URGENT: Mining-script in Primfaces-Page? Where does it come from??
-
- PrimeFaces Core Developer
- Posts: 3979
- Joined: 03 Dec 2010, 14:11
- Location: Bavaria, DE
- Contact:
The URL should be the same actually - but not sure. Blocking can be simple done in apache or nginx AFAIR.
Thomas Andraschko
PrimeFaces | PrimeFaces Extensions
Apache Member | OpenWebBeans, DeltaSpike, MyFaces, BVal, TomEE
Sponsor me: https://github.com/sponsors/tandraschko
Blog: http://tandraschko.blogspot.de/
Twitter: https://twitter.com/TAndraschko
PrimeFaces | PrimeFaces Extensions
Apache Member | OpenWebBeans, DeltaSpike, MyFaces, BVal, TomEE
Sponsor me: https://github.com/sponsors/tandraschko
Blog: http://tandraschko.blogspot.de/
Twitter: https://twitter.com/TAndraschko
From what I can tell it can be any URL that has "pfdrid=" in the URL as a query param is what looks like a resource that triggers the PrimeResourceHandler.
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 13.0.0 / PF Extensions 13.0.0
PrimeReact 9.6.1
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 13.0.0 / PF Extensions 13.0.0
PrimeReact 9.6.1
dataCore commented 5 days ago
Temporary fix in apache config (/etc/apache2/sites-available/-ssl) by blocking (deny access) the exploit xhtml page:
<Location /javax.faces.resource/dynamiccontent.properties.xhtml>
Order allow,deny
Deny from all
</Location>
WARNING: if your page uses a functionality from 'dynamiccontent', it won't work anymore
I'm with the same problem with the miner script, I found that temporary fix
-
- Posts: 1
- Joined: 25 Jan 2018, 12:45
The novelty and what they are now using for mining. After the compromised marquina and installed a bot that varnishes ranges of vulnerable ips.
Here's how the bug is explored first.
http://blog.mindedsecurity.com/2016/02/
Here's how the bug is explored first.
http://blog.mindedsecurity.com/2016/02/
I'm using Primeface v 5.3 from maven. How can I update to 5.3.8? I tried registering as an Elite member of this site, but the cart cannot process my credit card (Actually my cc rejects the purchase). Any help is appreciated since I have that miner showing up every day.optimus.prime wrote: ↑19 Jan 2018, 09:49There was a security issue in PrimeFaces 5.x, please update PrimeFaces to get this patched. The minimum versions required for the patch are;
5.2.21, 5.3.8 or 6.0
Damian
-
- PrimeFaces Core Developer
- Posts: 3979
- Joined: 03 Dec 2010, 14:11
- Location: Bavaria, DE
- Contact:
I would contact PrimeTek directly if buying something from the store doesn't work.
Thomas Andraschko
PrimeFaces | PrimeFaces Extensions
Apache Member | OpenWebBeans, DeltaSpike, MyFaces, BVal, TomEE
Sponsor me: https://github.com/sponsors/tandraschko
Blog: http://tandraschko.blogspot.de/
Twitter: https://twitter.com/TAndraschko
PrimeFaces | PrimeFaces Extensions
Apache Member | OpenWebBeans, DeltaSpike, MyFaces, BVal, TomEE
Sponsor me: https://github.com/sponsors/tandraschko
Blog: http://tandraschko.blogspot.de/
Twitter: https://twitter.com/TAndraschko
Hello,
We are currently affected by this exploit.
Our website get the jhondi33.duckdns.org... deepMiner.js
Avast, AVG notifed our users about a security issue. Chrome up to 100% cpu.
Internet explorer open a popup with 404 error.
It becomes a nightmare
I looked at the pom.xml in our app :
<!-- Servlet et pages -->
<mojarra.version>2.1.18</mojarra.version>
<primefaces.version>5.2</primefaces.version>
<primefaces-themes.version>1.0.10</primefaces-themes.version>
<primefaces-extensions.version>3.2.0</primefaces-extensions.version>
<java-ee-api.version>6.0</java-ee-api.version>
The app was made by a third party 2 years ago. I was not in the society at this time. But, now, I have to fix it
I do not find any information about any suscription.
As it is a maven project, I think it is a maven version.
I saw update from 5.2 to 5.3 have no issues. https://github.com/primefaces/primeface ... tion-Guide
I download the 5.3 version from maven website.
But which 5.3 is it ? Is it the last one with the patch ? I can see also a v5.3 RC2. What is it ?
I am not enough confortable to upgrade to v6.1 as I do not know how the app really works. (and have no really skills in java).
And I will not have the money to pay the fix from my board.
I will try to block it with Apache this afternoon.
Looking for any advices, Hints ot wathever.
Guillaume
We are currently affected by this exploit.
Our website get the jhondi33.duckdns.org... deepMiner.js
Avast, AVG notifed our users about a security issue. Chrome up to 100% cpu.
Internet explorer open a popup with 404 error.
It becomes a nightmare
I looked at the pom.xml in our app :
<!-- Servlet et pages -->
<mojarra.version>2.1.18</mojarra.version>
<primefaces.version>5.2</primefaces.version>
<primefaces-themes.version>1.0.10</primefaces-themes.version>
<primefaces-extensions.version>3.2.0</primefaces-extensions.version>
<java-ee-api.version>6.0</java-ee-api.version>
The app was made by a third party 2 years ago. I was not in the society at this time. But, now, I have to fix it
I do not find any information about any suscription.
As it is a maven project, I think it is a maven version.
I saw update from 5.2 to 5.3 have no issues. https://github.com/primefaces/primeface ... tion-Guide
I download the 5.3 version from maven website.
But which 5.3 is it ? Is it the last one with the patch ? I can see also a v5.3 RC2. What is it ?
I am not enough confortable to upgrade to v6.1 as I do not know how the app really works. (and have no really skills in java).
And I will not have the money to pay the fix from my board.
I will try to block it with Apache this afternoon.
Looking for any advices, Hints ot wathever.
Guillaume
Community version 5.3 is not enough. You would need paid version 5.3.X. I do not know the "X" off hand, just that you would need to pick your point release and "5.3" isn't enough on its own.eodom wrote: ↑30 Jan 2018, 13:42
As it is a maven project, I think it is a maven version.
I saw update from 5.2 to 5.3 have no issues. https://github.com/primefaces/primeface ... tion-Guide
I download the 5.3 version from maven website.
But which 5.3 is it ? Is it the last one with the patch ? I can see also a v5.3 RC2. What is it ?
I am not enough confortable to upgrade to v6.1 as I do not know how the app really works. (and have no really skills in java).
Regarding 6.1, for our pages it was as easy as choosing the new version and rebuilding. We happened to not use any of the breaking changes in the migration notes. https://github.com/primefaces/primeface ... tion-Guide. It's worth a build for you to try!
-
- Information
-
Who is online
Users browsing this forum: No registered users and 23 guests