BIG BIG bug URGENT....

I have  run a security check script on my files and it seems some file are compromised via a security hole in some module:

./modules/boonex/open_social/integration/Application/Controllers/prefs/prefs.php: Suspicious(base64_decode): urldecode(base64_decode($_GET['st....


And when user trying to enter in my website NOD32 or Avast detect block IP of my website and can enter if ignore this alert... So what happen.. Dolphin have no security or what????

If i check my website with google test,Avg and virustotal ( online scan for website ) and nothing.. so  why??

 Until they have a chance to look into it, remove the open social module from your site. Then clean up your site.

Number of security problems found with various software over the last 3 years per the national vulnerability database.

Windows - 1,404
Linux - 840
Firefox - 377
Internet Explorer - 217
Mac OS X - 829

Boonex Dolphin. - Less than 10.

That should answer that question.

Ty for the fast reply,

  Because this module is uninstall at this moment .. and i have same problem again.    So i need to remove completely in my FTP ??

Regards.

The files are still there even when uninstalled, so yes. Remove them.

Si if i understand it's Open social to make  alert in AVG or NOD ??

Thats my best guess based on your first post. Which says /modules/boonex/open_social as suspicious.

./modules/boonex/open_social/integration/Application/Controllers/prefs/prefs.php: Suspicious(base64_decode): urldecode(base64_decode($_GET['st....

But avast could be triggered if you have compromised files on your site. Thats why i also said you need to clean your site. All files need to be scanned and any infections found removed. Compair your sites index.php to the origional provided with dolphin.

If you have given your FTP ID and password to anyone for work on your site, then change your passwords which you should do every time anyway. Security problems with dolphin is actually not the most common way sites get infected. FTP and security problems with the host servers operating system are the most common ways.

Only TMD hosting working on my website for a little problem but after i changing my ftp and admin password.

I buying from TMD HOSTING the Service AUDIT so i waiting for us for cleaning. But i don't understand why exactly my website is infected . Maybe someone exploit something in my website.

Ty a lot Deano i appreciate a lot for the fast answer.


P.S i remove open social completely from my FTP so i supposed it's ok now for this issue.

Ty a lot

The security software you scanned your site with is giving a false positive because open social uses base64_decode AND urldecode on a variable. There isn't anything wrong with open social or Dolphin.

The scanning software probably just thinks it's fishy because it's looking for something to be double encoded. Nothing to worry about.