AWiz users: beware of trojan! - GoFuckYourself.com

czarina · 12-01-2009, 12:53 PM

there's a trojan going around that attaches itself to pages via Awiz, thanks to the not-so-brilliant idea of Awiz' programmers to have all files chmoded to 777.
The cron functionality of Awiz will NOT stop it, but it'll notify you of any changes made to your scripts, so you should get the cron setup.

So far there's no real way to stop this trojan from spreading unless you change the chmod of your files, in which case AWiz functionality will be limited. What a PAIN IN THE BUTT!

DavieVegas · 12-01-2009, 01:12 PM

WTF u serious? Cant the Awiz guys fix this??? Its there script.

GrouchyAdmin · 12-01-2009, 01:22 PM

Why the hell should any piece of software rely on files being 777?

AIbenjamink · 12-01-2009, 02:15 PM

Quote:

Originally Posted by GrouchyAdmin

Why the hell should any piece of software rely on files being 777?

Strange, especially if the program files themselves are 777.

fatfoo · 12-01-2009, 02:44 PM

We'll burn Troy with the Trojan Horse. All aboard !!! Joking.

czarina · 12-01-2009, 04:01 PM

I have been in contact with the Awiz people in the last few weeks and they didn't offer any help, other than "setup your cron correctly".
These people have horrible customer service and they always seem to be in a bad mood.
The software itself is not too bad for the price, but the fact that the files have to be chmoded to 777 simply s*cks!

Shoplifter · 12-01-2009, 04:20 PM

Oh wow and we were just testing Awiz out.

Bump for the other sides comments.

nata25 · 12-02-2009, 01:42 AM

to czarina: your message is very strange.
First of all please specify your aWIZ licensed domain. Then we will check all correspondence with you and will post here more detailed comments.

In any case for now I can say that at least during latest year we never got any customers requests about trojans problems which has been responded with suggestion of just to adjust cron.

Les Grossman · 12-02-2009, 03:24 AM

Quote:

Originally Posted by nata25

to czarina: your message is very strange.
First of all please specify your aWIZ licensed domain. Then we will check all correspondence with you and will post here more detailed comments.

In any case for now I can say that at least during latest year we never got any customers requests about trojans problems which has been responded with suggestion of just to adjust cron.

The plot thickens.

nata25 · 12-03-2009, 03:07 AM

Dear czarina, will you be so kind to answer to my question and help us to make the situation clear for everyone? I sincerely hope this topic will not look like a groundless attempt of blackPR against aWIZ like it looks for now.

nata25 · 12-21-2009, 10:20 AM

No answer from czarina - OK, I found her ticket myself. Just a few short points:

1) aWIZ is not a firewall or antivirus to remove viruses/trojans - it is still CMS, however probably the only CMS who can detect known and unknown viruses/trojans (heuristics analysis) and notify the user for further actions. czarina never activated this protection, so no comments why she were blind in aWIZ areas.

2) in reality aWIZ provides an unique line of methods of EXTRA protection&safety which are not provided by most other scripts. Particulary aWIZ provides blocking of any kind of injections, so server couldn't be infected THROUGH aWIZ. In czarina's case never were proved (and I suppose even not investigated) that trojan were injected right through aWIZ.

3) CHMOD 777 is required by default to get to script the rights to work with the files, BUT it is absolutely not enough to inject the trojan. It is fact.

4) Anyway, CHMOD 777 can be changed to more secure ones if customer need it and asks us. Particulary chazina got such explanation in 8 minutes after she submitted her ticket. However since her hoster were unable to put one line onto the cron (as she said) - we suppose that permissions readjustment were all the more the task beyond their strength.

5) In given case we suppose took place quite rare combination of some other hole-ridden script (which were hacked) and CHMOD 777 at aWIZ area where trojan were placed. Sadly that all czarina's anger pointed to aWIZ, not to this unknown script or to dull hoster... But it's her right.

As anyone see that no other complaints about trojans with aWIZ at this thread, on this board or at any other boards WorldWide - we suppose that this particular case requires attention, but is not a reason for hysterics to all the world

In any case here are a few simple recommendations for other scripts users (not only aWIZ):
a) use phpsu apache mode, it solves the question of CHMOD 777 and actually now it is used by half hosters worldwide by default.
b) set even simple free firewall onto the server - it will block all harmful activity in both directions
c) if you are aWIZ user and hasn't "a" and "b" and are worry about safety of OTHER scripts on your server - contact us and we will explain how to avoid CHMOD 777.

