Security Problem found?

Found a bug? Tell us!!
Post Reply
amarradi
Regular
Posts: 61
Joined: Sun Oct 14, 2007 8:52 pm
Contact:

Security Problem found?

Post by amarradi » Mon Feb 28, 2011 9:45 pm

Hello together, :!: :!:

my Webhoster locked my Account, because the Account contains phishing code. Thanks a lot at alfahosting.de

In the following directories did i found some php code which redirect the user to an phishing-Page

/atoms/.ppl.com.php
/uploads/.loy.com.php

The log-file are full of .loy.php-entries. Is there an known issue about this?
Can everyone help me?

User avatar
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: Security Problem found?

Post by Timbalu » Tue Mar 01, 2011 8:59 am

Yes, it is strongly recommended to upgrade to latest Serendipity release version, since there were third party security issues. Please read the Announcement section of this forum under http://blog.s9y.org/archives/224-Import ... eased.html and following links and notes carefully ...

There were also several notes on how and where to check if there are any other hacked files in other threads. Have a forum search look by your own with searchtopics upgrade / htmlarea.

There might also be a need to abo http://blog.s9y.org/feeds/categories/1- ... ements.rss to keep in touch with unwanted but always posssible future vulnerables more quickly.

About these two files. Delete them before upgrading and check if there are some more.

Good luck.
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian

User avatar
garvinhicking
Core Developer
Posts: 30020
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Security Problem found?

Post by garvinhicking » Tue Mar 01, 2011 2:26 pm

Hi!

Also check what the /atoms/ directory contains? This is not a directory that usually comes with serendpity...

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

Post Reply