vi-solutions
Software + Internet

Joomla 5 Mitteilung

Wir freuen uns mitteilen zu können, dass seit dem 29. Januar 2024 alle unsere Joomla Erweiterungen mit Joomla 5 kompatible sind.

Für alle die gerade noch von Joomla 3 auf 4 aktualisieren: Anleitungen für die Joomla 4 Migration gibt es hier:

Es gibt nun auch eine eigenständige Dokumentation für Visforms für Joomla 4 und für Visforms auf Joomla 5

Forum

Visforms Subscription Inhaber können in unserem Forum Fragen stellen. Bitte mit dem entsprechenden Benutzer anmelden.
Jeder kann lesend auf das Forum zugreifen.

Bitte stellen Sie nur 1 Frage pro Thema.

Cloud-tool mySites.guru detects vistools and vfsubscription as hack

Mehr
4 Jahre 4 Monate her #6441 von pwouda
Cloud-tool mySites.guru detects vistools and vfsubscription as hack wurde erstellt von pwouda
Hi,

This week I have a subscription on mySites.guru, a tool that makes it easy to keep track of updates of multiple Joomla-sites.
It also checks if there are vulnarabilitys in the code. There are three files form Visforms that are marked as vulnarable:
/administrator/components/com_visforms/controllers/vistools.php
/administrator/components/com_visforms/models/vistools.php
/administrator/manifests/packages/vfsubscription/script.php

See also:
[img


Do you know about this vulnarability and is there a way for you to prevent this?

Best regards,
Peter
Peter Wouda
Noordoost.nl
www.noordoost.nl

Mehr
4 Jahre 4 Monate her #6442 von Administrator AV
Administrator AV antwortete auf Cloud-tool mySites.guru detects vistools and vfsubscription as hack
Hi Peter,

thank you very much for providing this interesting information based on your test results!
The short test results list tells me, that there is no hack and no vulnerability found in visForms at all.
This is good news, but also no unexpected news because we do have quite an IT security expert in our team!

Just to correctly quote your test results: The files are not 'marked as vulnerable' but marked as 'suspect content'.
You do realize that all the 5 listed suspected contents are simply about the naming of PHP code variables and functions?
It seems to me that they are all motivated by the harmless occurrence of the same literals most likely 'redirectmail', which is basically what the code was written for.

Here is a tiny question to you:
Should I avoid having readable Code in order to not get listed as 'Suspect Content' in any static code inspection tool there is?

As a matter of facts, visForms has never been on any vulnerable extensions list.
A static code analysis tool, which you have at your service now, is definitively part of any meaningful security tool stack.
But when it comes to real professional high-quality site security, there is nothing that can replace actual live site Penetration Testing (PT).

We do provide to our project customers individual Cyber Security Checks including the mentioned live site Penetration Tests, Page Speed Optimization, Page Diagnostic and General Optimizations.
In case you need any of these, just have a short look at our company web site (Home, About us) and feel free contacting us.

Best Regards,
Aicha
:idea: I recommend you the new and up-to-date documentation for Joomla 4:
docs.joomla-5.visforms.vi-solutions.de/en/docs/
Most of this also applies retrospectively to Joomla 3.
Please only ask 1 question per topic :-).

:idea: Ich empfehle Dir die neue und aktuelle Dokumentation für Joomla 4:
docs.joomla-5.visforms.vi-solutions.de/docs/
Das meiste gilt rückwirkend auch für Joomla 3.
Bitte immer nur 1 Frage pro Thema stellen :-).

Mehr
4 Jahre 4 Monate her #6445 von pwouda
pwouda antwortete auf Cloud-tool mySites.guru detects vistools and vfsubscription as hack
Hi Aicha,
You are right about the 'suspect content'. Looking further in detail Mysites.guru marks every base64_decode as suspect. Not only in your code, but also in Hikashop and other extensions.

I will contact MySites if there is a way for me to mark these files as 'save'.
Thanks for the quick and accurate response!

Best regards,
Peter
Peter Wouda
Noordoost.nl
www.noordoost.nl

Moderatoren: Administrator AVAdministrator IV
Powered by Kunena Forum

Visforms Subscription

Visforms Erweiterungen

Nützliche Erweiterung, die Visforms ergänzen und mit denen Sie Ihre Formulare nicht nur mit wenig Aufwand perfekt in die Funktionalität Ihrer Webseite integrieren können sondern die Visforms auch ganz neue Anwendungsbereiche erschließen können.

Info