[TYPO3-english] Looking for typo3_src-4.0.2.tar.gz

Wiel, J.A.M. van de j.a.m.v.d.wiel at tue.nl
Thu Apr 9 10:32:30 CEST 2009


Hi Martin,
In my somewhat limited experience on security matters, it seems that code doesn't usually get altered. The hacker exploits a bug which allows him to execute some of his own code. This could be anything from a prepared SQL statement to dropping an executable file in /tmp or somewhere else. I once fell victim to such an attack and found that the Apache user account was now running some kind of IRC flood bot from a hidden directory beneath /var/tmp and had modified the www-user's crontab. The code of the application running on this machine (not TYPO3) was unchanged, but it turned out it did have an exploitable flaw which allowed the attacker enough access to turn my machine into a spambot. 

Bas

________________________________________
From: typo3-english-bounces at lists.netfielders.de [typo3-english-bounces at lists.netfielders.de] On Behalf Of Martin Bless [m.bless at gmx.de]
Sent: Thursday, April 09, 2009 9:48 AM
To: typo3-english at lists.netfielders.de
Subject: Re: [TYPO3-english] Looking for typo3_src-4.0.2.tar.gz

[Christian Kuhn] wrote & schrieb:

>Martin Bless wrote:
>> I'm looking for a typo3_src-4.0.2.tar.gz file.

>You could check out svn from forge, look into the tags directory.
>
>http://forge.typo3.org/repositories/browse/typo3v4-core/tags


FYI: Yes, I grabbed the svn files but had to realize that a lot of
files have different version marks in the code. It took some time
until I remembered the most obvious way to find the original source
package: I used Google and searched for the exact filename. And
indeed, its still available from sourceforge:
http://mesh.dl.sourceforge.net/sourceforge/typo3/typo3_src-4.0.2.tar.gz

BTW, the comparison gave no hints on hacked code.

Martin

--
http://mbless.de
_______________________________________________
TYPO3-english mailing list
TYPO3-english at lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english


More information about the TYPO3-english mailing list