Liferay 7.1.2 GA2 - targeted by malwareLiferay 7.1.2 GA2 - targeted by malwarehttps://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=1190614972026-04-04T13:22:27Z2026-04-04T13:22:27ZRE: Liferay 7.1.2 GA2 - targeted by malwareDominik Markshttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190738632020-04-30T15:22:48Z2020-04-30T15:22:48Z<div class="quote-title">Davide del Vecchio:</div><blockquote><br />Thank you, last question (I hope):<br />If I use the binary in the comments, what I need to do is just replace the tomcat and osgi folder?</blockquote><br />Yes, you just have to unzip the provided patches into your installation, overwriting every file found. The server should be stopped before. Afterwards it is recommended to clear some directories, so that no cached files or cached settings cause problems. That means, clear the following directories (if present):<br /><br /><ul style="list-style: disc outside;"><li>bundles\osgi\state</li><li>bundles\tomcat-9.0.17\temp</li><li>bundles\tomcat-9.0.17\work</li><li>bundles\work</li></ul>Dominik Marks2020-04-30T15:22:48ZRE: Liferay 7.1.2 GA2 - targeted by malwareChristoph Rabelhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190763922020-04-30T13:58:51Z2020-04-30T13:58:51ZI think, you use the wrong term here. At least for me CORS means "Cross-Origin Resource Sharing". CORS has nothing to do with this.<br />But allowing only certain IPs to access /api/jsonws should work, since attackers would have to attack from those IPs. Of course, it would still be best to really patch the issue.Christoph Rabel2020-04-30T13:58:51ZRE: Liferay 7.1.2 GA2 - targeted by malwareDavide del Vecchiohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190756862020-04-30T13:13:20Z2020-04-30T13:13:20Z<p>What if I set CORS (for specific IPs that I need) instead of shutting down all the API ?</p>Davide del Vecchio2020-04-30T13:13:20ZRE: Liferay 7.1.2 GA2 - targeted by malwareDavide del Vecchiohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190753342020-04-30T13:11:39Z2020-04-30T13:11:39ZThank you, last question (I hope):<br />If I use the binary in the comments, what I need to do is just replace the tomcat and osgi folder?Davide del Vecchio2020-04-30T13:11:39ZRE: Liferay 7.1.2 GA2 - targeted by malwareChristoph Rabelhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190660252020-04-29T06:58:31Z2020-04-29T06:58:31ZYes. You need to create the binary patches too (or download them from the blogpost, Dominik Marks has provided links in the comments)Christoph Rabel2020-04-29T06:58:31ZRE: Liferay 7.1.2 GA2 - targeted by malwareDavide del Vecchiohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190656712020-04-28T21:10:30Z2020-04-28T21:10:30ZSo updating to GA4 doesn't solve it?<br />I need to create binary patches too?<br />Unfortunately I need to use jsonws.Davide del Vecchio2020-04-28T21:10:30ZRE: Liferay 7.1.2 GA2 - targeted by malwareChristoph Rabelhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190628162020-04-28T18:43:58Z2020-04-28T18:43:58ZDominik Marks has already posted a link to his post "Creating Liferay Security Binary Patches".<br />Another way to protect your system is to block access to /api/jsonws completely. Please note that this could affect some functionality e.g. it isn't possible to select categories for content anymore afterwards. But if you don't need that and you have already a reverse proxy in front of Liferay, it is pretty easy to do that.Christoph Rabel2020-04-28T18:43:58ZRE: Liferay 7.1.2 GA2 - targeted by malwareDavide del Vecchiohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190622082020-04-28T14:15:25Z2020-04-28T14:15:25ZThanks for the reply, i'm triying right now to upgrade to 7.1.3 GA4.<br /><br />"apply the latest security patches"<br />How is it done?Davide del Vecchio2020-04-28T14:15:25ZRE: Liferay 7.1.2 GA2 - targeted by malwareDominik Markshttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190618632020-04-28T14:09:10Z2020-04-28T14:09:10ZHello Davide,<br /><br />if you can you should upgrade to the latest Liferay version. If not, consider updating to the latest GA of 7.1 (which is 7.1.3 GA4) and apply the latest security patches.<br /><br />The Liferay versions which are affected by the current exploit are mentioned in this blog post: <a href="https://liferay.dev/blogs/-/blogs/security-patches-for-liferay-portal-6-2-7-0-and-7-1">https://liferay.dev/blogs/-/blogs/security-patches-for-liferay-portal-6-2-7-0-and-7-1</a><br /> <br />Also consider my own blog post on how to create binary patches for the source code patches mentioned in the blog post above: <a href="https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches">https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches</a>Dominik Marks2020-04-28T14:09:10ZLiferay 7.1.2 GA2 - targeted by malwareDavide del Vecchiohttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1190614962020-04-28T13:30:34Z2020-04-28T13:30:34ZHello,the server where the portal is running is getting targeted by a cryptocurrency malware (should I share the name?).<br />Can someone help me?What can I do to prevent this, where can I look?<br />Upgrading to a more recent version like GA4 can solve the prbolem or should I go with something newer like 7.2 or 7.3?<br /><br />Please helpDavide del Vecchio2020-04-28T13:30:34Z