Message:"Nothing to see here. Move along. This file was created by Fabrik..."

A

archives2

New Member
My system was hacked today. The hacker was kind enough to leave a message that displayed when users accessed the site:
"Nothing to see here. Move along. This file was created by Fabrik. If it is appearing in an unexpected location, the site admin should check the configuration of any file upload elements on Fabrik forms, to ensure that an upload path has been set correctly."
We are running Joomal 3.7.3 and Fabrik 3.5. Before bringing the site up, I wanted to be reasonably sure that this will not happen again.
Is there a problem with form upload path issues that may have been addressed since version 3.5? Or is the hacker just pulling my chain? Apparently, they knew that fabrik was installed, so that's why I'm starting my research here.
Unfortunately, I kinda panicked and deleted everything so there is nothing for you to look at.
 
Yes, a couple of security issues with upload elements were fixed in Fabrik 3.7.

You should update to the latest version of Fabrik.

As you are updating from 3 versions ago (there's been about 3,000 commits on the code since then) I would strongly suggest testing the update on a sandbox first. Use Akeeba to archive your site, install it with Kickstart somewhere, run the update(s) and test functionality.

-- hugh
 
Thank you. I was able to successfully upgrade to fabrik 3.8. Hopefully, the mods made since 3.5 will help avoid this in the future. I do have a question, though. I don't have any forms that provide uploads of any kind. I use the captcha for messages. I know you don't know exactly what happened, but can you help me understand how this was possible, so I can be more prepared?
 
Well, I do know exactly what happened. The bug was that it didn't matter if you had an upload element on any of your forms, the AJAX call that handled AJAX uploads would just go ahead and let an upload happen anyway, to the root folder of your site. That was fixed as soon as we discovered the issue, early this year.

Keeping up to date with Fabrik is just as critical as keeping up to date with Joomla, for security fixes. On the whole, Fabrik is fairly secure - in the same length of time the upload issue was present in Fabrik, about half a dozen equally severe security issues were fixed in Joomla itself, between 2.5 and 3.7. But we do occasionally find nasty issues we have to fix.

Also ... when you do a Joomla "point" update (like from 3.7 to 3.8) you MUST update Fabrik (we always come out with a release to coincide with a J! point release), or you'll lose configuration settings on the backend if you edit and save something which has "repeated" params (like multiple plugins on a form). As of 3.7 we'll warn you if you try and edit anything and don't have the right version of Fabrik. But prior to 3.7, you'd just lose all but the first repeat.

-- hugh
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 102 (members: 2, guests: 100)
    Back
    Top