NeoJoomla - Cross Site Scripting attack

Cross Site Scripting attack

Forums

3182 Posts in 750 Topics by 15553 Members
Latest Member: varagar varagar

Forums

Products - English

Extensions

NeoRecruit

Cross Site Scripting attack

« previous next »

Pages: [1]

Author

Topic: Cross Site Scripting attack (Read 1335 times)

rocco bertels

Newbie

Posts: 3

Cross Site Scripting attack

« on: February 21, 2008, 02:20:08 PM »

Just wanted to let you all know that our website (with NeoRecruit 1.4.3) has been under css attack and was used to send thousands of unwanted emails.
They used the NeoRecruit component to get in, but it was also made possible through a "allow_url_fopen setting" in the php.ini file.
Apparently most providers do not activate this setting, but unfortunately ours did.

All is back to normal now, but be aware of the possible risk!

Rocco


	Logged

Raphael

Administrator
Hero Member

Posts: 1082

Re : Cross Site Scripting attack

« Reply #1 on: February 24, 2008, 06:45:22 PM »

Hello Rocco,

We made some security modifications in the version 1.4.4, did you update your component ?

And are you sure the problem comes from the component ? We protected the component from the CSS attacks since the version 1.4.0.

Regards,


	Logged

rocco bertels

Newbie

Posts: 3

Re: Cross Site Scripting attack

« Reply #2 on: March 03, 2008, 10:12:45 AM »

Raphael,

according to our provider's support service, it was the Neorecruit component that was responsible, but of course they could be wrong.

I e-mailed you the same day as my original post in this forum asking if you could send me the files to upgrade to 1.4.4, but didn't receive an answer.
Is it possible to send me the 1.4.4 files so I can upgrade our site?

Thanks,

Rocco