[Vtigercrm-developers] Block vtigersupport.com from your servers and other security checks

[nilay khatri]

I am not sure how many service providers have been affected from a hacking
attack.

But there is some one notorious who is targeting Vtiger Open Source
installations.

We have received requests from over 250 Vtiger Open Source users to check
the installations, as they have been compromised and it presents a yellow
Screen with some sort of message.

One common thing which we have observed is that the attacker modifies the
Login action and adds code to send user's login information to
vtigersupport.com .

We have informed Vtiger team as well about this and request the whole
community to have a check on the CRM installations done by them and to set
up rule to block any network traffic to vtigersupport.com.

Also look for the following:

1. if there is any occurrence of VGS Document Manager module, if you have
not installed it explicitly. Make sure if you have installed it, the file
permissions are good so that users can not explore any files on server
which they are not supposed to. (No hard feelings, VGS/Maggi)

2. Check for any malicious file in WSAPP, SMSNotifer modules directory and
language folders

If possible and not required, disable the option to import zip files form
Module Manager

We will be sharing more information on this soon and also with a security
update.

-Nilay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190611/0d90fd41/attachment-0001.html>