Submitted by John T. Haller on February 4, 2012 - 12:44am
Earlier today, a 'possible malware' warning appeared about PortableApps.com within Norton 360, Mozilla Firefox, within Google search results and similar products. This was due to an attempted hack on PortableApps.com via a
Drupal exploit Plesk exploit. No PortableApps.com portable apps, databases, logins, user data, project data or security credentials were compromised. A full security audit was undertaken in the hours after the attempt to ensure nothing else was affected (it wasn't) and additional security measures were implemented to ensure everything keeps on working. The full details follow...
Drupal, the content management system that runs PortableApps.com, released a security update yesterday to deal with this issue. Unfortunately, we did not receive the standard security update notification from Drupal.org to update the site. Compounding the issue, it seems one of the automated scanners that scans websites for this vulnerability was updated to include it before many Drupal sites had been updated.
Update on February 11th: It wasn't Drupal...
The Attempted Exploit (a bit technical)
The Detection and Warnings
Patching and Proactive Security Measures
As soon as the potential security vulnerability was known, the Drupal patch was applied and verified and a full security audit was begun. All files updated within the last 24 hours were verified and the one affected file was removed. We also elected to take extra time and reset all remote login criteria and database access passwords. Although no unauthorized access to any of these systems had been made, we thought it best to err on the side of caution and be absolutely sure that no further issues occur. We then fully cleared the website cache and had it rebuild all 26,000+ pages of PortableApps.com along with all associated files. Finally, full virus scans have been run on all our machines and all have come back clean. If you'd like to err on the side of being extra-cautious, scanning your machine and drive for badware is always a good idea.
Awaiting Warning Removal - (UPDATE: Warnings Removed)
The malware removal systems are much quicker at identifying a potential security risk than in being updated to see a server is confirmed clean, so although the site did not host any malware and is confirmed clean, the Google/Mozilla warning system
is was still showing the site as a possible security issue several hours later. Google was notified that the site was confirmed clean at 4pm NY time today. Symantec has already removed their warning from Norton 360 and shows no issues now. Bing has also removed any warnings.
UPDATE FEB 4 @ 1AM NY TIME: Google has removed PortableApps.com from its potentially suspicious sites list. Mozilla Firefox users no longer see a warning.
Search results in Google still show a warning but this will hopefully be resolved shortly. The Google search result warnings were removed a few hours later.
Google, Feb 4 @ 1AMA review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate.
We've added additional policies to ensure that Drupal security vulnerabilities are addressed much sooner after being announced so we can beat the automated tools to the punch on future vulnerabilities. We've also added additional monitoring to keep an eye on potential threats as they arise as well as implementing faster notifications of admins when this occurs. Finally, we have added in additional paid antivirus scanning and paid automated vulnerability scanning by an industry-leading external party.
On a personal note, I'd like to apologize for any inconvenience or scare this has caused any of our developers and users. We take every precaution to ensure the safety of our apps, data and website, so it's always a bit frightening when something like this occurs, even when the attempted intrusion doesn't fully succeed and apparently hasn't negatively impacted any of our users. We will continue to give our all to ensure you have access to the best, most-secure, most-consistent and fully legal set of portable software in the world for years to come.