e107, Beats windows security by a long shot
Home Downloads Forums Misc Bugtracker Documentation/Wiki Plugins Themes Hosting Reviews
Welcome
Username:

Password:


Remember me

[ ]
[ ]
[ ]
e107 Project Tracker
Changelog Changelog | Stats
Bugtracker Bugtracker
     80 open | 5042 total | Stats
Issue tracking (Jira) Issue tracking (Jira)
Feature Requests Feature Requests
     1376 open | 2144 total
SVN Tree SVN Tree
Released Files Released Files
Download Stats Download Stats
How to get SVN version How to get SVN version

e107 on IRC
freenode.net
For real-time help and friendly chat please join #e107 on the Freenode Network

It's a friendly channel so please drop in and say hello regardless of your e107 or IRC experience

If you're new to IRC please click [here] for an explanantion of what to do.

Web Hosting

eCheck Security Scanner

We all already know what happened to e107.org just because we patched it few ours after the official release of 0.7.17. I'm trying to stay positive - we learned an important lesson, I hope e107 community did the same - a good example of what could happen if you don't apply critical security patch quick enough.

I also spotted first symptoms of panic. They were additionally fed by all kind of security organizations and blog posts, made before we were able to make any kind of statement, because we were busy to fix all current problems and investigate for any additional security vulnerabilities of e107 core (I'm glad the problem came from issue we were already fixed) I'm not angry about this - I know this is the only way of more traffic and popularity (let's call it marketing).

In other hand, I understand the worries of the people using e107 - especially those with less Development/Administration knowledge.

That's why I wrote a small tool and called it (don't ask me why) eCheck Security. I'm not gonna explain what it does here, because I did it already in my eCheck Security PHP tool - find malware on your site Blog post.
I hope this tool will make lot of people feel much more peaceful - at least this was my intention while I wrote it

Cheers

posted by SecretR on Friday 29 January 2010 - 16:01:29


Comments

Tansas on 29 Jan : 17:41

Thank you for your post.

I hope some good news will come soon.

C6Dave on 29 Jan : 17:55

Thanks Miro, I know a lot of what was going on in the background but knew you were all doing your utmost to ensure it was resolved.

eleljrk on 29 Jan : 18:10

I will use e107, what ever hapens!
Nice to see you writing news like this, and I did laught here: "I know this is the only way of more traffic and popularity (let's call it marketing). "

Hope I get hacked one day ^^
And eCheck Security Scanner sounds Friendly in use.

Nowwhat on 30 Jan : 02:28 Member Of The e107 Support Team

SecretR, the download link on your eCheck Security PHP tool - find malware on your site (Download most recent version of eCheck Seciruty here)seems dead (403) - or is it just me ?

mankan on 30 Jan : 02:53

No, I also get the 403 message..

But I must say it sounds like a great tool.

ev on 30 Jan : 04:03

Same here

The download link click to open link in new window

gives the 403 error message

ev on 30 Jan : 04:04

Sorry - this download link gives the 403 - access denied:

click to open link in new window

Fanat1k on 30 Jan : 05:08

set corrent access rights to files and you don't need such scanners at all

SecretR on 30 Jan : 05:31

Sorry guys, wrong permissions, fixed now.

ev on 30 Jan : 06:17

SecretR solved the 443 issue .... thx

Just ran the tool - valuable indeed

cscarlet on 30 Jan : 07:30

Thanks has reinforced I have already resolved my own security issues caused by an old plugin I used years ago that I had left and not removed from my plugins folder

Prozac on 30 Jan : 10:43

Thanks a lot SecretR!

RalphDul on 30 Jan : 11:44

Thanks a lot!! I just ran it and it works great!!

migs on 30 Jan : 12:23

The www version works perfectly well.

EDIT: I've noticed it doesn't give the full path to something it thinks is infected, is this correct? It gives a truncated xxx.php~ path
[ edited 30 Jan : 12:25 ]

Donny on 30 Jan : 21:32

If you gonna make a cli tool, make it perl or python or even bash =_= php cli fail.
[ edited 30 Jan : 21:35 ]

SecretR on 31 Jan : 06:17

Please report any issues on FS Net forums or IRC.
Thanks.

bad_dud on 31 Jan : 06:42

Nice piece of art you made SecretR. It help me to explain why i use exec in part of my new clan manager plugin. Saw that backend.php is noted as suspected due of the word system Thank's alot m8.
[ edited 31 Jan : 11:15 ]

Downunder on 31 Jan : 06:54

Thanks SecretR, everyone running an e107 site should run this to just make sure, it has eased my fears


You must be logged in to make comments on this site - please log in, or if you are not registered click here to signup


All product names mentioned herein are the trademarks of their respective owners. In addition, images, logos, pictures or other material may be trademarks or registered trademarks of their respective owners. Emote images by seb, released under the GPL licence.
Bug Tracking Software
Render time: 0.4876 sec, 0.3989 of that for queries. Memory Usage: 3,147kB