Opened 6 years ago

Closed 6 years ago

#10419 closed Task (wontfix)

Hackers trying to hack my websites using CKEditor

Reported by: ranc2 Owned by:
Priority: Normal Milestone:
Component: General Version: 3.6.3
Keywords: Cc:

Description

Hello,

Not sure this is the right place to report this issue, but I feel it is very important and relevant to all users and CKEditor developers.

I'm using CKEditor (3.6) in many of my (asp.net) websites, hosted in shared servers (OVH Europe).

I've noticed lately that dozens of times a day we get requests from Chinese IPs (e.g. 61.140.247.187 - we have no Chinese targeted users) -trying, I guess, to exploit some vulnerabilities in CKEditor.

Example:

domain.com/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/1.asp

Change History (2)

comment:1 Changed 6 years ago by Wiktor Walc

To report security issues it's better to use CKSource contact form, select "Security reports" there.

I'd like to ask you to grep the log file and send us (info@cksource.com), if possible, the full history of connections to "/FCKeditor/editor/filemanager/browser/default/connectors/" (grep the full log file). Maybe they are trying to reuse some old exploit.

If the file is quite big, please put it somewhere on your server and send us the link so that we could download it.

comment:2 Changed 6 years ago by Wiktor Walc

Keywords: hacking removed
Resolution: wontfix
Status: newclosed

@anyone: The issue has been moved from a public tracker to a private support channel. In case of security reports, always use the contact form.

The issue reported here was a generic problem with scanners run by hackers, that are scanning websites looking for known vulnerabilities in an outdated software.

Whatever applications do you use, make sure to update them regularly to stay safe.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy