Security Problem found?

[amarradi]

Hello together,

my Webhoster locked my Account, because the Account contains phishing code. Thanks a lot at alfahosting.de

In the following directories did i found some php code which redirect the user to an phishing-Page

/atoms/.ppl.com.php
/uploads/.loy.com.php

The log-file are full of .loy.php-entries. Is there an known issue about this?
Can everyone help me?

[Timbalu]

Yes, it is strongly recommended to upgrade to latest Serendipity release version, since there were third party security issues. Please read the Announcement section of this forum under http://blog.s9y.org/archives/224-Import ... eased.html and following links and notes carefully ...

There were also several notes on how and where to check if there are any other hacked files in other threads. Have a forum search look by your own with searchtopics upgrade / htmlarea.

There might also be a need to abo http://blog.s9y.org/feeds/categories/1- ... ements.rss to keep in touch with unwanted but always posssible future vulnerables more quickly.

About these two files. Delete them before upgrading and check if there are some more.

Good luck.

[garvinhicking]

Hi!

Also check what the /atoms/ directory contains? This is not a directory that usually comes with serendpity...

Regards,
Garvin