Forums

Skip Navigation LinksHome / Developer Network / Forums / Sitefinity Older Versions (3.x): Security > sitefinity installation exploited

sitefinity installation exploited

Feed from this thread
  • Pratik avatar

    Posted on Dec 1, 2010 (permalink)

    One of my sites running on sitefinity 3.2 community edition was compromised this last week where the hacker uploaded a bunch of corrupted files to the web server.  DiscountASP.net (hosting provider) came back with this link that explained the exploit.  I have restored the site using a backup but how can I make sure that this doesn't happen again.

    http://www.exploit-db.com/exploits/15563/
    I am not in a position to upgrade that version of sitefinity.

    Pratik

    Reply

  • Ivan Dimitrov Ivan Dimitrov admin's avatar

    Posted on Dec 1, 2010 (permalink)

    Hello Pratik,

    You must have received an email form us with a fix to the issue. We sent it to all user with downloads of Sitefinity 3.x.
    If you have not received this email open a support request or bug report and I will attach the code there.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

    Reply

  • Pratik avatar

    Posted on Dec 1, 2010 (permalink)

    Thanks for such a prompt response.  In my sitefinity account, I don't see an option to open a bug report or support link for sitefinity. It lists all the other products from Telerik.

    Should I just open this for RadControls for ASP.NET AJAX?

    Pratik

    Reply

  • Ivan Dimitrov Ivan Dimitrov admin's avatar

    Posted on Dec 1, 2010 (permalink)

    Hi Pratik,

    You should receive an email to the email account associated with your registration here.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

    Reply

  • Pratik avatar

    Posted on Dec 1, 2010 (permalink)

    I am getting the attached errors.
    Attached files

    Reply

  • Ivan Dimitrov Ivan Dimitrov admin's avatar

    Posted on Dec 1, 2010 (permalink)

    Hi Pratik,

    1. You are missing a resource key
    2. Please check the email I sent you where I explained when you might get this error.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

    Reply

  • Pratik avatar

    Posted on Dec 1, 2010 (permalink)

    1) is resolved
    2) didn't notice the CAPS.  I thought you meant to use the full reference which it was using already.  Change the lowercase to uppercase for CMSAccess and it works.

    Thank you for being so prompt in your responses.
    Pratik

    Reply

  • jelliott24 avatar

    Posted on Jan 4, 2011 (permalink)

    I too had my Sitefinity 3.2 site compromised on DiscountASP.net, but was unaware the fix had been emailed to me. Could you please provide me with the fix to the issue by sending the files to the email address associated with this user? Thank  you.

    Reply

  • Ivan Dimitrov Ivan Dimitrov admin's avatar

    Posted on Jan 5, 2011 (permalink)

    Hello jelliott24,

    I sent a email to you from Client Service.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

    Reply

  • Developer avatar

    Posted on Jan 24, 2011 (permalink)

    hi Ivan, we bought two licenses of Sitefinity 3.x but I did not see an email with the 3.x service package updates when I ran a search on my mailbox.

    I tried to open a support ticket but it won't let me because our support ran out, how can I get the SPs please?

    Thanks,
    Noel Saw

    Reply

  • Ivan Dimitrov Ivan Dimitrov admin's avatar

    Posted on Jan 26, 2011 (permalink)

    Hello,

    Please contact our sales department directly to check your account and purchases. They will see what you are allowed to download.

    Best wishes,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

    Reply

  • Rob avatar

    Posted on Apr 23, 2012 (permalink)

    Hi,

    We are running SiteFinity 3 Community Edition and just got hacked by this exploit  in Feb 2012! We were not aware of any fix nor did i get an e-mail. Can you send me the fix via e-mail as well? Or better yet, you post the information for all to see? I have been searching Forums for close to an hour just to find this thread. These kinds of exploits (and their solutions) should get much better visibility on your site & forums.

    Thanks, Bob

    Reply

    • Register for webinar
Skip Navigation LinksHome / Developer Network / Forums / Sitefinity Older Versions (3.x): Security > sitefinity installation exploited