Va2k · 12-21-2009, 12:29 PM

Quote:

Originally Posted by nata25

No answer from czarina - OK, I found her ticket myself. Just a few short points:

1) aWIZ is not a firewall or antivirus to remove viruses/trojans - it is still CMS, however probably the only CMS who can detect known and unknown viruses/trojans (heuristics analysis) and notify the user for further actions. czarina never activated this protection, so no comments why she were blind in aWIZ areas.

2) in reality aWIZ provides an unique line of methods of EXTRA protection&safety which are not provided by most other scripts. Particulary aWIZ provides blocking of any kind of injections, so server couldn't be infected THROUGH aWIZ. In czarina's case never were proved (and I suppose even not investigated) that trojan were injected right through aWIZ.

3) CHMOD 777 is required by default to get to script the rights to work with the files, BUT it is absolutely not enough to inject the trojan. It is fact.

4) Anyway, CHMOD 777 can be changed to more secure ones if customer need it and asks us. Particulary chazina got such explanation in 8 minutes after she submitted her ticket. However since her hoster were unable to put one line onto the cron (as she said) - we suppose that permissions readjustment were all the more the task beyond their strength.

5) In given case we suppose took place quite rare combination of some other hole-ridden script (which were hacked) and CHMOD 777 at aWIZ area where trojan were placed. Sadly that all czarina's anger pointed to aWIZ, not to this unknown script or to dull hoster... But it's her right.

As anyone see that no other complaints about trojans with aWIZ at this thread, on this board or at any other boards WorldWide - we suppose that this particular case requires attention, but is not a reason for hysterics to all the world

In any case here are a few simple recommendations for other scripts users (not only aWIZ):
a) use phpsu apache mode, it solves the question of CHMOD 777 and actually now it is used by half hosters worldwide by default.
b) set even simple free firewall onto the server - it will block all harmful activity in both directions
c) if you are aWIZ user and hasn't "a" and "b" and are worry about safety of OTHER scripts on your server - contact us and we will explain how to avoid CHMOD 777.

Your English sucks, but the script rocks!

raymor · 03-01-2010, 07:29 PM

Quote:

Originally Posted by czarina

So far there's no real way to stop this trojan from spreading unless you change the chmod of your files, in which case AWiz functionality will be limited. What a PAIN IN THE BUTT!

Sorry to bump an old thread, but what exactly does "AWiz functionality will be limited" mean?
Does that mean it will completely stop working, more or less, or some minor features will
be disabled? If it means disabling minor features, it would be well worth it, IMNSHO.
(In my not so humble opinion).

Shoplifter · 03-01-2010, 07:37 PM

I thought the vulnerability was recently patched..

nata25 · 03-02-2010, 01:14 AM

The vulnerability was patched once it was defined and investigated. Also at Dec 2009 on aWIZ board was published detailed recommendations for all customers about permissions adjustment, which provides intensified safety and doesn't result in any functional limitation in the script.

12-01-2009, 12:53 PM	#1
czarina Webmaster Extraordinaire Industry Role: Join Date: Jul 2002 Location: A beautiful beach... Posts: 10,745	AWiz users: beware of trojan! there's a trojan going around that attaches itself to pages via Awiz, thanks to the not-so-brilliant idea of Awiz' programmers to have all files chmoded to 777. The cron functionality of Awiz will NOT stop it, but it'll notify you of any changes made to your scripts, so you should get the cron setup. So far there's no real way to stop this trojan from spreading unless you change the chmod of your files, in which case AWiz functionality will be limited. What a PAIN IN THE BUTT!

