Kentico unsupported versions might be at risk

Disclaimer

Currently, we are not aware of any security issues in supported versions. All known security issues have been fixed within the latest hotfixes.

How can you verify if your (obsolete) website is safe?

We observed that attackers can inject new or edit existing handlers which return different responses based on the User-Agent HTTP header. To test if your website is affected, try to run a GET request to your website and change the "User-Agent" HTTP header to "Googlebot". If your website returns HTML code with any unknown links then it is most likely compromised.

What are the mitigation steps?

The only solution to secure your website is to upgrade to the latest supported version and apply the latest hotfix.

In the meantime you can try to:

• look for files which are not part of the default installation or your custom code → delete them. Typically it could be files named like WebPartZone.ashx, help.aspx, etc.

• look for any findings in the antivirus installed on the server

• look for any suspicious activities in the IIS logs (e.g. calling SyncServer.asmx requests)

• restore the website from the last safe backup

• separate obsolete websites on the server - it is highly recommended to separate supported Kentico versions from unsupported versions. Why? If an outdated instance is compromised, usually all instances on the same server are compromised too.

Takeaways

A few months ago, Kentico posted a blog post on how to prevent the devastating impact of a data breach. Kentico promptly reacts to any reported security issues and releases hotfixes regularly every week. Upgrading to the latest supported version (hotfix) is up to clients and their implementation agency. Don’t wait until something bad happens, keep your websites safe and upgrade them.