[Typo3] our webserver hacked, is typo3 the reason?

Mathias Schreiber [wmdb] mathias.schreiber at wmdb.de
Fri Apr 15 18:47:43 CEST 2005


Rainer (Rene) Suthoelder wrote:
> but how can you say that without further infos?

I can't.
But we had several attacks on our servers by now ranging from portscans 
to distributed denial of service attack with blackmailing for 10.000 euros.
We never had problems with someone trying to hack a server via typo3.
This gives me convidence that typo3 is not the problem.
The original post sounded very much like some sort of "tell me how to 
hack my neighbor".
No clear infos what happened, no symptoms, no information on installed 
typo3 extensions, nothing - just the call for "how do I hack a typo3 
website".

I don't take this seriously because the type of request is highly 
unprofessional.
Securing Typo3 is a job of some minutes - grant backend access via IP 
range or even better via VPN on a different VHost - done...
Check for the extensions you installed and there you go.
Securing a webserver is a totally different thing (and thus does not 
belong here).


-- 
No Subject - No Realname - No Service!
Respect the List/Newsgroup Rules!
  >> http://typo3.org/1438.0.html <<
--------------------------------------
if ($GLOBALS['TSFE']->feuser->data['ahnung'] == 0) {
	$this->fresseHalten = 1;
}



More information about the TYPO3-english mailing list