HELP, Possible attacks everywhere!

obviously people have tried to join and I am getting these emails.

Total impact: 8
Affected tags: xss, csrf

Variable: REQUEST.DescriptionMe.0 | Value: <p>I\'m just a friendly guy who loves Jesus and loves his friends. I like to laugh, smile, and headbang to heavy metal! <img title=\"Laughing\" src=\"http://thechurchyard.net/plugins/tiny_mce/plugins/emotions/img/smiley-laughing.gif\" border=\"0\" alt=\"Laughing\" /> But other than that, I\'m a senior in high school, and I\'m glad to be part of a website truly geared towards answering God\'s message.</p>
Impact: 4 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1

Variable: POST.DescriptionMe.0 | Value: <p>I\'m just a friendly guy who loves Jesus and loves his friends. I like to laugh, smile, and headbang to heavy metal! <img title=\"Laughing\" src=\"http://thechurchyard.net/plugins/tiny_mce/plugins/emotions/img/smiley-laughing.gif\" border=\"0\" alt=\"Laughing\" /> But other than that, I\'m a senior in high school, and I\'m glad to be part of a website truly geared towards answering God\'s message.</p>
Impact: 4 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1

REMOTE_ADDR: 174.126.129.249
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:

second one:

Total impact: 12
Affected tags: sqli, id, lfi

Variable: REQUEST.fIM_userConfig | Value: {\"enableAudio\":true,\"enableTimestamp\":false}
Impact: 6 | Tags: sqli, id, lfi
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43

Variable: COOKIE.fIM_userConfig | Value: {\"enableAudio\":true,\"enableTimestamp\":false}
Impact: 6 | Tags: sqli, id, lfi
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Centrifuge detection data  Threshold: 3.49  Ratio: 2.5

REMOTE_ADDR: 98.230.20.106
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:

Have you made the security update changes?

What changes?

i have done a couple of the changesets.

the DescriptionMe field has security on it for attacks

we get this from simple copy and paste of "lorem epsum" from windows which uses curly brackets

define('BX_SECURITY_HTML', false);

in join.php will help till all security modules have been updated to work as they should.....stop real attacks and let thru your users.....

From another post of Alex.  Just follow the changeset and do what he says to help stop the PA.

New fix: http://www.boonex.com/trac/dolphin/changeset/13259

After this fix please clean /cache/ directory and reinstall one of these modules:


ads
articles
avatar
blog
events
feedback
files
forum
groups
news photos
poll
sites
sounds
store
videos



Two new security options were added in Administration -> Settings -> Advanced Settings -> Other. Now you can control when to just send mail about possible attack and when to stop aggressor. There is an impact number, if impact is high(> 25) then security risk is high too.

Oh yeah I saw that but does it address this issue with the nav menu builder?  I didnt see any changes to nav_menu_compose in the latest fix and changeset 13237 fix broke the page.

Thanks for keeping on top of this!

Don't do the changes to the nav_menu builder, for me it just causes a blank page to appear and others have problems too.

newest email:

Total impact: 12
Affected tags: sqli, id, lfi

Variable: REQUEST.fIM_userConfig | Value: {\"enableAudio\":true,\"enableTimestamp\":false}
Impact: 6 | Tags: sqli, id, lfi
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43

Variable: COOKIE.fIM_userConfig | Value: {\"enableAudio\":true,\"enableTimestamp\":false}
Impact: 6 | Tags: sqli, id, lfi
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Centrifuge detection data  Threshold: 3.49  Ratio: 2.5

REMOTE_ADDR: 66.184.151.170
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home2/thechur3/public_html/profile.php
QUERY_STRING: ID=favicon.ico
REQUEST_URI: /favicon.ico
QUERY_STRING: ID=favicon.ico
SCRIPT_NAME: /profile.php
PHP_SELF: /profile.php