Thread

Hi,

1&1;suspended my ExpressionEngine database for security reasons. A person tried to make an injection (add parameters on an URL according to 1&1;)

How to protect my database about it ?

Thank you

ExpressionEngine filters input, including query strings. They take security very seriously and it is known as a secure, stable application.

I suggest you ask 1&1;for the log files that show the injection attack and ask them what the results where. Is there a problem with your site?

Are you running any other sites / applications other than EE on your server?

If you post the log files that show the injection up here then either the community or the support crew will be able to help.

Yes, I have just EE applications (forum, blog) on the server.

OK. I will ask to 1&1;the log file that show the injection attack in order to show you.

As George notes, security is a priority concern for us.  Did 1&1;say if the attack was successful?  And those log files would be handy.  Or- are they just wondering what protection measures we have in place (extensive cross site scripting checks on all post, get, cookie and session data for one thing).

Also- what version and build are you running currently?  And are you running any non-EE scripts?

We’ll get it sorted for you- but more information on what 1&1;wants (and how the attack was initiated and whether it was successful) will help us pin things down.

Make sense?

I use the 1.6 version of ExpressionEngine.
I’ll have logs files in 2 days…

The only access to arrive in my control pannel, or to modify my database is http://mysite.com/system/index.php

1and1 have blocked my database because a person tried to to make an injection. Thanks to 1and1 without success but if my database is again attacked, i risk that my accout is suspended…

Thank you for keeping us updated. We take security very seriously indeed and will do our best to work with you on figuring out what’s going on.

1and1 have blocked my database because a person tried to to make an injection.

ExpressionEngine is quite good at preventing such attacks, including SQL injections. I am still a bit fuzzy about what actually happened, hopefully the log files will shed light on this issue.

Thank you.
I hope to have logs files very quickly…

I put the 1.6.3 version now.

Any progress on getting the logs?

If the logs will not be available to you for several days, any additional information you or your host could provide would be helpful.  If you don’t feel comfortable sending specific details publicly, feel free to email me privately at .(JavaScript must be enabled to view this email address) (but please only email me with private data, any additional technical support must be done through this thread).

I want you to know that you and 1 & 1 have our undivided attention, and we’ll move to quickly identify any issues that you can bring forward.

Thank you. When I have logs files, I sent you it by Email.

Much appreciated, sauvesourissss. Of the EllisLab staff who have responded in this thread, Derek is best suited to deal with this issue on a server, code and backend level, so it’s a good idea to send it directly to him.

The reason we keep on pressing is that we do take potential security issues very serious. If there are issues with EE we would like to learn about them as soon as possible and as much as we can, so they can be fixed quickly. If there are not, we would simply like to rule out that possibility, as I am sure you understand. Thank you.

sauvesourissss, any news in this matter? Just to let know we are still watching this thread very closely.

No news…

They suspended your account 5 days ago, and told you that they’d have more information for you in 2 days—you really need to be diligent here and insist that they provide you details (not for our sake, but for yours).  If they cannot or will not, and I were in your shoes, I’d go shopping for a new host.