Patch Against Hacks For SP Page Builder 3.8.10 And Associated Helix - Question | JoomShaper

Patch Against Hacks For SP Page Builder 3.8.10 And Associated Helix

P

Petra

SP Page Builder 1 week ago

Hi,

could you please release a patch for SP Page Builder for Joomla 3 and related Helix? There are still plenty of sites which can't be migrated due to other customization and looks like the hackers exploited some of the vulnerabilities that you fixed for SP Page Builder 6.6.2.

It is critical. Thank you.

0
13 Answers
R
Rvdzande
Accepted Answer
1 week ago #227451

Or any way we can disable the iconfont upload? I assume by disabling the icon addon (havent looked into it).

I have one site which 'will be migrated to Odoo' any time (the customer says this for over a year). It keeps getting delayed due to regulations at the franchise.

0
Ziaul Kabir
Ziaul Kabir
Accepted Answer
Support Agent 1 week ago #227453

Hello,

We sincerely apologize for the inconvenience caused.

Please follow this post as a work around, there is no option to disbale custom icon upload from settings: https://www.joomshaper.com/forum/question/45258

You can also use the following security scanner to help identify malicious files and delete them: https://github.com/zkrana/joomla-security-scanner

Please make sure to read the README.md file in the repository for instructions on how to run the tool. After completing the cleanup and upgrading to v6.6.2, please let us know the outcome or if you need any further assistance.

We'll be happy to help. Thank you.

0
R
Rvdzande
Accepted Answer
1 week ago #227467

I am using mysites.guru which works fine for the scan, but good alternative you mentioned. The issue is that version 6.x is not working with Joomla 3.x. Well the main issue is Joomla 3.x still being active offcourse :)

0
Ziaul Kabir
Ziaul Kabir
Accepted Answer
Support Agent 1 week ago #227471

Great.

Please, let us know the update.

0
R
Rvdzande
Accepted Answer
1 week ago #227698

I ended up removing a lot of lines (for font upload) from the asset.php file. Since than I am not getting any odd uploads in my Joomla 3.x site with SP Pagebuilder 3.x.

Also used Mysites.guru to apply some other Joomla 3.x fixes, including things which have been patched by the eLTS program. See the Mysites.guru blog here (btw I am in no way affiliated with them):

https://mysites.guru/blog/how-to-fix-joomla-3-security-issues-with-a-single-click/

0
Ziaul Kabir
Ziaul Kabir
Accepted Answer
Support Agent 1 week ago #227818

Thanks If everything is working fine now, please mark the question as complete by accepting any of our answers.

Thank you!

0
R
Rvdzande
Accepted Answer
1 week ago #227823

I would rather see an official patch for this, but since this helps (but breaks function) I am also willing to share.

0
Ziaul Kabir
Ziaul Kabir
Accepted Answer
Support Agent 1 week ago #227857

We've provide a manual patch here: https://www.joomshaper.com/forum/question/45258

Thanks

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 1 week ago #227865

@Rvdzande

  1. SPPB 3.8.10 don't have feature (Custom Icons) that was used by hackers in SPPB 5x-6.6.1
  2. Install firewall component for your old Joomla sites.

If you're still using the old version (of Joomla etc), you have to take the risk yourself, which is why the extra work and associated costs are necessary. It's like driving an old car without a warranty.

0
R
Rvdzande
Accepted Answer
1 week ago #227885

I think you are wrong there with point 1) because my old SPPB 3.8.10 site also had the font uploads which happened in Joomla 6.x sites. The asset.php file in both 3.x and 6.x looked the same and this was likely manipulated. Since I removed the font upload possibility from my 3.x asset.php I havent seen any odd fonts.

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 1 week ago #227911

I wrote about Custom Icons upload, that is No1 in Firewall logs. And that feature didn't exist in SPPB 3.8

info__343.jpg

2nd, SPPB 3.8 don't have also Custom Font Upload feature.

After all I wasn't wrong ;p anyway, thx

0
R
Rvdzande
Accepted Answer
1 week ago #227960

I don't get it. My 3.x site was possitively identify for the uploaded fonts hack various times till I changed the script. Also I haven't seen the firewall post, can you share a link (and what are you using?)

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 5 days ago #228257

My screenshot is from RSFirewall (commercial). As you saw they are trying (blind attack) but they cannot do anything. Those are bots, not humans!

Free component ( https://htprotect.org/en/ ) it should protect your site (J3-J6) as well.


0