[TYPO3-english] Typo3 4.5.2 Pharma Hack
François Suter
fsu-lists at cobweb.ch
Wed May 2 12:45:48 CEST 2012
Hi,
> you should get all infos you need from
> http://typo3.org/documentation/document-library/guides/doc_guide_security/current/
In particular look at the detect/analyze chapter:
http://typo3.org/documentation/document-library/guides/doc_guide_security/1.0.1/view/1/10/
This will give you hints about what code to look for inside the source
code to track corrupted files. Very likely candidates are the
localconf.php and index.php files.
But most importantly read the part about isolating the site. As long as
you haven't found all entry points (and the origin of the attack (very
like a SQL injection)), removing one is useless, the cracker will just
use another one or use the same attack to gain access again.
HTH
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
More information about the TYPO3-english
mailing list