Unauthorized deposit in hyrax repository

[Scott Kushner]

Has anyone had an authorized deposit in their repository? 

I don't know how the person registered and deposited a php file in my 

Hyrax repo..it's kind of freaking me out. Not sure what to do but to try and install

Google Captcha v.3

Any recommendations would be greatly appreciated. 

Thanks,

[Benjamin Armintor]

Scott,

Any site that allows arbitrary account creation will see activity like this - if account creation is generally open but you don't intend it to be, something like Captcha or email verification would be good first steps. I'm pretty sure Hyrax uses the Devise library for user accounts - I recommend looking into the documentation for that library and exploring the "confirmable" behaviors (and maybe limiting email by domain). I believe the current docs are at https://github.com/heartcombo/devise/wiki/How-Tos (with apologies to Hyrax folks if I'm misrepresenting!).

You'll be able to see some metadata about the depositing account in the database, too. If you're concerned about a possible security issue in Hyrax, we should diagnose that off-list so that the maintainers can respond appropriately - but in this case I strongly suspect that a script scanning for account creation pages dumped a Wordpress-related file into an upload form (I was able to create an account a post the stub code for a Hyrax user).

- Ben 

--
You received this message because you are subscribed to the Google Groups "samvera-community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to samvera-commun...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/samvera-community/325f673b-28fb-47e5-8ce9-2b21a64c0aaan%40googlegroups.com.

[Scott Kushner]

Thanks, Ben..

   I know that if you leave it open, you will get a lot of spambots trying to make fake accounts to register, but this guy actually registered himself as a user and 

DEPOSITED a file in our repository...I'm not sure how that happened...???

That's not supposed to happen, as far as I know...

Is this something that you have seen before? 

Thanks

[Benjamin Armintor]

Not in a Hyrax repository, but yes: in public facing contexts that accept file uploads (running the gamut from reader comment systems to blogs to collection sites), I have seen malicious PHP uploads (some of which I expect are scripted) and also image uploads to create the appearance of a defaced site. It's worth noting that if it actually is a person deliberately uploading something, the captcha won't have a mitigating effect.

- Ben

To view this discussion on the web visit https://groups.google.com/d/msgid/samvera-community/62b3880a-ff8d-4248-bcdc-df492fcaf14an%40googlegroups.com.

[Benjamin Armintor]

I just want to follow up here with a link to the community page for reporting a potential security issue, if your investigation suggests that there is a problem: https://samvera.atlassian.net/wiki/spaces/samvera/pages/408722314/Report+a+security+vulnerability

- Ben