[Typo3] my web site appears to have been hacked
Eric Blom
ericb at piap.com
Tue Dec 20 08:23:32 CET 2005
It looks like I may have been the victim of the config.baseURL exploit.
http://typo3.org/teams/security/security-bulletins/typo3-20051114-6/
Does anyone know what the proper way to clean up after this is?
Thank you,
Eric
On Dec 19, 2005, at 10:24 PM, Eric Blom wrote:
> My web site appears to have been hacked today. All of my links were
> redirected to www.sina.com.cn. Looking at the HTML source of my home
> page I see that
> <base href="http://www.sina.com.cn/" />
> <style type="text/css">
> has been added after the Typo3 notice but before the CDATA statement.
> See clip below. My question is where would this kind of modification
> be made? Some where in the template setup? I did a full search of my
> MySQL data base looking for www.sina.com and found one match in my
> cache_pages table.
>
> I'm running 3.8.0. I know there is a 3.8.1 out -- I was waiting for
> the holiday break to upgrade :-(
>
>
>
> <meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1" />
>
> <!--
> This website is brought to you by TYPO3 - get.content.right
> TYPO3 is a free open source Content Management Framework created by
> Kasper Skaarhoj and licensed under GNU/GPL.
> TYPO3 is copyright 1998-2005 of Kasper Skaarhoj. Extensions are
> copyright of their respective owners.
> Information and contribution at http://www.typo3.com
> -->
>
> <base href="http://www.sina.com.cn/" />
> <style type="text/css">
> /*<![CDATA[*/
> <!--
>
> Regards,
> Eric
>
> _______________________________________________
> Typo3-english mailing list
> Typo3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list