[TYPO3-english] Typo3 4.5.2 Pharma Hack

François Suter fsu-lists at cobweb.ch
Wed May 2 12:45:48 CEST 2012


Hi,

> you should get all infos you need from
> http://typo3.org/documentation/document-library/guides/doc_guide_security/current/

In particular look at the detect/analyze chapter:

http://typo3.org/documentation/document-library/guides/doc_guide_security/1.0.1/view/1/10/

This will give you hints about what code to look for inside the source 
code to track corrupted files. Very likely candidates are the 
localconf.php and index.php files.

But most importantly read the part about isolating the site. As long as 
you haven't found all entry points (and the origin of the attack (very 
like a SQL injection)), removing one is useless, the cracker will just 
use another one or use the same attack to gain access again.

HTH

-- 

Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch


More information about the TYPO3-english mailing list