AWiz users: beware of trojan!
 

there's a trojan going around that attaches itself to pages via Awiz, thanks to the not-so-brilliant idea of Awiz' programmers to have all files chmoded to 777.
The cron functionality of Awiz will NOT stop it, but it'll notify you of any changes made to your scripts, so you should get the cron setup.

So far there's no real way to stop this trojan from spreading unless you change the chmod of your files, in which case AWiz functionality will be limited. What a PAIN IN THE BUTT!

WTF u serious? Cant the Awiz guys fix this??? Its there script.

Why the hell should any piece of software rely on files being 777?

Strange, especially if the program files themselves are 777.

We'll burn Troy with the Trojan Horse. All aboard !!! Joking.

http://www.witiger.com/ecommerce/trojanhorse.jpg

I have been in contact with the Awiz people in the last few weeks and they didn't offer any help, other than "setup your cron correctly".
These people have horrible customer service and they always seem to be in a bad mood.
The software itself is not too bad for the price, but the fact that the files have to be chmoded to 777 simply s*cks!

Oh wow and we were just testing Awiz out.

Bump for the other sides comments.

to czarina: your message is very strange.
First of all please specify your aWIZ licensed domain. Then we will check all correspondence with you and will post here more detailed comments.

In any case for now I can say that at least during latest year we never got any customers requests about trojans problems which has been responded with suggestion of just to adjust cron.

The plot thickens.

Dear czarina, will you be so kind to answer to my question and help us to make the situation clear for everyone? I sincerely hope this topic will not look like a groundless attempt of blackPR against aWIZ like it looks for now.

No answer from czarina - OK, I found her ticket myself. Just a few short points:

1) aWIZ is not a firewall or antivirus to remove viruses/trojans - it is still CMS, however probably the only CMS who can detect known and unknown viruses/trojans (heuristics analysis) and notify the user for further actions. czarina never activated this protection, so no comments why she were blind in aWIZ areas.

2) in reality aWIZ provides an unique line of methods of EXTRA protection&safety which are not provided by most other scripts. Particulary aWIZ provides blocking of any kind of injections, so server couldn't be infected THROUGH aWIZ. In czarina's case never were proved (and I suppose even not investigated) that trojan were injected right through aWIZ.

3) CHMOD 777 is required by default to get to script the rights to work with the files, BUT it is absolutely not enough to inject the trojan. It is fact.

4) Anyway, CHMOD 777 can be changed to more secure ones if customer need it and asks us. Particulary chazina got such explanation in 8 minutes after she submitted her ticket. However since her hoster were unable to put one line onto the cron (as she said) - we suppose that permissions readjustment were all the more the task beyond their strength.

5) In given case we suppose took place quite rare combination of some other hole-ridden script (which were hacked) and CHMOD 777 at aWIZ area where trojan were placed. Sadly that all czarina's anger pointed to aWIZ, not to this unknown script or to dull hoster... But it's her right.

As anyone see that no other complaints about trojans with aWIZ at this thread, on this board or at any other boards WorldWide - we suppose that this particular case requires attention, but is not a reason for hysterics to all the world:)

In any case here are a few simple recommendations for other scripts users (not only aWIZ):
a) use phpsu apache mode, it solves the question of CHMOD 777 and actually now it is used by half hosters worldwide by default.
b) set even simple free firewall onto the server - it will block all harmful activity in both directions
c) if you are aWIZ user and hasn't "a" and "b" and are worry about safety of OTHER scripts on your server - contact us and we will explain how to avoid CHMOD 777.

Your English sucks, but the script rocks! :thumbsup

Sorry to bump an old thread, but what exactly does "AWiz functionality will be limited" mean?
Does that mean it will completely stop working, more or less, or some minor features will
be disabled? If it means disabling minor features, it would be well worth it, IMNSHO.
(In my not so humble opinion).

I thought the vulnerability was recently patched..

The vulnerability was patched once it was defined and investigated. Also at Dec 2009 on aWIZ board was published detailed recommendations for all customers about permissions adjustment, which provides intensified safety and doesn't result in any functional limitation in the script.