a .htaccess file (at the root of your LS instalation)...
Have a look at apache.org website for details.

If you don't care about a widely universal access... you can set this file to block some wellknown range of IPs or countries

Ben/
Benoît

goo.gl/Bw5iM => Recherche GG dans le forum français (remplacer "exemple" dans la barre de recherche)
goo.gl/WX8PH => GG search for english forum (Replace "example" in the search bar)
goo.gl/IxiGu => Búsqueda en el foro en español (Cambiar "ejemplo" en la barra de...
Last Edit: 2 years 4 months ago by Ben_V.
The administrator has disabled public write access.
The following user(s) said Thank You: amisaka

Re: Limesurvey is hacked 2 years 4 months ago #81146

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6429
  • Thank you received: 839
  • Karma: 249
Hello amisaka,

How do you find/know LS is hacked ?

There are some 'virus' on the net who find your ftp access (see Gumblar for example). LS team can do nothing for that, you have to remove the virus and change your ftp password.

The best is to give the code modification to know the virus/hack used.

Denis
The administrator has disabled public write access.
The following user(s) said Thank You: amisaka

Re: Limesurvey is hacked 2 years 4 months ago #81194

  • amisaka
  • amisaka's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 2
  • Karma: 0
Thanks Denis!
I received two messages, one from rsa.com and another from my hosting service.
I am increasing the security issues on my web applications.

Antonio
The administrator has disabled public write access.

Re: Limesurvey is hacked 2 years 4 months ago #81199

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6429
  • Thank you received: 839
  • Karma: 249
Hello,

Did the message say how your installation are hacked ?

One think you can do is to change CHMOD for some files:

Remove write authorisation for all on all files, after put write authorisation on upload and tmp for your web server user.

You need to put write authorisation for autoUpdate.

Denis
The administrator has disabled public write access.

Re: Limesurvey is hacked 2 years 3 months ago #83027

  • Haap
  • Haap's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 13
  • Karma: 0
Hi all,

My limesurvey installation is also hacked, twice. This means dat some random .js-files have been replaced. In my case this where files in the templates, in the scrips-folder, and so on. It were quite a few changed scripts. I am not sure how this has been possible. Especialy the second time, where I had a 128 character ftp-password. All I can think of is a problem with permissions, due to the comfort-update-thing. But I am not sure about that.

Also, I am not sure what to do next. I don't feel like simply re-installing my limesurvey and wait to start spreading a virus again...

Cheers, Haap
The administrator has disabled public write access.

Re: Limesurvey is hacked 2 years 3 months ago #83028

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6429
  • Thank you received: 839
  • Karma: 249
There are some virus stole your FTP password on YOUR computer (or another computer with your FTP password).

Then :
1: change your FTP passwird.

And could you give some line of javascript ?

Denis
The administrator has disabled public write access.

Re: Limesurvey is hacked 2 years 3 months ago #83029

  • Haap
  • Haap's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 13
  • Karma: 0
Dear Denis (and all others),

I've changed my FTP-password twice. Once after the first attack, and now again. My FTP-password is only stored in an encrypted (2048 bits) file on my computer. That's it. It's not remembered in any browser/ftp-client.

Unfortunately I've deleted all the javascript-files. There are several questionaires online, and a call centre waiting for me to re-enable them. In the rush, I've simply overwriten all corrupted files.

Attached is a file of the virus-warning. It's the best I've got, I'm afraid. I am sorry about that.

Thanks,

Haap

====

Edit: I must add that I've been fooling around with chmod for the comfort-update. I actualy don't know why I've done that (with knowledge of what can happen), and have perhaps set permissions to write (!) to the scripts...
Attachments:
Last Edit: 2 years 3 months ago by Haap. Reason: added the persmissions-thing
The administrator has disabled public write access.

Re: Limesurvey is hacked 2 years 3 months ago #83039

  • holch
  • holch's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 2838
  • Thank you received: 355
  • Karma: 122
It is difficult to know how they hacked your account, if it was via FTP or via another account on a shared server or via the software. Now, you need the thing to run again, right?

What I would do then is to set up Limesurvey in a new server folder, but using the same database. If everything runs smoothly, you can delete all files in the other folder and all infected files should be gone.
Have a look at the manual! It is a really valuable source for information. Here some helpful links:
Manual (EN) | Question Types | Question Attributes | Workarounds

If you found this answer helpful and it saved you some time please consider a donation to the project to keep Limesurvey going!
Last Edit: 2 years 3 months ago by holch.
The administrator has disabled public write access.

Re: Limesurvey is hacked 2 years 3 months ago #83041

  • Haap
  • Haap's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 13
  • Karma: 0
Dear Holch and others,

Thanks for your reply. I have set up the installation twice yesterday. The call centre performing the questionaires had stopped working for the afternoon, so I had some time to fix everything. I first overwrote (is that proper English? ;-) ) the old files with fresh ones from my computer. Somehow this did not fix the problem. So I backed up the database, and sipmly deleted all the files on the server. It has only the limesurvey software installed on it, so that is no problem. After that, I made a fresh installation of the yesterday compiled software, and so far, no infections are found (fingers crossed).

If somehow the installation will become infected again, I will export the entire installation, and post it here. But still, somehow, I hope that it won't be nescesary.

Cheers,

Haap
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Moderators: ITEd
Time to create page: 0.128 seconds
Donation Image