[TYPO3-english] LTS 4.5.x and difference between the originally...

Katja Lampela katja.lampela at lieska.net
Tue Jul 9 13:08:18 CEST 2013

Hi and thanks Alessandro,

The strange thing is that the files that EM says to be different are 
core files, not extensions. I now referenced to older core, I got the 
difference alert away. The site is still infected though. Sucuri Malware 
labs tells this: Malware entry: MW:EXPLOITKIT:BLACKHOLE1

This is not necessarily at all originated from TYPO3 vulnerability, but 
the files can be infected anyway.

- Katja

9.7.2013 14.01, Alessandro Tuveri kirjoitti:
> Hi
> I suppose that TYPO3 do a checksum and discovers if an extension was
> modified; try yourself touching a file the go to the backend and check
> for new extensions.
> Maybe that some extension/plugin are corrupted due to the malware.
> If you have a SSH access try to run md5sum (linux command) to test the
> integrity. To do this, before install into another website (outside your
> server, eventually in your local machine) the same +ext and run md5sum,
> then compare the results.
> If needed reinstall all the +ext/plugin affected (obviously if you (in
> the past) have not modified some files intentionally for your needeings),.
> What kind of malware your web site is suffering?
> --------------------------------------
> Servizi WEeb d'Ateneo
> Universit? degli Studi di Udine
> tel. ufficio 0432-558904
> --------------------------------------
> Homo sine pecunia est imago mortis
> --------------------------------------
> ----------------------------------------------------------------------
> SEMEL (SErvizio di Messaging ELettronico) - AINF, Universita' di Udine

More information about the TYPO3-english mailing list