I have received 3 contact form requests through an umbraco 7.10.4 website from what appears to be a spam bot indicating some type of ransomwear:
"Hey. Soon your hosting account and your domain [website] will be blocked forever, and you will receive tens of thousands of negative feedback from angry people.
Here is a list of what you get if you don’t follow my requirements:
+ abuse spamhouse for aggressive web spam
+ tens of thousands of negative reviews about you and your website from angry people for aggressive web and email spam
+ lifetime blocking of your hosting account for aggressive web and email spam
+ lifetime blocking"
1) Is there any security concern regarding the umbraco 7.10.4 release?
2) Are there any preventative measures I can take to avoid any issues like this? I have heard about umbraco cloud, but I'm not sure if it will make the website not function smoothly since the current website is being hosted on a Windows server configuration in IIS.
Security Issue? Ransomwear
Hi there,
I have received 3 contact form requests through an umbraco 7.10.4 website from what appears to be a spam bot indicating some type of ransomwear:
"Hey. Soon your hosting account and your domain [website] will be blocked forever, and you will receive tens of thousands of negative feedback from angry people.
Here is a list of what you get if you don’t follow my requirements: + abuse spamhouse for aggressive web spam + tens of thousands of negative reviews about you and your website from angry people for aggressive web and email spam + lifetime blocking of your hosting account for aggressive web and email spam + lifetime blocking"
1) Is there any security concern regarding the umbraco 7.10.4 release? 2) Are there any preventative measures I can take to avoid any issues like this? I have heard about umbraco cloud, but I'm not sure if it will make the website not function smoothly since the current website is being hosted on a Windows server configuration in IIS.
Have a read of this post. It tells you about a much needed update to Client Dependency.
https://umbraco.com/blog/security-advisory-patch-for-your-site-is-now-available/
I have. For some reason I cannot get into that back end admin console after making the manual change. Any ideas?
On top of making sure you patch client dependency I'd also suggest adding a recaptcha to your form to reduce the likelihood of bots spamming it.
If the form in question is an Umbraco Form then there should already be an option to add a ReCaptcha as a form field.
This is already implemented.
When you say you cannot get into the back end admin console, what are you seeing? Are you receiving an error message? a blank screen?
Have you tried clearing out the client dependency folders/cache/cookies etc?
Sorry, this was a server issue where the server was blocking the IP address I was using.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.