Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Limesurvey is hacked

Re: Limesurvey is hacked 2 years 3 months ago #83251

  • Haap
  • Haap's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 13
  • Karma: 0
Dear all,

After yet another infection, I have made a complete copy of my httpdocs. It can be found, zipped, in my dropbox (I'm sorry for the slow connection). Also, one of the infected scripts I have attached to this post.

I still don't have a clue about how this got to my server, and why it happened thrice by now. There are (at least) three possible problems:
  • File permissions. The installation wiki and the wiki are not clear about that
  • A hack of my ftp-account (for the third time in a row, with a 256 character password)
  • A virus on the webserver that hosts my limesurvey


The infected survey_runtime.js.
Last Edit: 2 years 3 months ago by Haap. Reason: Cannot attach scripts..
The administrator has disabled public write access.

Re: Limesurvey is hacked 2 years 3 months ago #83278

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6451
  • Thank you received: 844
  • Karma: 249
Yop:
blog.unmaskparasites.com/2012/06/22/runf...om-domains/#more-883

Update (June 23, 2012): Thanks to everyone who left comments. The problem seems to be really in Plesk. Axel found traces of the attack in Plesk access logs. The attacker logged in and used file manager’s editor to modify .js files. Axel blames the Plesk vulnerability (versions before 10.4 are affected) found earlier this year and suggests that server admins fix it: kb.parallels.com/en/113321 and reset passwords for all plesk accounts:
Are you on a plesk server ?

Denis
The administrator has disabled public write access.
The following user(s) said Thank You: Haap

Re: Limesurvey is hacked 2 years 3 months ago #83315

  • Haap
  • Haap's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 13
  • Karma: 0
Yes, I am on a plesk server. I will contact my sysadmin...

Edit: and of course: I will keep you all posted.

My hosting provider knew about this problem, but stated that he had updated the plesk-software. However, he is checking it out, and will report back to me.
Last Edit: 2 years 3 months ago by Haap. Reason: ISP != hosting provider
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Moderators: ITEd
Time to create page: 0.098 seconds
Donation Image