[TYPO3-english] LTS 4.5.x and difference between the originally...
Katja Lampela
katja.lampela at lieska.net
Tue Jul 9 13:08:18 CEST 2013
Hi and thanks Alessandro,
The strange thing is that the files that EM says to be different are
core files, not extensions. I now referenced to older core, I got the
difference alert away. The site is still infected though. Sucuri Malware
labs tells this: Malware entry: MW:EXPLOITKIT:BLACKHOLE1
This is not necessarily at all originated from TYPO3 vulnerability, but
the files can be infected anyway.
- Katja
9.7.2013 14.01, Alessandro Tuveri kirjoitti:
> Hi
> I suppose that TYPO3 do a checksum and discovers if an extension was
> modified; try yourself touching a file the go to the backend and check
> for new extensions.
>
> Maybe that some extension/plugin are corrupted due to the malware.
>
> If you have a SSH access try to run md5sum (linux command) to test the
> integrity. To do this, before install into another website (outside your
> server, eventually in your local machine) the same +ext and run md5sum,
> then compare the results.
>
> If needed reinstall all the +ext/plugin affected (obviously if you (in
> the past) have not modified some files intentionally for your needeings),.
>
> What kind of malware your web site is suffering?
>
>
> ALESSANDRO TUVERI
>
> --------------------------------------
> AREA SERVIZI INFORMATICI E MULTIMEDIALI
> Servizi WEeb d'Ateneo
> Universit? degli Studi di Udine
> tel. ufficio 0432-558904
> --------------------------------------
> Homo sine pecunia est imago mortis
> --------------------------------------
>
> ----------------------------------------------------------------------
> SEMEL (SErvizio di Messaging ELettronico) - AINF, Universita' di Udine
>
>
More information about the TYPO3-english
mailing list