Joomla 5 Mitteilung

Wir freuen uns mitteilen zu können, dass seit dem 29. Januar 2024 alle unsere Joomla Erweiterungen mit Joomla 5 kompatible sind.

Für alle die gerade noch von Joomla 3 auf 4 aktualisieren: Anleitungen für die Joomla 4 Migration gibt es hier:

Es gibt nun auch eine eigenständige Dokumentation für Visforms für Joomla 4 und für Visforms auf Joomla 5

Forum

Visforms Subscription Inhaber können in unserem Forum Fragen stellen. Bitte mit dem entsprechenden Benutzer anmelden.
Jeder kann lesend auf das Forum zugreifen.

Bitte stellen Sie nur 1 Frage pro Thema.

Wichtig Angaben für fast jede Frage:
V1: Welche Visforms-Version läuft?
V2: Welche Joomla-Version läuft?
V3: Welche PHP-Version läuft?

Aufgrund von Feiertagen und Urlaub ist bei Anfragen im Forum in der Zeit vom 20. Dezember 2024 bis zum 8.Januar 2025 mit verlängerten Antwortzeiten zu rechnen.

Cloud-tool mySites.guru detects vistools and vfsubscription as hack

Mehr
5 Jahre 1 Monat her #6441 von pwouda
Hi,

This week I have a subscription on mySites.guru, a tool that makes it easy to keep track of updates of multiple Joomla-sites.
It also checks if there are vulnarabilitys in the code. There are three files form Visforms that are marked as vulnarable:
/administrator/components/com_visforms/controllers/vistools.php
/administrator/components/com_visforms/models/vistools.php
/administrator/manifests/packages/vfsubscription/script.php

See also:

Do you know about this vulnarability and is there a way for you to prevent this?

Best regards,
Peter

Peter Wouda
Noordoost.nl
www.noordoost.nl

Mehr
5 Jahre 1 Monat her #6442 von Administrator AV
Hi Peter,

thank you very much for providing this interesting information based on your test results!
The short test results list tells me, that there is no hack and no vulnerability found in visForms at all.
This is good news, but also no unexpected news because we do have quite an IT security expert in our team!

Just to correctly quote your test results: The files are not 'marked as vulnerable' but marked as 'suspect content'.
You do realize that all the 5 listed suspected contents are simply about the naming of PHP code variables and functions?
It seems to me that they are all motivated by the harmless occurrence of the same literals most likely 'redirectmail', which is basically what the code was written for.

Here is a tiny question to you:
Should I avoid having readable Code in order to not get listed as 'Suspect Content' in any static code inspection tool there is?

As a matter of facts, visForms has never been on any vulnerable extensions list.
A static code analysis tool, which you have at your service now, is definitively part of any meaningful security tool stack.
But when it comes to real professional high-quality site security, there is nothing that can replace actual live site Penetration Testing (PT).

We do provide to our project customers individual Cyber Security Checks including the mentioned live site Penetration Tests, Page Speed Optimization, Page Diagnostic and General Optimizations.
In case you need any of these, just have a short look at our company web site (Home, About us) and feel free contacting us.

Best Regards,
Aicha

:idea: I recommend you the new and up-to-date documentation for Joomla 4:
docs.joomla-5.visforms.vi-solutions.de/en/docs/
Most of this also applies retrospectively to Joomla 3.
Please only ask 1 question per topic :-).

:idea: Ich empfehle Dir die neue und aktuelle Dokumentation für Joomla 4:
docs.joomla-5.visforms.vi-solutions.de/docs/
Das meiste gilt rückwirkend auch für Joomla 3.
Bitte immer nur 1 Frage pro Thema stellen :-).

Mehr
5 Jahre 1 Monat her #6445 von pwouda
Hi Aicha,
You are right about the 'suspect content'. Looking further in detail Mysites.guru marks every base64_decode as suspect. Not only in your code, but also in Hikashop and other extensions.

I will contact MySites if there is a way for me to mark these files as 'save'.
Thanks for the quick and accurate response!

Best regards,
Peter

Peter Wouda
Noordoost.nl
www.noordoost.nl

Moderatoren: Administrator AVAdministrator IV
Powered by Kunena Forum