Elxis CMS Forum
Support => Security => Topic started by: de-active on October 13, 2009, 17:20:55
-
I believe I may be under attack :o- I keep getting this message on my Elxis admin section:
Detected CSRF attack! Someone is forging your requests
So what do I do? Get in the bunker?
Just as well, it's not a production site! ::)
-
First of all, when you type username & password, CLOSE all other websites!!
The CSRF is meaning that you MAY be under "Cross-Site Request Forgery" from other website by many way's.
SO be careful !!!
CSRF FAQ (http://www.cgisecurity.com/csrf-faq.html)
-
Thanks for that ;D
-
My site was attacked too
now on google firefox shows as an attack site
Malicious software includes 15 exploit(s), 8 trojan(s).
Malicious software is hosted on 3 domain(s), including npanelsrv.info/, keymydomains.com/, myndomain.info/.
is there an issue with the software or something that i have to configure :(
-
BE MORE SPECIFIC PLEASE...
YOUR ELXIS VERSION
YOUR SITE URL( write like this Mysite[dot]com we don't want to appear as link)
LIST OF YOUR EXTENSIONS.. ESPECIALLY THOSE FROM OTHER CMS(NOT ELXIS)
WHERE-HOW-WHEN AND WHAT IS HAPPEN TO YOUR SITE
********TO(HAD TO) CONFIGURE IN GENERAL******
REMOVE ALL NON-ELXIS EXTENSIONS
ENABLE DEFENDER
SETUP-SECURE YOUR PHP
CHECK SERVER-FOLDER-FILES PERMISSIONS
ENABLE ADMIN-CLOAK
read this http://wiki.elxis.org/wiki/Category:Security
-
I have deleted all files on the server, do have a backup
doing a fresh install now, my site is hotelsinalbania.net and havent used any third party ext, modules or bots
-
You didn't tell us what version of elxis?
Is your PHP secured (register globals, allow_url_fopen, shell_exec...)?
Did you browse any other site while administering your site?
-
Same thing happened to me twice and I would have reported the case. In fact I had to look well to be sure it was someone else reporting this issue. But in my case I was browsing another site handling links on both occasions. I'll study the situation again.