Support Tickets - Marked as suspicious and quarantined items

Marked as suspicious and quarantined items

HelpDesk 18.03.2016 2293 Support Status: Closed Solution: Yes prosferatu


I received this mail from server's antivirus:

PATH:          /home*/*/public_html/ /var/www/html/ /usr/local/apache/htdocs/
RANGE: 1 days

{HEX}base64.inject.unclassed.6 : /home/*/*/help/operator/template/setting.php => /usr/local/maldetect/quarantine/setting.php.2938530106
{HEX}base64.inject.unclassed.6 : /home/*/*/help/operator/template/setting.php => /usr/local/maldetect/quarantine/setting.php.2418419826

now I can not reach Settings/settings menu. Please help me about it. Thanks.

Replies (5)

  • avatar Jerome

    Thank you for opening a support ticket.

    That is a firewall rule your host has set and is not a HelpDesk error. The Firewall rule will check for a file name and if base64_decode is called inside that file it will be blocked. Please ask them to cancel this rule or adapt it for that certain file.

    base64_decode is a normal php function and should not be blocked, we are aware that certain hackers use that function to hide some of there code in their files but your host should be able to detect this without blocking files that use that function in a good way.

    18.03.2016 0
  • avatar prosferatu

    thanks. This will cause vulnerabilities in the future but this is the only way to achieve help desk goal -.-

    20.03.2016 0
  • avatar Jerome

    Sorry, I don't understand why should that cause a vulnerability? As I explained above there is nothing to worry about base64 if used the proper way. Your host only needs to make an exception for that particular file or setup the firewal correctly from the beginning.

    20.03.2016 0
  • avatar Jerome

    To prevent any future problems with miss configured firewalls from certain hosting providers we have adapted our code. You can can update to 1.4.2 or higher and it should not happen again.

    Important you need to reset the settings and save it again.

    Thank you very much.

    23.03.2016 0
  • avatar prosferatu

    thanks :) good luck in the future...

    23.03.2016 0