[TYPO3-english] Typo3 4.5.2 Pharma Hack
fsu-lists at cobweb.ch
Wed May 2 12:45:48 CEST 2012
> you should get all infos you need from
In particular look at the detect/analyze chapter:
This will give you hints about what code to look for inside the source
code to track corrupted files. Very likely candidates are the
localconf.php and index.php files.
But most importantly read the part about isolating the site. As long as
you haven't found all entry points (and the origin of the attack (very
like a SQL injection)), removing one is useless, the cracker will just
use another one or use the same attack to gain access again.
Cobweb Development Sarl - http://www.cobweb.ch
More information about the TYPO3-english