Security issue in start/stop/restart script thread

Post by **steve** » Sun 06 Dec 2015 9:47 am

It looks like something has been posted in the thread about Jan's start/stop/restart script thread - https://cumulus.hosiene.co.uk/viewtopic.php?f=27&t=13767 - which Apache's security module is getting upset about, and it is returning a 418 error. I have looked at the error log, and I can see the relevant security error, but it's not clear exactly what the problem is. I can see the phrases "Backdoor access", "severity critical" and "malicious software/trojan" however, and that doesn't sound nice.

I don't think anyone has done this deliberately; perhaps they have a virus on their PC, or perhaps, given the topic of the thread, the security module has just been confused by some shell script which someone has legitimately included in their post.

I have asked Dreamhost if they will explain the message and what I need to do to fix it.

jank · Post by **jank** » Sun 06 Dec 2015 10:45 am

Hello Steve
Yesterday evening I posted my last answer with the option CODE (in your editor). Everything else was plain text
There were 6 lines in this Code but I don't think, they are a security risk.
It was this code snipped

Code: Select all

## Assuming that CumulusMX is installed in /home/pi/CumulusMX - if not exist CumulusMX.exe, search HD for the correct installation Path
 if [ ! -f "/home/pi/CumulusMX/CumulusMX.exe" ];then
      INSTPATH=$(find / -type d -name "$IPATH" -print 2>/dev/null |head -n1) > /dev/null
    else
      INSTPATH="/home/pi/CumulusMX/"
 fi

I don't think this is dangerous

In my last post, I did not send any new script and, my post was not the last post at this day.
I recognized the Problem on the Webserver this morning, when I tried to read the answer from jpsc
Jan

jpsc · Post by **jpsc** » Mon 07 Dec 2015 12:05 pm

I think it was my post, it did contain some scripts and SSH screen snippets.

Post by **steve** » Mon 07 Dec 2015 12:10 pm

Were there any attachments, or was it all pasted into the message itself? I can delete the contents of your post via the database.

jpsc · Post by **jpsc** » Mon 07 Dec 2015 12:12 pm

No attachments, only snippets in Code brackets.

Post by **steve** » Mon 07 Dec 2015 12:16 pm

I tried posting the contents of your post in a new thread and got the same problem. I don't understand why the security module thinks it's a problem, it must be being over cautious.

Post by **steve** » Mon 07 Dec 2015 12:26 pm

I've deleted the contents of your post and reposted it as an image, although the formatting is a bit poor as a result.

Cumulus Support

Security issue in start/stop/restart script thread

Security issue in start/stop/restart script thread

Re: Security issue in start/stop/restart script thread

Re: Security issue in start/stop/restart script thread

Re: Security issue in start/stop/restart script thread

Re: Security issue in start/stop/restart script thread

Re: Security issue in start/stop/restart script thread

Re: Security issue in start/stop/restart script thread