Opened 11 years ago
Closed 11 years ago
#10419 closed Task (wontfix)
Hackers trying to hack my websites using CKEditor
| Reported by: | ranc2 | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | General | Version: | 3.6.3 |
| Keywords: | Cc: |
Description
Hello,
Not sure this is the right place to report this issue, but I feel it is very important and relevant to all users and CKEditor developers.
I'm using CKEditor (3.6) in many of my (asp.net) websites, hosted in shared servers (OVH Europe).
I've noticed lately that dozens of times a day we get requests from Chinese IPs (e.g. 61.140.247.187 - we have no Chinese targeted users) -trying, I guess, to exploit some vulnerabilities in CKEditor.
Example:
domain.com/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/1.asp
Change History (2)
comment:1 Changed 11 years ago by
comment:2 Changed 11 years ago by
| Keywords: | hacking removed |
|---|---|
| Resolution: | → wontfix |
| Status: | new → closed |
@anyone: The issue has been moved from a public tracker to a private support channel. In case of security reports, always use the contact form.
The issue reported here was a generic problem with scanners run by hackers, that are scanning websites looking for known vulnerabilities in an outdated software.
Whatever applications do you use, make sure to update them regularly to stay safe.
To report security issues it's better to use CKSource contact form, select "Security reports" there.
I'd like to ask you to grep the log file and send us (info
@cksource.com), if possible, the full history of connections to "/FCKeditor/editor/filemanager/browser/default/connectors/" (grep the full log file). Maybe they are trying to reuse some old exploit.If the file is quite big, please put it somewhere on your server and send us the link so that we could download it.