[TYPO3-english] Your browser version looks incompatible with this TYPO3 version!
Tobias Pierschel
tp at netinventors.de
Thu Nov 6 11:57:21 CET 2014
Hi Nellie,
i dont know a feature for automatic installations of plugins in TYPO3.
I think that the site or a plugin has a backdoor so that the attacker
can access your site and modify your scripts.
Perhaps the attacker has acces via FTP. So you should change all FTP
accounts.
To find the entry point for the attacker is a "needle in a haystack". I
would recomment:
* remove the code
* set the files to read only
* look at the server log files
then:
* setup a new installation - with the latest T3 Version
* install the requiered plugins
* backup and install the database
There are a lot more strategies.
Which TYPO3 Version is in use?
Best regards
Tobi
Am 06.11.2014 um 11:09 schrieb Nellie Payet:
> Hi evrybody, the problem is coming back :-/
> Our friend found a security flaw: our site authorized the automatic
> installation of plugins. He think that the hack comes by this way.
> A scan of all the files of our site revealed that there was 6 backdoors.
> We deleted them... but it did not solve the problem either :-/
>
> A new unwanted file (with different names) comes every 3 or 4 hours in
> the folder "typo3conf". In this folder, when we open the script of the
> file "localconfiguration.php", we often find a new code line at the
> first position, just before:
>
> <?php
> return array(
> 'BE' => array(
>
> This line is the new unwanted file... so we delete the line, save the
> script, come back to the folder and delete the file... but it doesn't
> works. the file (and the line in the script) comes again and again...
>
> Big thanks in advance to those who can help us !
>
> Tobias, don't you have the same problem ?
>
> Nellie & François
More information about the TYPO3-english
mailing list