[Typo3] my web site appears to have been hacked

Eric Blom ericb at piap.com
Tue Dec 20 17:38:09 CET 2005 

Thanks Stefano, I've taken your advice.

What was the hole that was exploited twice at your site?

Cheers,
Eric

On Dec 20, 2005, at 1:56 AM, stefano cecere wrote:

> I have been hacked like this 2 times, this summer.
>
> yes the problem was the config.baseURL bug.
>
> just clear all the caches after fix config.baseURL =  
> www.domainname.xxx
>
> -- 
> stefano cecere
> www.krur.com
>
>
>
> Eric Blom wrote:
>> It looks like I may have been the victim of the config.baseURL  
>> exploit.
>>
>> http://typo3.org/teams/security/security-bulletins/typo3-20051114-6/
>>
>> Does anyone know what the proper way to clean up after this is?
>>
>> Thank you,
>> Eric
>>
>>
>>
>> On Dec 19, 2005, at 10:24 PM, Eric Blom wrote:
>>
>>> My web site appears to have been hacked today. All of my links were
>>> redirected to www.sina.com.cn. Looking at the HTML source of my home
>>> page I see that
>>>         <base href="http://www.sina.com.cn/" />
>>>         <style type="text/css">
>>> has been added after the Typo3 notice but before the CDATA  
>>> statement.
>>> See clip below. My question is where would this kind of modification
>>> be made? Some where in the template setup? I did a full search of my
>>> MySQL data base looking for www.sina.com and found one match in my
>>> cache_pages table.
>>>
>>> I'm running 3.8.0. I know there is a 3.8.1 out -- I was waiting for
>>> the holiday break to upgrade :-(
>>>
>>>
>>>
>>>     <meta http-equiv="Content-Type" content="text/html;
>>> charset=iso-8859-1" />
>>>
>>> <!--
>>>     This website is brought to you by TYPO3 - get.content.right
>>>     TYPO3 is a free open source Content Management Framework  
>>> created by
>>> Kasper Skaarhoj and licensed under GNU/GPL.
>>>     TYPO3 is copyright 1998-2005 of Kasper Skaarhoj. Extensions are
>>> copyright of their respective owners.
>>>     Information and contribution at http://www.typo3.com
>>> -->
>>>
>>>     <base href="http://www.sina.com.cn/" />
>>>     <style type="text/css">
>>>         /*<![CDATA[*/
>>>     <!--
>>>
>>> Regards,
>>> Eric
>>>
>>> _______________________________________________
>>> Typo3-english mailing list
>>> Typo3-english at lists.netfielders.de
>>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>>
>
> _______________________________________________
> Typo3-english mailing list
> Typo3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english

More information about the TYPO3-english mailing list