Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Bobi 235 posts 637 karma points
    May 27, 2019 @ 14:17
    Bobi
    0

    Security Issue? Ransomwear

    Hi there,

    I have received 3 contact form requests through an umbraco 7.10.4 website from what appears to be a spam bot indicating some type of ransomwear:

    "Hey. Soon your hosting account and your domain [website] will be blocked forever, and you will receive tens of thousands of negative feedback from angry people.

    Here is a list of what you get if you don’t follow my requirements: + abuse spamhouse for aggressive web spam + tens of thousands of negative reviews about you and your website from angry people for aggressive web and email spam + lifetime blocking of your hosting account for aggressive web and email spam + lifetime blocking"

    1) Is there any security concern regarding the umbraco 7.10.4 release? 2) Are there any preventative measures I can take to avoid any issues like this? I have heard about umbraco cloud, but I'm not sure if it will make the website not function smoothly since the current website is being hosted on a Windows server configuration in IIS.

  • Paul Seal from codeshare.co.uk 356 posts 1862 karma points MVP 2x c-trib
    30 days ago
    Paul Seal from codeshare.co.uk
    1

    Have a read of this post. It tells you about a much needed update to Client Dependency.

    https://umbraco.com/blog/security-advisory-patch-for-your-site-is-now-available/

  • Bobi 235 posts 637 karma points
    29 days ago
    Bobi
    0

    I have. For some reason I cannot get into that back end admin console after making the manual change. Any ideas?

  • andy 20 posts 89 karma points
    29 days ago
    andy
    0

    On top of making sure you patch client dependency I'd also suggest adding a recaptcha to your form to reduce the likelihood of bots spamming it.

    If the form in question is an Umbraco Form then there should already be an option to add a ReCaptcha as a form field.

  • Bobi 235 posts 637 karma points
    29 days ago
    Bobi
    0

    This is already implemented.

  • andy 20 posts 89 karma points
    28 days ago
    andy
    0

    When you say you cannot get into the back end admin console, what are you seeing? Are you receiving an error message? a blank screen?

    Have you tried clearing out the client dependency folders/cache/cookies etc?

  • Bobi 235 posts 637 karma points
    1 week ago
    Bobi
    0

    Sorry, this was a server issue where the server was blocking the IP address I was using.

Please Sign in or register to post replies

Write your reply to:

Draft