Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. General Support
  4. Security Issue alert(String.fromCharCode(88,83,83))

Security Issue alert(String.fromCharCode(88,83,83))

1 Jun 22, 2022 17:32    

Hello,

Today, while looking at the analysis results, I discovered an idiosyncratic hack attempt (see Fig. 1) - It is likely to be a java injection. (alert(String.fromCharCode(88,83,83)) ) via ?disp=> ?disp=%22%3E%3Cscript%20%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E
Does anyone know whether b2e is secure against such attacks?

(After closing b2e dev there had been some security issues and I don't know, whether this one is out of these)

Would be great if someone can help.

Thanks in advance, Will

Fig. 1

Security Issue alert(String.fromCharCode(88,83,83))
Back to top

2 Aug 23, 2022 09:29

I see you are still using version 6.xx. Just upgrade and use the latest version. (7.xx)

Back to top

4 Nov 25, 2022 12:32

@saunders wrote earlier:

Hello,


Today, while looking at the analysis results, I discovered an idiosyncratic hack attempt (see Fig. 1) - It is likely to be a java injection. (alert(String.fromCharCode(88,83,83)) ) via ?disp=> ?disp=%22%3E%3Cscript%20%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E
Does anyone know whether b2e is secure against such attacks?
...


A well configured ModSecurity, either in Apache or Nginx, prevents these characters from being processed and instead will hand out a 403 (and/or other action you preselect) to those evil clowns. You should be looking at the error log files continuously and update your defense strategy accordingly as those mofos never rest.

Good luck!

Back to top

5 Nov 28, 2022 09:17

@saunders wrote earlier:

Hello,


Today, while looking at the analysis results, I discovered an idiosyncratic hack attempt (see Fig. 1) - It is likely to be a java injection. (alert(String.fromCharCode(88,83,83)) ) via ?disp=> ?disp=%22%3E%3Cscript%20%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E
...


In the snapshot below is the sort of attack a properly configured ModSecurity will halt (by handing out a 403) intercepting it before it is processed by b2evolution (any version). I came across it yesterday and it is but one of the multiple attempts by the nefarious IP -- which belongs to Microsoft -- but which was impersonating the Chinese search engine Baidu in its attempt to cover its tracks:

Back to top


Form is loading...