[TYPO3-english] Have I been hacked? Please help.
Jigal van Hemert
jigal at xs4all.nl
Sat Mar 19 18:29:53 CET 2011
Hi,
On 19-3-2011 18:02, Thomas "Thasmo" Deinhamer wrote:
> Andreas Becker wrote:
>> How to get access to the backend you can contact me via PM. IMHO it
>> is not good to discuss this here on the list as actually everyone
>> can already read how to get inside TYPO3 if the developers and site
>> adminstrators don't take at least common security measures into
>> account.
There is plenty of information around how to take the common security
measures. The TYPO3 installation warns for many common security problems
(default admin account, default install tool password, etc.) in various
places in the backend. If you still leave those things open it's not
anything which cannot be discussed in public places.
If you know of ways to get access to installations which have the normal
security measure taken into account you should report this ASAP to the
TYPO3 security team and not discuss it with anybody else.
> Does that mean there are ways to get into the backend without having
> the login credentials?
>
> Or why would it be a secret or unwise to tell here?
It's not a real secret and it will only work if you have ftp or ssh
access with enough rights to create and modify certain files. This is a
pretty normal procedure IMO and not a trade secret. It used to be part
of the old installation method, until a more user friendly installer
(and for 4.6 there is a project to overhaul the whole install tool) was
created.
In order to get access to your backend you can use the install tool to
create a new admin user (this is a normal option in the install tool).
To get access to your install tool there must be a file named
ENABLE_INSTALL_TOOL in the typo3conf directory and the file may not be
older than 1 hour. If your install tool password doesn't work you can
edit the typo3conf/localconf.php file and set an MD5-hash of the desired
Install Tool password in that file.
As you can see, this requires that you have access to these files and
enough rights to create and/or modify them.
If your installation is hacked it would be best to reinstall the entire
server from scratch and restore the database and certain user files
(images, etc.) from backups (after manually checking them for signs of
hacks).
The next best thing is to change each and every password in your
installation (control panel, root password, FTP, SSH, database, install
tool, BE users, etc.). Because it happens rather frequently that login
information is harvested from infected computers, all users who have
some form of backend or server access should have all their computers
checked for malware.
--
Kind regards / met vriendelijke groet,
Jigal van Hemert.
More information about the TYPO3-english
mailing list