[TYPO3-core] heise.de: Hunderte Typo3-Webseiten gehackt

[bernd wilke]

Am 18.03.14 10:46, schrieb Stephan Großberndt:
> Hi,
>
> there are reports on a german IT news page about hundreds of hacked
> TYPO3 sites. But as it seems all of them are using outdated versions
> (4.1, 4.2, 4.4, <4.5.32).

so the article was updated, teh update just stated that also 
TYPO3-versions below 4.5 are effected.

but in the comments to the article other people have found:
there are newer versions involved. someone found a 6.1, I found a 4.6 
(from a TYPO3 usergroup (!) :(( )

but also there are some sites which does not host a TYPO3 at all.
First google-result from the example search given in the article is a 
fiona CMS.

> According to the article you can see you have been hacked if there is a
> main.php in the www-root-directory. Several "pages" are added to the
> sites promoting gambling. These links cannot be accessed directly, they
> are only visible from crawlers. So if you search your site on Google
> with gambling keywords, you get the results, if you try to access them,
> you get a "Page not found"-Error.

the casino advertising can be seen either with a google useragent or 
with a google referer (e.g. link from a google searchresult)

> Nevertheless it is about outdated versions it would be good for
> publicity to have an official statement from TYPO3 pointing out these
> are outdated versions having known security issues and telling people to
> keep their TYPO3 installations up to date. This should be sent to
> heise.de so they can link there and keep it from spreading further into
> the internet.

it would be good to know how the intrusion has been done.
then there could be a fix to the hole, whereever it is. (probably not TYPO3)
otherwise, as stefan stated, it is a lot of FUD.
and any official TYPO3 statement would look like a lame excuse.

bernd
-- 
http://www.pi-phi.de/cheatsheet.html