Menu
Welcome, Guest
Username: Password: Remember me

TOPIC: Concern for backdoor access

Concern for backdoor access 2 months 1 week ago #87086

  • jpeterson
  • jpeterson's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Hi,

We have recently started using SuiteCRM on our web hosting.

At the time of first using SuiteCRM, we got in touch with a developer (from India) who was given full admin access + cpanel access to the web hosting where SuiteCRM is held.

The developer made bespoke customisations to SuiteCRM as we required.

Following this, we installed a plugin which had a problem so we gave access to our SuiteCRM to the plugin developer to check out the issue.

Since all of this we have changed web hosts/cpanel login password and changed login passwords for admin users of SuiteCRM.



My concern is that something could have been installed on our SuiteCRM by one of the above developers at the time they had access, which allows them to access our content remotely.

Some kind of backdoor access that sends our data or allows them still to connect.

Is there any chance this could be the case? If so, how can I stop this?

Thanks, I appreciate advice any one can give for improving security of SuiteCRM.
The administrator has disabled public write access.

Concern for backdoor access 2 months 1 week ago #87092

  • pgr
  • pgr's Avatar
  • Offline
  • Administrator
  • Posts: 10932
  • Thank you received: 1635
  • Karma: 371
Hi. You would need to audit the changes made, I guess.

Basically

- check users/passwords in SuiteCRM
- check users/passwords in database
- check users/passwords in Linux server (all possible entries - SSH, FTP, Samba, CPanel, whatever services you're running)

- audit file changes. There are nice tools that let you compare what you have to what is the default (secure) SuiteCRM install. These will bring up any changes these developers made. You need to look through them one by one and check them for security.

My SuiteCRM In-depth blog.
Thank you for always stating your SuiteCRM version, checking your logs, reading the Docs, and searching before you ask!
The administrator has disabled public write access.

Concern for backdoor access 2 months 1 week ago #87109

  • ashish@outrightcrm.com
  • ashish@outrightcrm.com's Avatar
  • Offline
  • SuiteCRM Is My Life
  • CTO at outright Systems
  • Posts: 409
  • Thank you received: 46
  • Karma: 5
Simply start tracking IP addresses and block IPs based upon city , location or country.

You may also like to change URL in case you really feel insecure.

Other steps told by @pgr are also very useful.
The administrator has disabled public write access.
Time to create page: 0.033 seconds
Powered by Kunena Forum