12-01-2009, 01:12 PM	#2
DavieVegas Confirmed User Industry Role: Join Date: Jun 2004 Location: Las Vegas Posts: 6,116	WTF u serious? Cant the Awiz guys fix this??? Its there script. __________________ SKYPE#: davievegas - email: ddmedia702[at]mail[.]com

12-01-2009, 01:22 PM	#3
GrouchyAdmin Now choke yourself! Industry Role: Join Date: Apr 2006 Posts: 12,085	Why the hell should any piece of software rely on files being 777? __________________ AIM: GrouchyGfy

12-01-2009, 02:44 PM	#5
fatfoo ICQ:649699063 Industry Role: Join Date: Mar 2003 Posts: 27,763	We'll burn Troy with the Trojan Horse. All aboard !!! Joking. __________________ Send me an email: [email protected]

12-21-2009, 10:20 AM	#11
nata25 Confirmed User Join Date: Feb 2002 Posts: 240	No answer from czarina - OK, I found her ticket myself. Just a few short points: 1) aWIZ is not a firewall or antivirus to remove viruses/trojans - it is still CMS, however probably the only CMS who can detect known and unknown viruses/trojans (heuristics analysis) and notify the user for further actions. czarina never activated this protection, so no comments why she were blind in aWIZ areas. 2) in reality aWIZ provides an unique line of methods of EXTRA protection&safety which are not provided by most other scripts. Particulary aWIZ provides blocking of any kind of injections, so server couldn't be infected THROUGH aWIZ. In czarina's case never were proved (and I suppose even not investigated) that trojan were injected right through aWIZ. 3) CHMOD 777 is required by default to get to script the rights to work with the files, BUT it is absolutely not enough to inject the trojan. It is fact. 4) Anyway, CHMOD 777 can be changed to more secure ones if customer need it and asks us. Particulary chazina got such explanation in 8 minutes after she submitted her ticket. However since her hoster were unable to put one line onto the cron (as she said) - we suppose that permissions readjustment were all the more the task beyond their strength. 5) In given case we suppose took place quite rare combination of some other hole-ridden script (which were hacked) and CHMOD 777 at aWIZ area where trojan were placed. Sadly that all czarina's anger pointed to aWIZ, not to this unknown script or to dull hoster... But it's her right. As anyone see that no other complaints about trojans with aWIZ at this thread, on this board or at any other boards WorldWide - we suppose that this particular case requires attention, but is not a reason for hysterics to all the world In any case here are a few simple recommendations for other scripts users (not only aWIZ): a) use phpsu apache mode, it solves the question of CHMOD 777 and actually now it is used by half hosters worldwide by default. b) set even simple free firewall onto the server - it will block all harmful activity in both directions c) if you are aWIZ user and hasn't "a" and "b" and are worry about safety of OTHER scripts on your server - contact us and we will explain how to avoid CHMOD 777. __________________ Web Design ~ Paysite Software ~ Cash STABILITY & RESPONSIBILITY: OVER 15 YEARS IN THE INDUSTRY

12-01-2009, 04:01 PM	#6
czarina Webmaster Extraordinaire Industry Role: Join Date: Jul 2002 Location: A beautiful beach... Posts: 10,745	I have been in contact with the Awiz people in the last few weeks and they didn't offer any help, other than "setup your cron correctly". These people have horrible customer service and they always seem to be in a bad mood. The software itself is not too bad for the price, but the fact that the files have to be chmoded to 777 simply s*cks!

12-01-2009, 04:20 PM	#7
Shoplifter Richest man in Babylon Industry Role: Join Date: Jan 2002 Location: Posts: 10,002 Posts: 5,695	Oh wow and we were just testing Awiz out. Bump for the other sides comments.

12-02-2009, 01:42 AM	#8
nata25 Confirmed User Join Date: Feb 2002 Posts: 240	to czarina: your message is very strange. First of all please specify your aWIZ licensed domain. Then we will check all correspondence with you and will post here more detailed comments. In any case for now I can say that at least during latest year we never got any customers requests about trojans problems which has been responded with suggestion of just to adjust cron.

12-03-2009, 03:07 AM	#10
nata25 Confirmed User Join Date: Feb 2002 Posts: 240	Dear czarina, will you be so kind to answer to my question and help us to make the situation clear for everyone? I sincerely hope this topic will not look like a groundless attempt of blackPR against aWIZ like it looks for now.

03-01-2010, 07:37 PM	#14
Shoplifter Richest man in Babylon Industry Role: Join Date: Jan 2002 Location: Posts: 10,002 Posts: 5,695	I thought the vulnerability was recently patched..

03-02-2010, 01:14 AM	#15
nata25 Confirmed User Join Date: Feb 2002 Posts: 240	The vulnerability was patched once it was defined and investigated. Also at Dec 2009 on aWIZ board was published detailed recommendations for all customers about permissions adjustment, which provides intensified safety and doesn't result in any functional limitation in the script.