Auto removal of malicious N.I.S. Code?

Jens · **Joined:** Sun Oct 17, 2004 9:47 pm **Posts:** 2505

As so many users of cmsimple use Norton Internet Secruity and experience the "Stack Overflow" that is caused by javascript inserted from N.I.S., would it not be an idea to auto-remove that code on save?

(The newest Version of Zone Alarm Pro does also cause Problems)

If not, Peter, you should make it very clear that cmsimple is not compatible with Norton Internet Secruity. Best thing would be to write it in big letters next to the download links!

johnjdoe · **Joined:** Thu Jun 12, 2003 7:05 am **Posts:** 729

Jens wrote:

(The newest Version of Zone Alarm Pro does also cause Problems)

I don't have problems or I don't see them. What kind of problems do you mean, Jens?

Jens · **Joined:** Sun Oct 17, 2004 9:47 pm **Posts:** 2505

it insertes some javascript after some links, and adds to iframes some "destroy code"

johnjdoe · **Joined:** Thu Jun 12, 2003 7:05 am **Posts:** 729

Jens wrote:

it insertes some javascript after some links, and adds to iframes some "destroy code"

Ah, just when editing? If so, with all editors or only under some circumstances?

harteg · **Posted:** Wed Sep 28, 2005 10:18 pm

Are you sure there is only one pattern to match - maybe there are different versions?

Jens · **Joined:** Sun Oct 17, 2004 9:47 pm **Posts:** 2505

All Sites i have seen had the same Code, but there could be others. I will collect these Codes and send them to you.

djot · **Posted:** Thu Sep 29, 2005 7:05 pm

-
I think Norton ads the code AFTER it was delivered by the server, so you can't remove it.

djot
-

harteg · **Posted:** Fri Sep 30, 2005 8:20 am

djot - I don't think you are right - it is inserted by the client, as far as I know ... or am I mistaken?

Are anybody having it installed and wanting to do some testing for me?

djot · **Posted:** Fri Sep 30, 2005 2:27 pm

-
I said, the CMSimple page is delivered by the server already, and then Norton ads the code on clientside. So you can't write servercode to remove the Norton code.

djot
-

Jens · **Joined:** Sun Oct 17, 2004 9:47 pm **Posts:** 2505

Sure the code is inserted on the client, but when CMSimple rewrites to the Content.htm, it could filter out that code.

Thats how it gets into the pages, it happens when using the Editor on a PC where NIS is installed.

harteg · **Posted:** Fri Sep 30, 2005 4:52 pm

$c[$s]=preg_replace("/<h[1-3][^>]*>(\ | )?<\/h[1-3]>/i","",stripslashes($text));

in cms.php should be changed to something like

$c[$s]=preg_replace("/[NIS PATTERN]/i","",preg_replace("/<h[1-3][^>]*>(\ | )?<\/h[1-3]>/i","",stripslashes($text)));

harteg · **Posted:** Fri Oct 07, 2005 7:18 am

This seems to work:

Code:

$c[$s]=preg_replace("/<script.*?SymWinOpen.*?script>/si","",preg_replace("/<h[1-3][^>]*>(\&nbsp;| )?<\/h[1-3]>/i","",stripslashes($text)));

harteg · **Posted:** Wed Oct 12, 2005 8:38 pm

Well, seems like there is other codes inserted by other versions - this was a quick fix inserted in the template to remove it from output:

Code:

<?php echo preg_replace("/<script.*?SymRealWinOpen.*?script>/si","",content());?>

Archived CMSimple Support Forum

Auto removal of malicious N.I.S. Code?

Who is online