Possible security attack while adding a new event

Hi there,

we have tried to add a new event and did get the following warning:

<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 415 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-520092929 1073786111 9 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman","serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 2.0cm 70.85pt; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} -->

“Possible security attack!!! All data has been collected and sent to the site owner for analysis.”

The source of the problem seems to be in this snippet of plain text, which comes out of a UE32 and not any website or text editor like word:

Ladies and Gentlemen!

Nach der fantastischen LIMITED EDITION II in der KingKa Suite - dem ein gewaltiges Nachbeben folgte –
müssen wir in aller Bescheidenheit gestehen: Dies war nur das Vorspiel!!!

LUCKY EVENTS präsentiert:
LIMITED EDITION EPISODE III am 05.12. 09 in einer ganz besonderen und extravaganten Location -
Rheintriadem (alte Bahndirektion).

Musik: Bedrud, Capillari & Salvavida (Art of House), GeeStar & DaNima (TeenagerRastenHouse), Bedrud (rotfenstermusik)
Location: Rhein Triadem, (alte Bahndirektion), Konrad-Adenauer-Ufer 3, 50668 Köln

Hierbei handelt es sich - wie immer bei uns - um eine Privatveranstaltung, zu der nur eigens geladene Gäste Zutritt haben! Nur 900 limitierte Gästelistenplätze

Akkreditierung: Per email mit Vor- und Zunamen von Dir und Deiner Begleitpersonen an vip@lucky-events.com
oder sms an 0178 - 34 84 942 oder Facebook Hamed Sarveniazi

Tischreservierungen: bitte telefonisch bei Ira Meindl 0177 88 46 627
Eintritt: 10€ (mit Gästeliste)

Dresscode: sexy & chic
Wir freuen uns auf Euch,
Limitierte Grüße
Euer Limited Edition-Team!

Hope anybody has an idea what the issue is.

Best

dknadmin

which version are you running on the RC? there is a patch for this issue. and that is fixed in the RC2.

Regards,

DosDawg

Dear DosDawq,

we're running RC2, so it does not seem to be fixed.

Best

dknadmin

What was the total impact of that email? Should have been at the very top. Total Impact: ##

You can change these impact levels by going to Admin Panel >Advanced Settings> Other

Change the impact level to send emails above the total impact level you got in this email (default is 9, might change to something like 15). If it is blocking you from the site you can bump that level as well.

Do not bump to high or else you put your site at risk for actual attacks.

Chirs

this happens when you copy from mso clients like word, one note, power point and others. If you need to copy paste from these programs you need to clean up in html. Go to html in your editor and remove this codes, you can also remove formatting and clean messy code by using the respective icons in editor, but this doesn't always work.

It's ms crap as usual. This happens with almost any none ms editor around.

yes it seems correct taht when some one copy paste from MS word or other html rich editors this give that error.
Look ,that dark side of the soft ware is known by the site admis may be but what about a user who come register and try to post his data like. some one posting a classified ad or description of his/her store. and when it presses the go button this tell user that you data is sent to admin for review etc. that is not a correct thing for a user in such busy time and world people wont wait they walk even run forward to others
Any know if in such case we can display a suitable message for the front end users? like admin customize his own message for the users if they face that propblem in stead of a message that your data is sent to Admin etc.....
like in my case i want to tell my users that go on Back page and remove any html tags like back slash etc adn try again. etc
please help me to do it. or is ther any way we can make the editor totaly plain so that users can submit their data with our interruption.??

.