[TYPO3-english] virus/worm on Typo3 installation.
max
max at oblady.Com
Mon Jan 12 13:26:20 CET 2009
Hi !
Nothing to do with typo3, but it may help - I've had a similar case
with a customer :
A windows pc was infected and use a ftp connection with login/pass
registered to uploads the worm on the server.
Have a look at the ftp server logs if any and think changing passwords.
Maxime Fauquemberg
http://www.oblady.com
Le lundi 12 janvier 2009 à 14:12 +0200, Dmitry Dulepov a écrit :
> Hi!
>
> Asbjørn Morell wrote:
> > When I open my homepage Avast antivirus gives me a warning:
> >
> > Access blocked to:
> > whitebiz.vn
> > wertionase.com
> >
> > I looked at the html source and there is some encrypted javascript at
> > the bottom. (see below) This can't be good. I tried replacing the Typo3
> > dir with a fresh source and cleared backend and frontend case. Any ideas
> > wgere this is coming from? The webserver is hosted at servage.com
>
> Check your templates, TS, etc. It definitely does not come from the core. Most likely you have an easy BE password or bad file system permissions, or 3rd party script that allows execution of the external files in server context, etc.
>
> In other words, search for the security problems on the server.
>
> --
> Dmitry Dulepov
> TYPO3 core team
>
> Mr. Harris: People say that you were the last person to speak with Jordon...
> Is that true?
> Cameron: I don't know. Are you asking me if people say I was the last person
> to talk to Jordon? Or are you asking me if I was the last person
> to talk to her?
> Mr. Harris: I guess I'm asking if you were.
> Cameron: I don't know.
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list