Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - nunoleite

Pages: [1]
1
Feng Office 3 / After update to 3.1.3 permissions problem
« on: April 12, 2015, 08:04:12 am »
Hi!

After the update from 3.1.2.2 to 3.1.3 all my external colaborators lost access to tasks.

Ad as i can see i can only give permissions read/write to documents and time.

Please advise.

Thanks
Nuno Leite

2
Feng Office 3 / Feng Office 3.1.2.2 hacked
« on: April 10, 2015, 03:37:28 am »
Hi!

Tonight my sub domain with Feng Office 3.1.2.2 was hacked. This comunitty version is not very used, it's almost never used. The last thing done was 2 weeks ago when i updated to 3.1.2.2

These files where instroduced:
help.htm   75bytes
help.html   67bytes
info.htm   75bytes
info.html   67bytes
info.php   21.135bytes (i think this is the bad file)
tmp/sh.php   68bytes
tmp/systemscash.php   68bytes

All the content of the sub domain where feng office is where overrided...
Files php and html where written with the content:
<?php
header('Location: xxxxx');
exit;
?>

In my logs the first lines of the attack are these:
5.61.37.14 - - [09/Apr/2015:20:21:56 +0100] "GET /tmp/systemscash.php HTTP/1.1" 200 120 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:21:56 +0100] "POST /tmp/systemscash.php HTTP/1.1" 200 24131 "/tmp/systemscash.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:21:57 +0100] "POST /tmp/systemscash.php HTTP/1.1" 200 28977 "/tmp/systemscash.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:21:57 +0100] "POST /tmp/systemscash.php HTTP/1.1" 200 29611 "/tmp/systemscash.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:23:54 +0100] "GET /info.php HTTP/1.1" 200 120 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:23:54 +0100] "POST /info.php HTTP/1.1" 200 29586 "/info.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:24:06 +0100] "GET /info.php HTTP/1.1" 200 120 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:24:06 +0100] "POST /info.php HTTP/1.1" 200 29586 "info.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:24:07 +0100] "POST /info.php HTTP/1.1" 200 29586 "info.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:24:10 +0100] "POST /info.php HTTP/1.1" 200 9791 "/info.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"
5.61.37.14 - - [09/Apr/2015:20:24:11 +0100] "POST /info.php HTTP/1.1" 200 15635 "/info.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.1.8) Gecko/20060728 Firefox/3.5.8"

And then, continues with the same data for about 5000 lines.

It's weird that it starts with a GET to a file that doesn't existed before.

Do you know anything about this?

Thanks
Nuno Leite

Pages: [1]