Go to main content

Navigation menu

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » Archives
  3. » site attacked

Pages: 1

#1 2008-02-07 15:31:00

mwillse
Member
From: brooklyn, ny
Registered: 2006-06-26
Posts: 83
Website

site attacked

hello,

I found the following what I’d guess is a tracker at the bottom of index.php for a site I put up last year running txp 4.0.5.

A <?php echo(' - - - '); ?> entry after the proper stuff.

The site also ran a PunBB forum which was attacked. We upgraded the forum within 24hrs without a problem. Is it possible that someone altered txp’s index.php thru the forum?

The site is making an important announcement yesterday/today and tomorrow. I’m hesitant to bring the site down to upgrade to 4.0.6. Is it at risk??

thanks…

Last edited by mwillse (2008-02-07 21:49:50)

theCoup.org

Offline

#2 2008-02-07 15:43:39

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,200
Website GitHub Mastodon Twitter

Re: site attacked

Reporting security issues

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#3 2008-02-07 15:53:37

mwillse
Member
From: brooklyn, ny
Registered: 2006-06-26
Posts: 83
Website

Re: site attacked

sorry about that. thanks. sending info to the correct place now. should I delete my original post?

theCoup.org

Offline

#4 2008-02-07 16:05:50

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,200
Website GitHub Mastodon Twitter

Re: site attacked

It might be a good idea:)

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#5 2008-02-07 16:11:41

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: site attacked

You’ll have to reinstall the files anyway, because checksums.txt can also be changed, so you can’t rely on diagnostics to see if the files are not tampered with. I’d recommend upgrading to 4.0.6.

I found this after Googling a bit.

Offline

#6 2008-02-07 16:35:41

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,200
Website GitHub Mastodon Twitter

Re: site attacked

The only plugins which I found – at least in my install- that they need upgrading are rss_admin_db_manager and stm_javascript

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#7 2008-02-07 21:58:42

mwillse
Member
From: brooklyn, ny
Registered: 2006-06-26
Posts: 83
Website

Re: site attacked

thanks ruud and colak for the feedback. things are stable and it doesn’t seem like anything else was corrupted. i’ll upgrade after hours or this weekend…

theCoup.org

Offline

#8 2008-02-12 19:38:54

mwillse
Member
From: brooklyn, ny
Registered: 2006-06-26
Posts: 83
Website

Re: site attacked

update: my problems have in fact continued, even after upgrading to 4.0.6, though I don’t think it’s due to a hole in this version. Send me a message if you want to know what i learned from cleaning this up…

theCoup.org

Offline

Pages: 1

  1. Index
  2. » Archives
  3. » site attacked

Board footer

Powered by FluxBB