Search…

X3 Photo Gallery Support Forums

Search…
 
kram66
Topic Author
Posts: 14
Joined: 31 May 2009, 00:32

securimage.php

21 Sep 2017, 00:59

I just received a message from my ISP stating my site had been hacked. How can we protect ourselves from this?

x3/panel/filemanager_assets/securimage/securimage.php: zeroscience 
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Hacked

21 Sep 2017, 01:16

kram66 wrote:x3/panel/filemanager_assets/securimage/securimage.php: zeroscience
I am not quite sure from reading the above how this file is claimed to be hacked. Has anything changed on your website? Has this file been changed? To be honest, I don't think so. For your information:
  • I am not sure what you are referring to ": zeroscience". Inside this file, there is a comment: "- Fix XSS vulnerability in example_form.php (discovered by Gjoko Krstic - <gjoko@zeroscience.mk>)". My guess is that your host's virus scanner has somehow evaluated this file as a "threat" (because of the comment/content), although it is not.
  • This file (and it's folder /securimage/) are not even used in X3 (they don't display anywhere), and will be removed soon.
  • How and when was this file hacked? There are no backdoors to "write to files" of any kind in X3, apart from the PANEL, which requires login of course. Even on login, security in the panel will prevent writing/editing anything else than image files etc (not PHP).
  • Even if this file was hacked (which I doubt very much), it would likely be from another application on your website, or even from an old X2 installation. I doubt it is hacked though.
  • What date was this file hacked? Likely it has the same file date (view FTP) as the other files in the folder, which means it's not hacked.
Please send me FTP login, and I will diagnose your website to see if anything is compromised. Or at least send me a copy of the securimage.php so I can validate it.

Unless I can confirm that your website has been hacked through X3 (unlikely), I will eventually rename the title of this post from "Hacked", because it is misleading to new and existing users.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Hacked

26 Sep 2017, 01:10

Any progress with this? I didn't receive any reply, or the allegedly compromised file "securimage.php" to validate.
 
kram66
Topic Author
Posts: 14
Joined: 31 May 2009, 00:32

Re: Hacked

03 Oct 2017, 02:17

I sent you a private message with a file attachment! Let me know if you haven't got this?
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Hacked

03 Oct 2017, 08:37

kram66 wrote:I sent you a private message with a file attachment! Let me know if you haven't got this?
No. When did you send that? I received last PM from you on 21st September, which I replied to.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: securimage.php

04 Oct 2017, 04:56

kram66 wrote:I just received a message from my ISP stating my site had been hacked. How can we protect ourselves from this?
x3/panel/filemanager_assets/securimage/securimage.php: zeroscience 
Since "Hacked" is a sensitive topic, here is an update:
  • After receiving and diagnosing the file in mention, I can confirm that it has NOT been hacked. It is the original unaltered securimage.php file, provided in the X3 installation, and is part of the public securimage PHP library.
  • Although this library earlier had "vulnerabilities", they do not apply for X3's version of securimage (see securimage changelog).
  • Securimage.php is in fact not used at all in X3, and was just dormant. It has been entirely removed in pending release X3.24.0.
I can't see any reason to believe the website has been hacked. If it has, I don't see any reason to believe it's done through X3. We can't protect your website from any other applications you may have installed.