MonkeyCMS Forum

Go Back   MonkeyCMS Forum > Other MonkeyCMS Discussion > Feature Suggestions > Implemented Suggestions
Reload this Page CRC of index.php?
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-26-2009, 11:17 PM
chrisjlocke chrisjlocke is offline
Super Moderator
  
Join Date: Apr 2007
Location: Essex, UK
Posts: 1,058
Default CRC of index.php?
Don't know if this is possible or not, but is it possible MonkeyCMS can determine the CRC of index.php to determine whether its been hacked or not?

I've just had an email from Google telling me Creapsoft has been blocked as a malware site, and lo and behold, there is some evil Javascript code in index.php which wasn't there before.

I was more wondering how MonkeyCMS could 'detect' these illegal changes to protect others. I'm normally careful about setting the right permissions on files, etc, so will have to check how they got in. Grr.
__________________
http://www.cscomputerservices.co.uk/ | Providing complete computer solutions | Web hosting with MonkeyCMS pre-installed
Reply With Quote
  #2  
Old 05-27-2009, 08:35 AM
Colin Colin is offline
Administrator
  
Join Date: Apr 2007
Posts: 1,614
Default
Yeah - I can add something in there for the next release. I will check the core site-facing files (index.php and content.php) and will set the site to close if there is a problem or mismatch.

It's a nightmare tracking down the source of a hack as they can happen in so many places. Something that results in a file change usually means quite a high level of access to the server as there's no method or code within Monkey itself that can give access to editing of the core files.

Is it a Vidahost box? I wonder if there's a vulnerability in any of the standard packages on there?

Did you keep a copy of the javascript?
Reply With Quote
  #3  
Old 05-27-2009, 09:01 AM
Colin Colin is offline
Administrator
  
Join Date: Apr 2007
Posts: 1,614
Default
1.5.0 beta 1 now has a basic CRC check.

I will be working on improving this over the next few releases to really boost security and protect against hacks.
Reply With Quote
  #4  
Old 05-31-2009, 02:36 PM
Colin Colin is offline
Administrator
  
Join Date: Apr 2007
Posts: 1,614
Default
Is this similar to the problem you had:

http://www.theregister.co.uk/2009/05...web_infection/
Reply With Quote
  #5  
Old 05-31-2009, 06:47 PM
chrisjlocke chrisjlocke is offline
Super Moderator
  
Join Date: Apr 2007
Location: Essex, UK
Posts: 1,058
Default
Sounds similar. It was obfuscated javascript, but I have no idea what the script does. I thought I posted up a link to the code, but it must have been somewhere else.

Its here though:
http://chrisjlocke.co.uk/content.php?contentid=22

Due to the long lines, and justification options, it doesn't display pretty.

Thanks for adding in the CRC checks though. Much appreciated, especially at short notice.
__________________
http://www.cscomputerservices.co.uk/ | Providing complete computer solutions | Web hosting with MonkeyCMS pre-installed
Reply With Quote
  #6  
Old 06-23-2009, 11:04 AM
Colin Colin is offline
Administrator
  
Join Date: Apr 2007
Posts: 1,614
Default
1.5.0-3 introduces the new CRC check. This will generate a new valid CRC on each upgrade and ensures that everyone's installation is uniquely identified.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 04:02 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
© Poisonous Monkey