[TYPO3-core] heise.de: Hunderte Typo3-Webseiten gehackt
Marcus Krause
marcus.krause at typo3.org
Thu Mar 20 14:18:38 CET 2014
Hey,
Am Thu, 20 Mar 2014 12:50:32 +0100
schrieb Alexander Opitz <opitz at pluspol.info>:
> Hi,
>
> one infacted system showed 2 backdors
>
> [...]
>
> The upload was with hacked ftp-accounts or TYPO3 backend accounts.
>
> More information in german =>
> http://www.heise.de/security/news/foren/S-Re-Bei-einem-betroffenem-System/forum-276587/msg-24948094/read/
Which version of TYPO3 CMS core had been used when the infection
happened?
Were there any TYPO3 extensions installed which were outdated and
missed security updates?
You wrote, TYPO3 backend logins were used. Was the username a generic
one like admin or a not guessable name?
In the latter case, how did someone get hold of the account name(s)?
How many attemps were made until TYPO3 BE login succeeded?
Please reply to security(at)typo3.org !
Thanks for your help.
--
Marcus Krause
TYPO3 Security Team
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list