Jump to:

17488 Posts in 4473 Topics by 1978 members

Archive

SilverStripe Forums » Archive » CSF identifying SS files as suspicious

Our old forums are still available as a read-only archive.

Moderators: martimiz, Howard, Sean, Ryan M., biapar, Willr, Ingo, simon_w

Page: 1 2
Go to End
Author Topic: 2038 Views
  • marikas
    Avatar
    Community Member
    24 Posts

    CSF identifying SS files as suspicious Link to this post

    26 November 2007 at 3:04am Last edited: 26 November 2007 3:06am

    Hi,

    I use the CSF firewall on my server and after installing SS I got about twenty warning emails from it telling me that:

    Time: Mon Nov 26 01:29:04 2007
    File: /tmp/silverstripe-cache-home-[ACCOUNTNAME]-public_html-silver/cache.php
    Reason: Script, file extension
    Owner: [ACCOUNTNAME]:[ACCOUNTNAME]
    Action: Moved into /etc/csf/suspicious.tar

    Time: Mon Nov 26 00:13:20 2007
    File: /tmp/silverstripe-cache-home-[ACCOUNTNAME]-public_html-silver/manifest_home_[ACCOUNTNAME]_public_html_silver_sapphire_main.php
    Reason: Script, file extension
    Owner: [ACCOUNTNAME]:[ACCOUNTNAME]
    Action: Moved into /etc/csf/suspicious.tar

    I installed the latest RC (downloaded direct from here) Should I be concerned?

    TIA

  • DaveP
    Avatar
    Community Member
    48 Posts

    Re: CSF identifying SS files as suspicious Link to this post

    26 November 2007 at 11:18am

    Hi Marikas,

    Isn't the whole point of a firewall for you to be able to add this warning as an inclusion so it doesn't keep bothering you ?

    cheers, Dave Porter

  • marikas
    Avatar
    Community Member
    24 Posts

    Re: CSF identifying SS files as suspicious Link to this post

    26 November 2007 at 11:58am

    Thanks DaveP,

    I appreciate you taking the time to post a response.

    I know the point of a firewall is so that I can tell it to stop bothering me, but i'm a rebel. I like it to bother me when it gets suspicious of something. If it tells me there is a suspicious file on my server, I immediately investigate the matter, hoping against hope that I have not inadvertently uploaded a malicious script of some form or other.

    Being but a virgin in the *cough*art*cough* of coding, I am about as clueless about whether there is a vulnerability in the script as George Bush is on international Affairs.

    For all I know the silverstripe server may have been hacked like Joomla.org was a short while ago and the latest silverstripe RC replaced with a vulnerable version.

    Far fetched I know, and no, TBH I didn't for a second even imagine that had occurred. However, please don't brush aside my post by virtually saying "umm... ok n00b, didn't you realize you had to tell your firewall not to warn you about Silverstripe".

    I posted it here because Jonathan's CSF (firewall) is hugely popular and many folk, n00bs like myself ;) , will wonder the same as I did. I felt the Silverstripe team might want to put a notice in the install script saying "if you have CSF, expect warnings about this but fear not, it is completely safe!".

    Thank you for your time. I truly appreciate the efforts of the Silverstripe team and thought this tiny bit of feedback about my initial experience with the script might interest them. Feel free to ignore this thread

    Cheers

  • DaveP
    Avatar
    Community Member
    48 Posts

    Re: CSF identifying SS files as suspicious Link to this post

    26 November 2007 at 1:36pm

    Hi Marikas,

    Thanks for your thoughts...

    I certainly did not imply that you should just allow the warning to go un-abated just to stop the annoyance.

    As I've been using SS for a few weeks now and the ss files are simply HTML files with control codes which are calls to code you have complete control over, I have faith in what they do.

    But you are right to be wary - I'd be interested to see what some of the other people here have to contribute to this discussion.

    regards, Dave Porter

  • DaveP
    Avatar
    Community Member
    48 Posts

    Re: CSF identifying SS files as suspicious Link to this post

    26 November 2007 at 1:38pm

    I just went back and reread your initial post and is it possible that your firewall is set to warn on .php files ? This appears to be what is is complaining about !

    Dave

  • marikas
    Avatar
    Community Member
    24 Posts

    Re: CSF identifying SS files as suspicious Link to this post

    26 November 2007 at 11:34pm

    Thanks Dave,

    I'm sure if there was anything dodgy about the files, I would have heard from the SS team by now. Hmmm.. that acronym(SS) has a tainted history lol. Need a better sounding one.

    Thanks for the second suggestion as well, but no, that can't be it. My box has about 30 Joomla (php) sites on it.

    Anyway, I'll just take your advice and tell CSF to ignore the "suspicious" files in question.

    Cheers

  • DaveP
    Avatar
    Community Member
    48 Posts

    Re: CSF identifying SS files as suspicious Link to this post

    26 November 2007 at 11:59pm

    Oh, Did you hate Social Studies at school ?
    Dave

  • marikas
    Avatar
    Community Member
    24 Posts

    Re: CSF identifying SS files as suspicious Link to this post

    27 November 2007 at 5:45pm

    LOL. nope, only math.. with a vengence!!

    http://en.wikipedia.org/wiki/SS

    ugghh... feel dirty just posting the link here.

    2038 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.