[Typo3] my web site appears to have been hacked

stefano cecere scecere at krur.com
Tue Dec 20 10:56:52 CET 2005 

I have been hacked like this 2 times, this summer.

yes the problem was the config.baseURL bug.

just clear all the caches after fix config.baseURL = www.domainname.xxx

-- 
stefano cecere
www.krur.com



Eric Blom wrote:
> It looks like I may have been the victim of the config.baseURL exploit.
> 
> http://typo3.org/teams/security/security-bulletins/typo3-20051114-6/
> 
> Does anyone know what the proper way to clean up after this is?
> 
> Thank you,
> Eric
> 
> 
> 
> On Dec 19, 2005, at 10:24 PM, Eric Blom wrote:
> 
>> My web site appears to have been hacked today. All of my links were
>> redirected to www.sina.com.cn. Looking at the HTML source of my home
>> page I see that
>>         <base href="http://www.sina.com.cn/" />
>>         <style type="text/css">
>> has been added after the Typo3 notice but before the CDATA statement.
>> See clip below. My question is where would this kind of modification
>> be made? Some where in the template setup? I did a full search of my
>> MySQL data base looking for www.sina.com and found one match in my
>> cache_pages table.
>>
>> I'm running 3.8.0. I know there is a 3.8.1 out -- I was waiting for
>> the holiday break to upgrade :-(
>>
>>
>>
>>     <meta http-equiv="Content-Type" content="text/html;
>> charset=iso-8859-1" />
>>
>> <!--
>>     This website is brought to you by TYPO3 - get.content.right
>>     TYPO3 is a free open source Content Management Framework created by
>> Kasper Skaarhoj and licensed under GNU/GPL.
>>     TYPO3 is copyright 1998-2005 of Kasper Skaarhoj. Extensions are
>> copyright of their respective owners.
>>     Information and contribution at http://www.typo3.com
>> -->
>>
>>     <base href="http://www.sina.com.cn/" />
>>     <style type="text/css">
>>         /*<![CDATA[*/
>>     <!--
>>
>> Regards,
>> Eric
>>
>> _______________________________________________
>> Typo3-english mailing list
>> Typo3-english at lists.netfielders.de
>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>

More information about the TYPO3-english mailing list