[TYPO3-core] heise.de: Hunderte Typo3-Webseiten gehackt

Stephan Großberndt s.grossberndt at sidebysite.de
Tue Mar 18 10:46:29 CET 2014


Hi,

there are reports on a german IT news page about hundreds of hacked 
TYPO3 sites. But as it seems all of them are using outdated versions 
(4.1, 4.2, 4.4, <4.5.32).

According to the article you can see you have been hacked if there is a 
main.php in the www-root-directory. Several "pages" are added to the 
sites promoting gambling. These links cannot be accessed directly, they 
are only visible from crawlers. So if you search your site on Google 
with gambling keywords, you get the results, if you try to access them, 
you get a "Page not found"-Error.

Nevertheless it is about outdated versions it would be good for 
publicity to have an official statement from TYPO3 pointing out these 
are outdated versions having known security issues and telling people to 
keep their TYPO3 installations up to date. This should be sent to 
heise.de so they can link there and keep it from spreading further into 
the internet.

Regards,
Stephan

(repost due to mail being rejected because of spam suspicion?)



More information about the TYPO3-team-core mailing list