+1-888-365-2779
Try Now
More in this section

Forums / Security / sitefinity installation exploited

sitefinity installation exploited

12 posts, 0 answered
  1. Mar
    Mar avatar
    8 posts
    Registered:
    04 Apr 2007
    01 Dec 2010
    Link to this post
    One of my sites running on sitefinity 3.2 community edition was compromised this last week where the hacker uploaded a bunch of corrupted files to the web server.  DiscountASP.net (hosting provider) came back with this link that explained the exploit.  I have restored the site using a backup but how can I make sure that this doesn't happen again.

    http://www.exploit-db.com/exploits/15563/
    I am not in a position to upgrade that version of sitefinity.

    Pratik
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    01 Dec 2010
    Link to this post
    Hello Pratik,

    You must have received an email form us with a fix to the issue. We sent it to all user with downloads of Sitefinity 3.x.
    If you have not received this email open a support request or bug report and I will attach the code there.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Mar
    Mar avatar
    8 posts
    Registered:
    04 Apr 2007
    01 Dec 2010
    Link to this post
    Thanks for such a prompt response.  In my sitefinity account, I don't see an option to open a bug report or support link for sitefinity. It lists all the other products from Telerik.

    Should I just open this for RadControls for ASP.NET AJAX?

    Pratik
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    01 Dec 2010
    Link to this post
    Hi Pratik,

    You should receive an email to the email account associated with your registration here.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Mar
    Mar avatar
    8 posts
    Registered:
    04 Apr 2007
    01 Dec 2010
    Link to this post
    I am getting the attached errors.
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    01 Dec 2010
    Link to this post
    Hi Pratik,

    1. You are missing a resource key
    2. Please check the email I sent you where I explained when you might get this error.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. Mar
    Mar avatar
    8 posts
    Registered:
    04 Apr 2007
    01 Dec 2010
    Link to this post
    1) is resolved
    2) didn't notice the CAPS.  I thought you meant to use the full reference which it was using already.  Change the lowercase to uppercase for CMSAccess and it works.

    Thank you for being so prompt in your responses.
    Pratik

  8. jelliott24
    jelliott24 avatar
    1 posts
    Registered:
    15 Jul 2008
    05 Jan 2011
    Link to this post
    I too had my Sitefinity 3.2 site compromised on DiscountASP.net, but was unaware the fix had been emailed to me. Could you please provide me with the fix to the issue by sending the files to the email address associated with this user? Thank  you.
  9. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    05 Jan 2011
    Link to this post
    Hello jelliott24,

    I sent a email to you from Client Service.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  10. Developer
    Developer avatar
    1 posts
    Registered:
    22 Jun 2008
    24 Jan 2011
    Link to this post
    hi Ivan, we bought two licenses of Sitefinity 3.x but I did not see an email with the 3.x service package updates when I ran a search on my mailbox.

    I tried to open a support ticket but it won't let me because our support ran out, how can I get the SPs please?

    Thanks,
    Noel Saw
  11. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    26 Jan 2011
    Link to this post
    Hello,

    Please contact our sales department directly to check your account and purchases. They will see what you are allowed to download.

    Best wishes,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  12. Bob
    Bob avatar
    1 posts
    Registered:
    27 May 2008
    23 Apr 2012
    Link to this post
    Hi,

    We are running SiteFinity 3 Community Edition and just got hacked by this exploit  in Feb 2012! We were not aware of any fix nor did i get an e-mail. Can you send me the fix via e-mail as well? Or better yet, you post the information for all to see? I have been searching Forums for close to an hour just to find this thread. These kinds of exploits (and their solutions) should get much better visibility on your site & forums.

    Thanks, Bob
Register for webinar
12 posts, 0 answered