[TYPO3] Getting site running after Hacked
klaus brinch
klaus at hafnius.dk
Thu Jul 20 05:25:21 CEST 2006
Hi
not an expert on this but three points on the subject.
1. use this as an opportunity to install Typo3 4.0. 3.8.0 had security
problems that was dealt with in 3.8.1.
2. most of the times Its the webserver running Typo3 that is the entry
point for the hacker - not Typo3 in itself.
3. Make sure that your host informs you how the bad guys got in and
takes steps to prevent it in the future.
more experienced ppl will chime in...
Greets, Klaus b
Ian Fish skrev:
> Hello all,
>
> One of my sites has been hacked.
>
> I am not an experienced typo3 or linux user, although I have learnt
> enough (with the communities help) to set up typo3 and a few sites on a
> linux virtual server.
> I am running version 3.8.0 installed via Fantastico
> When the site was hacked I couldn't get in to the typo3 backend, but
> could still ftp to the site.
> I found the following amended files:
>
> www/typo3/index_re.php
> www/typo3/index.php
> www/typo3/index.htm
> www/typo3/index.html
> www/typo3/t3lib/index.html
> www/typo3_src/t3lib/index.html
> www/typo3_src/tslib/index_ts.php
> www/typo3_src/tslib/index.html
>
> I have replaced these files with backups.
>
> There may be others, for example in the folder www/typo3_src there are 2
> folders called showpic.php and index.php that were amended about the
> same time the hack happened, I can't view or download these folders.
>
> The site is now accessible, and I can log on to the backend, however I
> can only access the page and list views in the backend, the other pages
> load the hacked site in the main view window.
>
> How can I get the site running again?
> What do I need to do to stop the site from being hacked again?
> Any other advice?
>
> Regards,
> Ian Fish
More information about the TYPO3-english
mailing list