HelpDesk 18.03.2016 2271 Support Status: Closed Solution: Yes prosferatu
hello,
I received this mail from server's antivirus:
PATH: /home*/*/public_html/ /var/www/html/ /usr/local/apache/htdocs/
RANGE: 1 days
TOTAL FILES: 4508
TOTAL HITS: 2
TOTAL CLEANED: 0
FILE HIT LIST:
{HEX}base64.inject.unclassed.6 : /home/*/*/help/operator/template/setting.php => /usr/local/maldetect/quarantine/setting.php.2938530106
{HEX}base64.inject.unclassed.6 : /home/*/*/help/operator/template/setting.php => /usr/local/maldetect/quarantine/setting.php.2418419826now I can not reach Settings/settings menu. Please help me about it. Thanks.
Release date: 07.02.2024
PHP 8.3 ready, ChatGPT improvements and much more...
Release date: 13.02.2024
PHP 8.3 ready, ChatGPT, improved language files and bug fixes.
Release date: 25.04.2024
Multiple Clients on Tickets, Upload your Logo, bug fixes.
Release date: 20.02.2024
PHP 8.3 ready, ChatGPT improvements, bug fixes.
We program modern and fast web and mobile software, always responsive and mobile first! Not just great software also world class support, rated an average of 4.9 out of 5 stars! When you need support from us you will get it!
Feel free to contact us via our contact form at any time, we usually respond in less then 24 hours or start a chat conversation when we are online.
Thank you for opening a support ticket.
That is a firewall rule your host has set and is not a HelpDesk error. The Firewall rule will check for a file name and if base64_decode is called inside that file it will be blocked. Please ask them to cancel this rule or adapt it for that certain file.
base64_decode is a normal php function and should not be blocked, we are aware that certain hackers use that function to hide some of there code in their files but your host should be able to detect this without blocking files that use that function in a good way.
thanks. This will cause vulnerabilities in the future but this is the only way to achieve help desk goal -.-
Sorry, I don't understand why should that cause a vulnerability? As I explained above there is nothing to worry about base64 if used the proper way. Your host only needs to make an exception for that particular file or setup the firewal correctly from the beginning.
To prevent any future problems with miss configured firewalls from certain hosting providers we have adapted our code. You can can update to 1.4.2 or higher and it should not happen again.
Important you need to reset the settings and save it again.
Thank you very much.
thanks :) good luck in the future...