Discussion:
[TYPO3-english] Typo3 4.5.2 Pharma Hack
Clay Sissing
2012-05-02 10:31:35 UTC
Permalink
Hi All,



I have a typo3 website that has been hacked with the Pharma Hack.

Does anybody have any information on how to detect what has been
infected and how to resolve it?



Any help would be most appreciated.



Kind Regards,

Clay Sissing
Georg Ringer
2012-05-02 10:35:53 UTC
Permalink
Hi,

you should get all infos you need from
http://typo3.org/documentation/document-library/guides/doc_guide_security/current/

georg
François Suter
2012-05-02 10:45:48 UTC
Permalink
Hi,
Post by Georg Ringer
you should get all infos you need from
http://typo3.org/documentation/document-library/guides/doc_guide_security/current/
In particular look at the detect/analyze chapter:

http://typo3.org/documentation/document-library/guides/doc_guide_security/1.0.1/view/1/10/

This will give you hints about what code to look for inside the source
code to track corrupted files. Very likely candidates are the
localconf.php and index.php files.

But most importantly read the part about isolating the site. As long as
you haven't found all entry points (and the origin of the attack (very
like a SQL injection)), removing one is useless, the cracker will just
use another one or use the same attack to gain access again.

HTH
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
Loading...