[Vtigercrm-developers] Block vtigersupport.com from your servers and other security checks

Prasad prasad at vtiger.com
Wed Jun 12 04:22:03 GMT 2019 

Just to be clear Vtiger CRM Product does not open up access to unauthorized
users.

We highly recommend to ensure web-server is setup with best-security
practise
and access restriction be applied whenever possible to deny attempts from
untrusted
source or users.

It is also good to choose your hosting provider who has experience and
follows
best data-protection policies.

Regards,
Prasad
--
FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm> I
LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
<https://blogs.vtiger.com> I Website <https://www.vtiger.com/>


On Tue, Jun 11, 2019 at 10:01 PM nilay khatri <nilay.spartan at gmail.com>
wrote:

> I am not sure how many service providers have been affected from a hacking
> attack.
>
> But there is some one notorious who is targeting Vtiger Open Source
> installations.
>
> We have received requests from over 250 Vtiger Open Source users to check
> the installations, as they have been compromised and it presents a yellow
> Screen with some sort of message.
>
> One common thing which we have observed is that the attacker modifies the
> Login action and adds code to send user's login information to
> vtigersupport.com .
>
> We have informed Vtiger team as well about this and request the whole
> community to have a check on the CRM installations done by them and to set
> up rule to block any network traffic to vtigersupport.com.
>
> Also look for the following:
>
> 1. if there is any occurrence of VGS Document Manager module, if you have
> not installed it explicitly. Make sure if you have installed it, the file
> permissions are good so that users can not explore any files on server
> which they are not supposed to. (No hard feelings, VGS/Maggi)
>
> 2. Check for any malicious file in WSAPP, SMSNotifer modules directory and
> language folders
>
> If possible and not required, disable the option to import zip files form
> Module Manager
>
> We will be sharing more information on this soon and also with a security
> update.
>
> -Nilay
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190612/cd08982b/attachment.html>

More information about the vtigercrm-developers mailing list