Main
Index 		Search
Posts 		Who's
Online 		Log
In

Home: Discontinued/Classic Products: Article Manager 2:
Artman viruses

 
 


WebFire
User

Mar 24, 2010, 11:38 AM

Post #1 of 8 (5906 views)
Shortcut
Artman viruses Can't Post
Seems almost all of my Artman 1 websites are getting hacked with malware. Anyone else experiencing this?


Donna
Staff / Moderator


Mar 24, 2010, 1:13 PM

Post #2 of 8 (5904 views)
Shortcut
Re: [WebFire] Artman viruses [In reply to] Can't Post
Hi there,

We haven't had any reports of this happening.

Do you have any other software on those sites? Because some Article Manager directories have full write permissions, if someone can gain access through any other program, they can write to Article Manager directories (or any other directory with write permissions.) So, something can appear to be related to Article Manager, while actually being the fault of another script. (This actually happened to me once with an outdated version of Wordpress on an entirely different domain than where the malware actually appeared. Drat!)

If you'd like us to take a look into it for you, feel free to fill out a support request:

http://www.interactivetools.com/support/email_support_form.php

Donna

--
support@interactivetools.com


WebFire
User

Mar 24, 2010, 1:16 PM

Post #3 of 8 (5903 views)
Shortcut
Re: [Donna] Artman viruses [In reply to] Can't Post
In Reply To
Hi there,

We haven't had any reports of this happening.

Do you have any other software on those sites? Because some Article Manager directories have full write permissions, if someone can gain access through any other program, they can write to Article Manager directories (or any other directory with write permissions.) So, something can appear to be related to Article Manager, while actually being the fault of another script. (This actually happened to me once with an outdated version of Wordpress on an entirely different domain than where the malware actually appeared. Drat!)

If you'd like us to take a look into it for you, feel free to fill out a support request:

http://www.interactivetools.com/support/email_support_form.php

Hi Donna.

All 3 of my existing Artman 1 sites got the malware, and none have other software.


Donna
Staff / Moderator


Mar 24, 2010, 2:09 PM

Post #4 of 8 (5901 views)
Shortcut
Re: [WebFire] Artman viruses [In reply to] Can't Post
Definitely unusual. Feel free to fill in a support request, we can take a look. :)

Donna

--
support@interactivetools.com


Dave
Staff / Moderator


Mar 24, 2010, 2:25 PM

Post #5 of 8 (5899 views)
Shortcut
Re: [WebFire] Artman viruses [In reply to] Can't Post
>All 3 of my existing Artman 1 sites got the malware, and none have other software.

There's no known vulnerabilities with Artman 1 or 2, but if another user on your host got hacked it's possible that was the entry point and they compromised the entire server (and all the sites on it).

Go to: Setup Options > Server > Publish Dir and click "Browse...". If you are able to browse up above your web folder and into other users web folders it means your web host hasn't configured their security properly and that would be another possible reason (but not the only one).

I'd recommend checking with your host to see if any other users have had the same issue.

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com
 


WebFire
User

Mar 25, 2010, 8:03 AM

Post #6 of 8 (5879 views)
Shortcut
Re: [Dave] Artman viruses [In reply to] Can't Post
Thanks for the replies!

I got one cleaned up. I am fairly certain it is being exploited through the 777 permissions. I had an Artman 2 site that within weeks was being defaced, and after changing permissions it hasn't happened in over a year.

Which leads me to a question: what can I do about it? If I change permissions, they can't edit their site, which renders Artman useless.

Thanks!


Dave
Staff / Moderator


Mar 25, 2010, 11:01 AM

Post #7 of 8 (5839 views)
Shortcut
Re: [WebFire] Artman viruses [In reply to] Can't Post
Hi WebFire,

Depending on how the host is configured you may be able to lock down the permissions even more. Try these in order until you find one that works: 755, 775, 777.

If, after you've setting the lowest permissions you can that work, you still get hacked then you might want to consider a different host.

Remember that "Browse" button I mentioned before? We used to get a lot of complaints that our software was insecure because people could browse all over the server. But it wasn't us, it was web hosts that had bad security, you shouldn't be able to get into another users folder, even if the files in that folder are writable.

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com
 


WebFire
User

Mar 25, 2010, 1:23 PM

Post #8 of 8 (5781 views)
Shortcut
Re: [Dave] Artman viruses [In reply to] Can't Post
Thanks. I'll give that a try. The Artman 2 was on a different host. We'll see what happens.