• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

My server has been hacked because of use of eval

Status
Not open for further replies.
A

alnadabi

Chevereto Member
Hi there,
My server running Chevereto under one of my websites.
Two weeks ago , I found an injected malware through using eval() function.
after working with the case with more than 2 days ... my host provider advised me to install SUHOSIN in my server . So this will prevent to get any similar attack in the future, but this caused to block the use of eval in all website in my server.

My problem is , I cannot get my chevereto working now !!! Error message shows :

Fatal error: SUHOSIN - Use of eval is forbidden by configuration in /home/xxxxxx/public_html/lib/G/classes/class.handler.php(247) : eval()'d code on line 1

Any solution to get script working without use of eval ??

Thank you
 
Last edited:
Impossible to use the script without eval because the eval function is used to bind dynamic route variables and conditionals to template tags, and is used only by the G\ core.

You should tell them to send me an email with the details of their findings so I can have a look. inbox@chevereto.com
 
Thank you for quick replay,

The code which was injected attacks my server by the use of the construct eval(base64_decode

My host advised to block : eval function as this is the most used way to inject malwares in the targeted websites ... but after reading some articles, I found that we can use blacklist to block : base64_encode, base64_decode

So I managed to black list that functions ... by adding the following line in my PHP.ini :

Code: 
suhosin.executor.eval.blacklist =  fpassthru,base64_encode, base64_decode, mail, exec, system, proc_open, leak, syslog, pfsockopen, shell_exec, ini_restore, symlink, stream_socket_server, proc_nice, popen, proc_get_status, dl, pcntl_exec, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, socket_accept, socket_bind, socket_connect, socket_create, socket_create_listen, socket_create_pair, link, register_shutdown_function, register_tick_function


and now the script working fine ... hope this will help others in some how .

Thank you again.
 
Last edited:
Status
Not open for further replies.
Back
Top