[TYPO3-dev] major security problem --> hacking of TYPO3 sites may be possible
Andreas Balzer
eMail at andreas-balzer.de
Sun Apr 30 22:17:02 CEST 2006
Dmitry Dulepov schrieb:
> Hi!
>
> I have to agree with Michael.
>
> Andreas Balzer wrote:
>> At least it's the XAMP server available on TYPO3..
>
> XAMP is a convinient package but not a thing you want to use in production.
it's only installed as a dev server @ home
>> P.S.: I do not want to "blame" anyone, but it's very frustrating if you
>> see a message "you've got hacked" not only on your website, but also on
>> a windows command shell that was opend by a script that was uploaded to
>> fileadmin..
>
> Well, if you are system administrator, you must understand what you are
> doing. Looks like one of your BE users hacked your site. Am I right?
I'm only a student but the one who hacked my dev server is none of my BE
users. I only had to give him access to my server (just portopening for
8080), but typo3 was not listed on any site and he did not have a user
account (and of course, all passwords weren't default). After 10 minutes
he found typo3 somehow and hacked it.. I'll see tomorrow how he did it..
More information about the TYPO3-dev
mailing list